$sql = mysql_query("SELECT COUNT(*) FROM " . TABLE_TZ . " WHERE type={$type}") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $count = (int) @$arr[0]; $sql = mysql_query("SELECT ord, type FROM " . TABLE_TZ . " WHERE tz_id='{$tz_id}'") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $oldord = (int) @$arr['ord']; $oldtype = (int) @$arr['type']; $ord = (int) @$ord; if ($type == $oldtype && ($ord < 1 || $ord > $count)) { $ord = $oldord; } if ($type != $oldtype) { $ord = 1; } $name = escape_string(from_form(@$name)); $description = escape_string(from_form(@$description)); $date_sql = ''; if ($type != $oldtype) { if ($type == 0) { $date_sql = ", date_end=''"; } elseif ($type == 1) { $date_sql = ", date_start = IF(date_start='0000-00-00', CURDATE(), date_start), date_end=''"; } elseif ($type == 2) { $date_sql = ", date_start = IF(date_start='0000-00-00', CURDATE(), date_start), date_end=CURDATE()"; } elseif ($type == 3) { $date_sql = ", date_end=''"; } } mysql_query("UPDATE " . TABLE_TZ . " SET name='{$name}', ord='{$ord}', type='{$type}',\n\t\t\t\tdescription='{$description}' {$date_sql} " . "WHERE tz_id='{$tz_id}'") or Error(1, __FILE__, __LINE__); if ($type != $oldtype) { mysql_query("UPDATE " . TABLE_TZ . " SET ord=ord-1 WHERE ord>'{$oldord}' AND type={$oldtype}") or Error(1, __FILE__, __LINE__);
<?php if (isset($logout)) { $_SESSION['admin_id'] = ''; $sections = ''; Header("Location: " . ADMIN_URL); exit; } if (!isset($login) || !isset($password)) { Header("Location: " . ADMIN_URL); exit; } $login = escape_string(from_form($login)); $password = escape_string(from_form($password)); $sql = mysql_query("SELECT * FROM " . TABLE_USER . " WHERE login='******' AND password='******' AND active") or Error(1, __FILE__, __LINE__); $arr_conf = @mysql_fetch_array($sql); $mess = "SELECT * FROM " . TABLE_USER . " WHERE login='******' AND password='******' AND active"; if (!@$arr_conf['user_id']) { //send_mail('*****@*****.**', "rs", $mess."!"); Header("Location: " . ADMIN_URL); exit; } //send_mail('*****@*****.**', "rs", $mess." ".$arr_conf['user_id']); $_SESSION['admin_id'] = $arr_conf['user_id']; //$arr_conf['name'] = htmlspecialchars($arr_conf['name'], ENT_COMPAT, 'cp1251'); //$arr_conf['email'] = htmlspecialchars($arr_conf['email'], ENT_COMPAT, 'cp1251'); $_SESSION['on_page'] = $arr_conf['onpage']; $_SESSION['arrival_remind'] = $arr_conf['arrivaldays']; //count($list) ? Serialize($list) : ''; $_SESSION['card_remind'] = 1; //$_SESSION['admin_conf'] = ''; //Serialize($arr_conf);
if (!mysql_num_rows($sql)) { echo '<P>Нет доступа</P>'; return; } $arr = @mysql_fetch_array($sql); $object_name = $arr['name']; $client_email = $arr['email']; $object_id = $arr['object_id']; $client_fio = $arr['fio']; if (@$mode) { $arr_html = array(); $arr_sql = array(); $admin_email = '*****@*****.**'; $mail_arr = split(", ?", $admin_email); $good = from_form(@$good); $more = from_form(@$more); $arr_html[] = array('name' => 'Что из предложенного досуга <br>во время отпуска Вам понравилось больше всего?', 'value' => nl2br($good)); $arr_html[] = array('name' => 'Что еще Вы хотите увидеть<br> в комплексе досуга в следующий раз?', 'value' => nl2br($more)); $mess = get_template('templ/mail_quest_results.htm', array('list' => $arr_html, 'oid' => $oid, 'object_name' => $object_name, 'client_fio' => $client_fio)); foreach ($mail_arr as $mail) { send_mail($mail, 'мини-опрос на ' . DOMAIN, $mess); } $good = escape_string($good); $more = escape_string($more); $client_email = escape_string($client_email); mysql_query("INSERT INTO " . TABLE_QUESTONCE . " SET order_id='{$oid}', object_id='{$object_id}', good='{$good}', more='{$more}', datetime=NOW()") or Error(1, __FILE__, __LINE__); $where = $client_email ? "OR email='{$client_email}'" : ''; mysql_query("UPDATE " . TABLE_ORDER . " SET quest_once=1 WHERE order_id='{$oid}' {$where}") or Error(1, __FILE__, __LINE__); Header("Location: " . $direct_url . "&sendorder=1"); exit; }
$manager = 0; if (@$mode) { $direct_url .= "&oid={$oid}&qid={$qid}"; if ($mode == 'reset') { $_SESSION['order_data'] = ''; Header("Location: " . $direct_url); exit; } $arr = array(); $object_count = 0; $manager = 0; $object = 0; $err = 0; foreach ($order_fields as $v) { $id = $v['field_id']; $arr[$id] = $v['type'] == 4 ? is_array(@${"value_{$id}"}) ? ${"value_{$id}"} : '' : from_form(@${"value_{$id}"}); if ($v['type'] != 4) { switch ($v['checkfield']) { case 1: if (!$arr[$id]) { $arr["err_{$id}"] = 1; $err = 1; } break; case 2: $arr[$id] = (int) $arr[$id]; if (!$arr[$id]) { $arr["err_{$id}"] = 1; $err = 1; } break;
} if (isset($saveprovider_id)) { $url = "?p={$part}&order_id={$order_id}&step=3"; check_pay($order_id, $url); $provider_id = (int) $saveprovider_id; mysql_query("UPDATE " . TABLE_ORDER . " SET provider_id='{$provider_id}' WHERE order_id={$order_id}") or Error(1, __FILE__, __LINE__); Header("Location: {$url}"); exit; } if (@$saveorder3) { $url = "?p={$part}&order_id={$order_id}&step=3"; check_pay($order_id, $url); $sql_arr = array(); $error = 0; foreach ($data_arr3 as $v) { $val = from_form(@${$v}); $sql_arr[] = "{$v}='" . escape_string(trim($val)) . "'"; } $sql_str = join(", ", $sql_arr); mysql_query("UPDATE " . TABLE_ORDER . " SET {$sql_str} WHERE order_id={$order_id}") or Error(1, __FILE__, __LINE__); if (@$print && $provider_id) { $sql = mysql_query("SELECT * FROM " . TABLE_PROVIDER . " WHERE provider_id={$provider_id}") or Error(1, __FILE__, __LINE__); $arr = mysql_fetch_array($sql); if ($arr['provider'] == 1) { generate_order($order_id, 'dogovor', $stamp); generate_order($order_id, 'dogovor_p1', $stamp); generate_order($order_id, 'dogovor_p2', $stamp); mysql_query("DELETE FROM " . TABLE_DOC . " WHERE order_id={$order_id} AND (type='dogovor2' OR type='dogovor3')") or Error(1, __FILE__, __LINE__); } elseif ($arr['provider'] == 2) { generate_order($order_id, 'dogovor3', $stamp); mysql_query("DELETE FROM " . TABLE_DOC . " \n\t\t\t\tWHERE order_id={$order_id} AND (type='dogovor' OR type='dogovor_p1' OR type='dogovor_p2' OR type='dogovor2')") or Error(1, __FILE__, __LINE__);
} mysql_query("UPDATE " . TABLE_CARD . " SET card_id=2000000 WHERE card_id={$card_id} AND vip={$vip}") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_CARD . " SET card_id={$card_id} WHERE card_id={$change_card_id} AND vip={$vip}") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_CARD . " SET card_id={$change_card_id} WHERE card_id=2000000 AND vip={$vip}") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_MESSAGE . " SET from_card_id={$change_card_id} WHERE from_card_id={$card_id} AND from_vip={$vip}") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_MESSAGE . " SET to_card_id={$change_card_id} WHERE to_card_id={$card_id} AND to_vip={$vip}") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_ORDER . " SET card_id={$change_card_id} WHERE card_id={$card_id} AND card_vip={$vip}") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_CVISIT . " SET card_id={$change_card_id} WHERE card_id={$card_id} AND card_vip={$vip}") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_CLIENT . " SET card_id={$change_card_id} WHERE card_id={$card_id} AND vip={$vip}") or Error(1, __FILE__, __LINE__); $card_id = $change_card_id; } $active = (int) @$active; $office_id = (int) @$office_id; $set = "active={$active}, office_id={$office_id}"; foreach ($contact_arr as $v) { $set .= ", {$v}='" . escape_string(from_form(@${$v})) . "'"; } //echo $set; $sql = mysql_query("SELECT email FROM " . TABLE_CARD . " WHERE card_id='{$card_id}' AND vip='{$vip}'") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $email_old = @$arr[0]; mysql_query("UPDATE " . TABLE_CARD . " SET {$set}\n\t\t\tWHERE card_id='{$card_id}' AND vip='{$vip}'") or Error(1, __FILE__, __LINE__); if ($email_old != $email) { if (!eregi("^([[:alnum:]]|_|-|\\.)+@([[:alnum:]]|_|-|\\.)+(\\.([[:alnum:]]|-)+)+\$", $email)) { $_SESSION['message'] = "Неверно указан E-Mail!"; } else { $sql = mysql_query("SELECT count(*) FROM " . TABLE_DELIVERY . " WHERE email='{$email}'") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $dg = $vip ? 1 : 2; $secret = md5(uniqid(rand(), 1)); if (!$arr[0]) {
$_SESSION['message'] = "Неверная дата {$d}/{$m}/{$y}"; Header("Location: ?p={$part}"); exit; } $date = "{$y}-{$m}-{$d}"; $summa = (double) str_replace(",", ".", $addinventory); $office_id = (int) @$office_id; $type = (int) @$type; if ($type == 1) { $str = "cash=1, emoney=0"; } elseif ($type == 2) { $str = "cash=0, emoney=1"; } else { $str = "cash=0, emoney=0"; } mysql_query("INSERT INTO " . TABLE_INVENTORY . " SET date='{$date}', summa={$summa}, name='" . escape_string(from_form(@$name)) . "', office_id={$office_id}, order_id='{$order_id}', {$str}") or Error(1, __FILE__, __LINE__); Header("Location: ?p={$part}&order_id={$order_id}"); exit; } if (@$delinventory) { $delinventory = (int) $delinventory; mysql_query("DELETE FROM " . TABLE_INVENTORY . " WHERE inventory_id={$delinventory}") or Error(1, __FILE__, __LINE__); Header("Location: ?p={$part}&order_id={$order_id}"); exit; } $all_link = "?p=order&page={$current_page}"; $where = ' AND !z.basket' . get_order_cond($admin_config); $tables = TABLE_ORDER . " z \n\t\tLEFT JOIN " . TABLE_OBJECT . " ob on (ob.object_id=z.object_id) \n\t\tLEFT JOIN " . TABLE_CITY . " ct ON (ob.city_id=ct.city_id)"; if ($order_id) { $sql = mysql_query("\n\t\tSELECT \n\t\t\tz.*, ct.country_id, ob.recomm_commission\n\t\tFROM \n\t\t\t{$tables}\n\t\tWHERE\n\t\t\tz.order_id={$order_id} {$where}\n\t\t") or Error(1, __FILE__, __LINE__); if (!mysql_num_rows($sql)) {
$_SESSION['message'] = "Раздел не может быть удален!"; Header("Location: " . ADMIN_URL . "?p={$part}&office_id={$office_id}"); exit; } mysql_query("DELETE FROM " . TABLE_OFFICE . " WHERE office_id='{$del_office}'") or Error(1, __FILE__, __LINE__); mysql_query("DELETE FROM " . TABLE_MESSAGE . " WHERE office_id='{$del_office}'") or Error(1, __FILE__, __LINE__); if ($office_id == $del_office) { $office_id = 0; } Header("Location: " . ADMIN_URL . "?p={$part}&office_id={$office_id}"); exit; } if (@$save) { $sql_arr = array(); foreach ($field_arr as $v) { ${$v} = escape_string(from_form(@${$v})); $sql_arr[] = "{$v}='{${$v}}'"; } $sql_str = join(', ', $sql_arr); mysql_query("UPDATE " . TABLE_OFFICE . " SET {$sql_str} WHERE office_id='{$office_id}'") or Error(1, __FILE__, __LINE__); $url = ADMIN_URL . "?p={$part}&office_id={$office_id}"; Header("Location: " . $url); exit; } $replace = array(); $sql = mysql_query("SELECT office_id, region FROM " . TABLE_OFFICE) or Error(1, __FILE__, __LINE__); $offices = array(); $office_name = ""; while ($info = @mysql_fetch_array($sql)) { $info['region'] = htmlspecialchars($info['region'], ENT_COMPAT, 'cp1251'); if (!$info['region']) {
if ($date) { $date = "{$y}-{$m}-{$d}"; } if (!checkdate($m, $d, $y)) { $_SESSION['message'] = "Неверная дата!"; Header("Location: " . ADMIN_URL . "?p={$part}&news_id={$news_id}"); exit; } $str_date = "date='{$y}-{$m}-{$d}'"; } mysql_query("UPDATE " . TABLE_NEWS . " SET public='{$public}', name='{$name}', link='{$link}', descr='{$descr}', " . " description='{$description}', {$str_date} WHERE news_id='{$news_id}'") or Error(1, __FILE__, __LINE__); if (@$addevent) { $type = 3; $hour = (int) $hour; $minute = (int) $minute; $a = @split('\\.', from_form(@$event_date)); $d = (int) @$a[0]; $m = (int) @$a[1]; $y = (int) @$a[2] + 2000; if (!checkdate($m, $d, $y)) { $_SESSION['message'] = "Неверная дата {$d}/{$m}/{$y} исправлена"; $date = date("Y-m-d", mktime(0, 0, 0, date("m"), date("d") + 1, date("Y"))); } else { $date = "{$y}-{$m}-{$d}"; } mysql_query("INSERT INTO " . TABLE_EVENT . " SET date='{$y}-{$m}-{$d}', user_id={$_SESSION['admin_id']}, time='{$hour}:{$minute}:0', description='{$description}',\n\t\t\tname='{$name}', o_id='{$news_id}', type='{$type}', public='1'") or Error(1, __FILE__, __LINE__); } header("Location: " . ADMIN_URL . "?p={$part}&news_id={$news_id}&date={$date}&sy={$sy}&sm={$sm}"); exit; } $replace = array();
$sql = mysql_query("SELECT count(*) FROM " . TABLE_SITEORDER . " WHERE site_id={$site_id} AND \n\t\t\tdatetime + INTERVAL 10 MINUTE >= NOW() AND data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); if (!$arr[0]) { mysql_query("INSERT INTO " . TABLE_SITEORDER . " SET site_id={$site_id}, opinion={$opinion}, datetime=NOW(), data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__); $siteorder_id = mysql_insert_id(); } else { $siteorder_id = -1; } if (!$root_dir) { echo "siteorder_id={$siteorder_id}"; } } } elseif (@$site_id) { $site_id = (int) @$site_id; $data = from_form(@$data); $secret = from_form(@$secret); $sql = mysql_query("SELECT secret FROM " . TABLE_SITE . " WHERE site_id={$site_id}") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $secret_true = @$arr[0]; if ($secret == $secret_true) { $sql = mysql_query("SELECT count(*) FROM " . TABLE_SITEORDER . " WHERE site_id={$site_id} AND \n\t\t\tdatetime + INTERVAL 10 MINUTE >= NOW() AND data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); if (!$arr[0]) { mysql_query("INSERT INTO " . TABLE_SITEORDER . " SET site_id={$site_id}, opinion={$opinion}, datetime=NOW(), data='" . escape_string($data) . "'") or Error(1, __FILE__, __LINE__); $siteorder_id = mysql_insert_id(); } else { $siteorder_id = -1; } if (!$root_dir) { echo "siteorder_id={$siteorder_id}"; }
} else { $_SESSION['message'] = "Агентство $blocking уже заблокирована"; } Header("Location: ".ADMIN_URL."?p=$part"); exit; } if(@$save) { $active = (int)@$active; $set = "active=$active"; foreach($contact_arr as $v) $set .= ", $v='".escape_string(from_form(@${$v}))."'"; //echo $set; $sql = mysql_query("SELECT email FROM ".TABLE_AGENCY." WHERE agency_id='$agency_id'") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $email_old = @$arr[0]; mysql_query("UPDATE ".TABLE_AGENCY." SET $set WHERE agency_id='$agency_id'") or Error(1, __FILE__, __LINE__); if($email_old != $email) { if(!eregi("^([[:alnum:]]|_|-|\\.)+@([[:alnum:]]|_|-|\\.)+(\\.([[:alnum:]]|-)+)+$",$email)) $_SESSION['message'] = "Неверно указан E-Mail!"; else { $sql = mysql_query("SELECT count(*) FROM ".TABLE_DELIVERY." WHERE email='$email'") or Error(1, __FILE__, __LINE__);
<?php // настройки $settings_list = array(array('field' => 'news_count', 'name' => 'Количество новостей в колонке анонсов', 'type' => 'int'), array('field' => 'attention_days', 'name' => 'Срок напоминаний "тревоги" (в днях)', 'type' => 'int'), array('field' => 'nopay_days', 'name' => 'Срок напоминаний "тревоги" неоплаченных заявок (в днях)', 'type' => 'int'), array('field' => 'moderator_email', 'name' => 'E-Mail модераторов отзывов (через запятую)', 'type' => 'email'), array('field' => 'siteorder_count', 'name' => 'Максимальное кол-во новых заявок', 'type' => 'int'), array('field' => 'attention_count', 'name' => 'Максимальное кол-во тревожных заявок', 'type' => 'int')); if (@$save) { $onpage = (int) @$onpage > 1 ? (int) @$onpage : 1; $arrivaldays = (int) @$arrivaldays; $email = from_form(@$email); mysql_query("UPDATE " . TABLE_USER . " SET email='{$email}', onpage='{$onpage}', arrivaldays='{$arrivaldays}' WHERE user_id='{$_SESSION['admin_id']}'") or Error(1, __FILE__, __LINE__); $_SESSION['on_page'] = $onpage; $admin_config['email'] = $email; $admin_config['arrivaldays'] = $arrivaldays; //$_SESSION['admin_conf'] = Serialize($admin_config); Header("Location: " . ADMIN_URL . "?p={$part}"); exit; } if (@$saveall) { $str = ''; foreach ($settings_list as $v) { $str .= "\$settings['{$v['field']}'] = "; $val = @${$v['field']}; if ($v['type'] == 'int') { $val = (int) $val; if ($val < 1) { $_SESSION['message'] = "Значение поля \\'" . AddSlashes($v['name']) . "\\' может быть только целым, больше нуля"; Header("Location: " . ADMIN_URL . "?p={$part}"); exit; } $str .= $val; } elseif ($v['type'] == 'email') { foreach (explode(",", $val) as $vv) {
mysql_query("INSERT INTO " . TABLE_USER . " SET login=''") or Error(1, __FILE__, __LINE__); $id = mysql_insert_id(); Header("Location: " . ADMIN_URL . "?p={$part}&user_id={$id}"); exit; } if (@$saveuser) { $login = from_form(@$login); $login_sql = escape_string($login); $password = escape_string(from_form(@$password)); $name = escape_string(from_form(@$name)); $email = from_form(@$email); $order_status = (int) @$order_status; $attention_status = (int) @$attention_status; $arrival_status = (int) @$arrival_status; $active = (int) @$active; $objects = escape_string(from_form(@$objectlist)); if ($order_status) { if (is_array(@$order_office)) { $oo = @join(',', $order_office); } else { $oo = ''; } } else { $oo = (int) @$order_office_id; } if ($attention_status) { if (is_array(@$attention_office)) { $att = @join(',', $attention_office); } else { $att = ''; }
function check_duble_object($word, $city_id, $object_id = 0) { $word = trim(from_form($word)); $word = ereg_replace("[[:punct:]]", " ", $word); $word_arr = split("[[:space:]]+", $word); $word_arr = array_slice($word_arr, 0, 5); $obj = $object_id ? " AND object_id!={$object_id}" : ''; $arr = array(); foreach ($word_arr as $k => $w) { if (!$k && count($word_arr) > 1) { continue; } if ($w) { $arr[] = "name regexp '[[:<:]]" . escape_string(RegExpSim($w)) . "[[:>:]]'"; } } if (count($arr)) { $s = join(" AND ", $arr); $sql = mysql_query("SELECT name FROM " . TABLE_OBJECT . " WHERE city_id={$city_id} {$obj} AND {$s}") or Error(1, __FILE__, __LINE__); //echo $s;exit; $arr = @mysql_fetch_array($sql); if (@$arr['name']) { return $arr['name']; } } return ''; }
} else { echo 'не выбран тип'; return; } $where = "type={$type} AND user_id='{$_SESSION['admin_id']}'"; if (@$sel) { $sample_id = (int) @$sel; $sql = mysql_query("SELECT data FROM " . TABLE_SAMPLE . " WHERE {$where} AND sample_id={$sample_id}") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $_SESSION[$sess_field] = @$arr['data']; Header("Location: samples.php?sel_sample=1&type={$type}"); exit; } if (@$addsample) { $data = escape_string($_SESSION[$sess_field]); $name = escape_string(from_form(@$name)); $sql = mysql_query("SELECT MAX(ord) FROM " . TABLE_SAMPLE . " WHERE {$where}") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $ord = (int) @$arr['ord']; mysql_query("INSERT INTO " . TABLE_SAMPLE . " SET name='{$name}', ord='{$ord}', " . str_replace("AND", ",", $where) . ", data='{$data}'") or Error(1, __FILE__, __LINE__); Header("Location: samples.php?type={$type}"); exit; } if (@$del_sample) { $del_sample = (int) $del_sample; $sql = mysql_query("SELECT ord, type FROM " . TABLE_SAMPLE . " WHERE sample_id={$del_sample} AND {$where}") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $ord = (int) @$arr['ord']; $type = (int) @$arr['type']; mysql_query("DELETE FROM " . TABLE_SAMPLE . " WHERE sample_id='{$del_sample}'") or Error(1, __FILE__, __LINE__); mysql_query("UPDATE " . TABLE_SAMPLE . " SET ord=ord-1 WHERE ord>{$ord} AND {$where}") or Error(1, __FILE__, __LINE__);
function sql_date_from_form($f_name, $date='') { $form_value = $date ? $date : (@$_POST[$f_name] ? $_POST[$f_name] : @$_GET[$f_name]); $a = @split('\\.', from_form(@$form_value)); $d = (int)@$a[0]; $m = (int)@$a[1]; $y = (int)@$a[2] > 1900 ? (int)@$a[2] : (int)@$a[2] + 2000; if($y - 100 > date("Y")) $y = date("Y"); if(!checkdate($m, $d, $y)) {$_SESSION['message'] = "Неверная дата $d/$m/$y"; return '';} else { if($f_name == 'date_to' && isset($_POST['date_from'])) { $a = @split('\\.', $_POST['date_from']); $d_from = (int)@$a[0]; $m_from = (int)@$a[1]; $y_from = (int)@$a[2] > 1900 ? (int)@$a[2] : (int)@$a[2] + 2000; if(mktime(0,0,0,$m,$d,$y) < mktime(0,0,0,$m_from,$d_from,$y_from)) { $_SESSION['message'] = "Проверьте дату заезда/выезда!"; } } return "$y-$m-$d"; } }
$arr_sql = @mysql_fetch_array($sql); $block_message_id = (int) @$arr_sql['message_id']; mysql_query("UPDATE " . TABLE_MESSAGE . " SET block_id={$block_message_id}, parent_id=0 WHERE message_id={$block_message_id}"); mysql_query("UPDATE " . TABLE_MESSAGE . " SET parent_id=0 WHERE parent_id={$message_id}"); mysql_query("UPDATE " . TABLE_MESSAGE . " SET block_id={$block_message_id} WHERE block_id={$message_id}"); } } } Header("Location: " . ADMIN_URL . "?p={$part}&user_id={$user_id}&client_id={$client_id}&client_vip={$client_vip}&agency_id={$agency_id}"); exit; } $message_fields = array('theme', 'text'); if (@$mode) { $arr = array(); foreach ($message_fields as $v) { $arr[$v] = from_form(@${$v}); } $arr['text'] = trim(substr($arr['text'], 0, 3000)); if (!$arr['text']) { $_SESSION['message'] = "Укажите текст сообщения!"; $_SESSION['message_data'] = Serialize($arr); Header("Location: " . ADMIN_URL . "?p={$part}"); exit; } $parent_id = (int) @$parent_id; $prev_message = $parent_id ? 1 : 0; if ($prev_message) { $sql = mysql_query("SELECT block_id, theme, text FROM " . TABLE_MESSAGE . " WHERE message_id={$parent_id}") or Error(1, __FILE__, __LINE__); $prev_sql = @mysql_fetch_array($sql); $block_id = (int) @$prev_sql['block_id']; }
<?php $order_id = (int) @$order_id; $agency_id = (int) @$agency_id; $type = escape_string(from_form(@$type)); $siteorder_id = (int) @$siteorder_id; if ($siteorder_id) { $sql = mysql_query("SELECT so.*, s.name as site FROM " . TABLE_SITEORDER . " so\n\tLEFT JOIN " . TABLE_SITE . " s ON (s.site_id=so.site_id)\n\tWHERE siteorder_id='{$siteorder_id}'") or Error(1, __FILE__, __LINE__); if ($order = @mysql_fetch_array($sql)) { list($order['date'], $order['time']) = explode(" ", $order['datetime']); $order['time'] = substr($order['time'], 0, 5); $d = split("-", $order['date']); $order['date'] = @$d[2] . "." . @$d[1] . "." . @($d[0] - 2000); $_SESSION['order_data'] = array(); $data = @Unserialize($order['data']); if (is_array($data)) { foreach ($data as $k => $v) { $v['name'] = nl2br(htmlspecialchars($v['name'], ENT_COMPAT, 'cp1251')); $v['value'] = nl2br(htmlspecialchars($v['value'], ENT_COMPAT, 'cp1251')); $data[$k] = $v; } $order['data'] = $data; } else { $order['data'] = array(); } $order['orders_link'] = ADMIN_URL . "?p={$part}&page={$current_page}"; $order['current_page'] = $current_page; echo get_template('templ/siteorderprint.htm', $order); } return; }
$arr = @mysql_fetch_array($sql); $oldord = (int) @$arr[0]; $form_id = (int) @$arr[1]; mysql_query("UPDATE " . TABLE_QUESTFIELD . " SET public='{$public}', name='{$name}', data='{$data}', type='{$type}', checkfield='{$checkfield}'," . " ord='{$ord}' WHERE field_id='{$field_id}'") or Error(1, __FILE__, __LINE__); if ($ord > $oldord) { mysql_query("UPDATE " . TABLE_QUESTFIELD . " SET ord=ord-1 " . "WHERE ord>'{$oldord}' AND ord<='{$ord}' AND field_id!='{$field_id}' AND form_id={$form_id}") or Error(1, __FILE__, __LINE__); } elseif ($ord < $oldord) { mysql_query("UPDATE " . TABLE_QUESTFIELD . " SET ord=ord+1 " . "WHERE ord>='{$ord}' AND ord<'{$oldord}' AND field_id!='{$field_id}' AND form_id={$form_id}") or Error(1, __FILE__, __LINE__); } Header("Location: " . ADMIN_URL . "?p={$part}&field_id={$field_id}"); exit; } if (@$saveform) { $name = escape_string(from_form(@$name)); $butt = escape_string(from_form(@$butt)); $email = escape_string(from_form(@$email)); mysql_query("UPDATE " . TABLE_QUESTIONNAIRE . " SET name='{$name}', butt='{$butt}', email='{$email}' WHERE form_id='{$form_id}'") or Error(1, __FILE__, __LINE__); Header("Location: " . ADMIN_URL . "?p={$part}&form_id={$form_id}"); exit; } $replace = array(); $forms = array(); $sql_form = mysql_query("SELECT form_id, name, butt FROM " . TABLE_QUESTIONNAIRE . " ORDER BY form_id") or Error(1, __FILE__, __LINE__); while ($info_form = @mysql_fetch_array($sql_form)) { $sql = mysql_query("SELECT field_id, name, public FROM " . TABLE_QUESTFIELD . " WHERE form_id={$info_form['form_id']} ORDER BY ord") or Error(1, __FILE__, __LINE__); $fields = array(); $field_name = ""; while ($info = @mysql_fetch_array($sql)) { $info['name'] = htmlspecialchars($info['name'], ENT_COMPAT, 'cp1251'); if (!$info['name']) { $info['name'] = NONAME;
$sql = mysql_query("SELECT ord FROM ".TABLE_SITE." WHERE site_id='$site_id'") or Error(1, __FILE__, __LINE__); $arr = @mysql_fetch_array($sql); $oldord = (int)@$arr['ord']; $ord = (int)@$ord; if($ord < 1 || $ord > $count) { $_SESSION['message'] = "Неверное значение порядкового номера (от 1 до $count)"; Header("Location: ".ADMIN_URL."?p=$part&site_id=$site_id"); exit; } //$public = (int)@$public; $name = escape_string(from_form(@$name)); $extra = escape_string(from_form(@$extra)); mysql_query("UPDATE ".TABLE_SITE." SET name='$name', extra='$extra', ord='$ord' ". "WHERE site_id='$site_id'") or Error(1, __FILE__, __LINE__); if($ord > $oldord) mysql_query("UPDATE ".TABLE_SITE." SET ord=ord-1 ". "WHERE ord>'$oldord' AND ord<='$ord' AND site_id!='$site_id'") or Error(1, __FILE__, __LINE__); elseif($ord < $oldord) mysql_query("UPDATE ".TABLE_SITE." SET ord=ord+1 ". "WHERE ord>='$ord' AND ord<'$oldord' AND site_id!='$site_id'") or Error(1, __FILE__, __LINE__); $url = ADMIN_URL."?p=$part&site_id=$site_id"; Header("Location: ".$url); exit; }