$tmp_password = make_password(); $pwd_hash = db_escape_string(encrypt_password($tmp_password, $login)); $rv[0] = T_sprintf("Created user %s with password <b>%s</b>.", $login, $tmp_password); db_query($link, "INSERT INTO ttirc_users \n\t\t\t\t\t(login, pwd_hash, email, nick, realname) \n\t\t\t\t\tVALUES\n\t\t\t\t\t('{$login}', '{$pwd_hash}', '{$login}@localhost', '{$login}', '{$login}')"); } else { $rv[0] = T_sprintf("User %s already exists", $login); } $rv[1] = format_users($link); print json_encode($rv); } break; case "reset-password": $id = db_escape_string($_REQUEST["id"]); if ($_SESSION["access_level"] >= 10) { $tmp_password = make_password(); $login = get_user_login($link, $id); $pwd_hash = db_escape_string(encrypt_password($tmp_password, $login)); db_query($link, "UPDATE ttirc_users SET pwd_hash = '{$pwd_hash}'\n\t\t\t\tWHERE id = '{$id}'"); print json_encode(array("message" => T_sprintf("Reset password of user %s to <b>%s</b>.", $login, $tmp_password))); } break; case "delete-user": $ids = db_escape_string($_REQUEST["ids"]); if ($_SESSION["access_level"] >= 10) { db_query($link, "DELETE FROM ttirc_users WHERE\n\t\t\t\tid in ({$ids}) AND id != " . $_SESSION["uid"]); print format_users($link); } break; case "users": if ($_SESSION["access_level"] >= 10) { show_users($link);
<?php session_start(); include_once "library.php"; $db = connect(); ?> <!DOCTYPE html> <html> <head> <title><?php echo get_user_login($_SESSION["id"], $db); ?> - Settings Hub</title> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="css/style.css"> </head> <body> <?php //Affiche les parametres de l'utilisateur et permet de les changer require "menu.html"; echo "<section>"; echo "<h2>Parametres</h2>"; if (isset($_SESSION["error_change"])) { echo "<p id='error'>Erreur : Champ et/ou valeur errone(s)</p>"; unset($_SESSION["error_change"]); } if (!empty($_GET["change"])) { require "settings/change_settings.html"; } if (!empty($_POST["change_value"])) { require "settings/change_settings.php";
<?php //Affiche les evenements recents en lien avec l'utilisateur //On creer un tableau contenant l'id de l'utilisateur et de chacun de ses amis $users = array($_SESSION["id"]); $query = $db->prepare("SELECT user2 FROM friends WHERE user1 = ?"); $query->execute(array($_SESSION["id"])); while ($data = $query->fetch()) { $users[] = $data["user2"]; } $query->closeCursor(); //On execute une requete pour obtenir chaques messages et lien entre utilisateurs $users_string = implode(",", $users); $query = $db->prepare("SELECT * FROM posts WHERE user IN ({$users_string}) ORDER BY id DESC LIMIT 0, 50"); //Rajouter une limite de nombre et de temps $query->execute($users); //On affiche tous les posts obtenus echo "<section>"; echo "<h2>Fil d'actualite</h2>"; while ($data = $query->fetch()) { echo "<header>Message de <b>" . get_user_login($data["user"], $db) . "</b> :<br></header>"; //Afficher la date du post (si possible) echo "<article><b>" . $data["title"] . "</b><br>"; echo nl2br($data["content"]) . "<br>"; echo "<footer>Posted on " . $data["date_post"] . "</footer></article><br>"; } echo "</section>";
if((int)$row["cc_member_id"]) $comment = "The consumer with ID: <b>" . (int)$row["cc_member_id"] . " " . $applicant_name . "</b> - sent new message"; else $comment = "The person with email: <b>" . htmlspecialchars(trim($row["from_email"])) . "</b> - sent new message"; $actions = $temp_actions; $xtpl->assign("MESSAGE_CLASS", "income"); } elseif($val["message_type"] == "outcoming") { $comment = "The user <b>" . get_user_login($val["now_user_id"]) . "</b> sent the answer"; $xtpl->assign("MESSAGE_CLASS", "answer"); $xtpl->assign("BGCOLOR", "FFFFFF"); }elseif($val["message_type"] == "comment") { $xtpl->assign("MESSAGE_CLASS", "comment"); $comment = "The user <b>" . get_user_login($val["now_user_id"]) . "</b> added comments"; $xtpl->assign("BGCOLOR", "EFEFEF"); $actions = $temp_actions; } } $xtpl->assign("COMMENT", $comment); $xtpl->assign("ACTIONS", $actions); $query = "SELECT body FROM " . T_BODIES . " WHERE id=" . $val["body_id"]; $row1 = SQL_select($query, 0); if($row1 && trim($row1["body"]) != "") { $message_body = str_replace("$","$", StripSlashes(nl2br(htmlspecialchars($row1["body"])))); $xtpl->assign("MESSAGE_BODY", $message_body); $xtpl->parse("main.show_ticket.history_list.body_exists"); } $xtpl->parse("main.show_ticket.history_list");
function display_link_to_user($user_id, $class = 'menu') { echo '<a href="' . get_www_root() . 'show/show_user.php?user_id=' . $user_id . '" class="' . $class . '">' . htmlspecialchars(get_user_login($user_id)) . '</a>'; }
$display["msg"] .= display_ok_msg($l_no_display); } } elseif ($action == "rights_admin") { /////////////////////////////////////////////////////////////////////////////// if(Obm_Acl::isAllowed($obm['uid'], 'mailbox', $params['entity_id'], "admin") || check_mailbox_update_rights($params) ){ $display["detail"] = dis_mailbox_right_dis_admin($params["entity_id"]); } else { $err['msg'] = $l_insufficient_permission; $display['msg'] .= display_err_msg($err['msg']); } } elseif ($action == "rights_update") { /////////////////////////////////////////////////////////////////////////////// if (OBM_Acl_Utils::updateRights('mailbox', $params['entity_id'], $obm['uid'], $params)) { $mailbox_owner_login = get_user_login($params['entity_id']); update_mailbox_acl( $mailbox_owner_login, $obm['domain_id'] ); $display["msg"] .= display_ok_msg("$l_rights : $l_update_ok"); } else { $display["msg"] .= display_warn_msg($l_of_right_err_auth); } $display["detail"] = dis_mailbox_right_dis_admin($params["entity_id"]); } /////////////////////////////////////////////////////////////////////////////// // Display /////////////////////////////////////////////////////////////////////////////// $display["head"] = display_head($l_mailbox); if (! $params["popup"]) { $display["header"] = display_menu($module);
<tr> <td><table> <tr> <td align="right">Nazwa projektu:</td> <td align="left"><input type="text" name="project_name" value="<?php echo htmlspecialchars($project_name); ?> " maxlength="25" size="35"></td> </tr> <tr> <td align="right">OCP:</td> <td align="left"><select name="ocp_id"> <?php $active_users = get_active_users(); if (get_user_status($ocp_id) == 0) { $active_users[$ocp_id] = get_user_login($ocp_id); asort($active_users); } foreach ($active_users as $user_id => $login) { echo '<option value="' . $user_id . '"'; if ($user_id == $ocp_id) { echo ' selected'; } echo '>' . $login . "</option>\n"; } ?> </select></td> </tr> </table> </td> </tr>
$old_parts_price_2x .= '[]'; $old_parts_sklad = $part_data['sklad']; $old_parts_id_tab .= '[' . $old_part_id . ']'; $max_det_m++; $old_parts_det_m .= '[' . $max_det_m . ']'; if (get_user_login($systems->get_user_id_from_full_name($temp_work['inj'])) != '') { $old_parts_login_x .= '[' . get_user_login($systems->get_user_id_from_full_name($temp_work['inj'])) . ']'; } else { $old_parts_login_x .= '[root]'; } // Проверяем наличие записи; $sql = "SELECT `index_i` FROM `detals_m` WHERE `numm_rem` = '" . $numm . "' AND `id_tab` = '" . $old_part_id . "';"; $exist_detals_m = $db->one($sql); if ($exist_detals_m == '') { // Так же паралельно пишем их в таблицу detals_m $sql = "INSERT INTO `detals_m` (`loginm`, `numm_rem`, `status`, `sklad`, `art`, `date_create`, `groups`, `kol`, `price`, `primech`, `rent`, `serial`, `id_tab`)\n VALUES ('" . get_user_login($systems->get_user_id_from_full_name($temp_work['inj'])) . "', '" . $numm . "', 1, '" . $part_data['sklad'] . "', '" . $part_data['art'] . "', NOW(), '" . $part_data['code'] . "', 1, '" . $part_data['price3'] . "', '', 0, '', '" . $old_part_id . "');"; write_log($sql, 'save_old_parts_result'); $db->query($sql); } } // Тут разберемся с резервом; foreach ($old_work_parts as $old_part) { $temp_old_part = (array) $old_part; $old_part_id = $temp_old_part['part_id']; $old_part_marker = $temp_old_part['marker']; // Если новая запчасть - стваим ее в резерв; if ($old_part_marker == 'new') { $sql = "UPDATE `goods_base` SET `reserv` = (`reserv` + 1) WHERE `index_i` = '" . $old_part_id . "';"; write_log($sql, 'save_old_parts_result'); $db->query($sql); }
public function check_weight_day($user_id, $date) { global $db, $db_rs; write_log('ENTER', 'get_weight_days'); if ($user_id != '') { // Делаем place_h; $place_h = date('Y.m.d', strtotime($date)); $sql = "SELECT `numm` FROM `remont` WHERE `inj` = '" . get_user_login($user_id) . "' AND `place_h` = '" . $place_h . "' AND ((status > '2' and status < '7' and status != '3') or (status = '20' or status = '24' or status = '38' or status = '39')) and saveds > '2015-01-01 00:00:00' ORDER BY `numm` ASC LIMIT 100000;"; write_log($sql, 'get_weight_days'); $inj_orders = $db->all($sql); // Проверяем сколько у каждого заказа у нас времени есть в диагностике; $weight_hours = 0; foreach ($inj_orders as $order) { // Проверяем какая нагрузка при диагностике если таковая есть; $sql = "SELECT SUM(`add_time`) as `weight` FROM `diagnostics` WHERE `numm` = '" . $order['numm'] . "';"; $exist_defect_weight = $db_rs->one($sql); if ($exist_defect_weight != '') { $weight_hours += $exist_defect_weight; } else { $weight_hours += 48; } } return array('hours_weight' => $weight_hours, 'numms' => $inj_orders); } return 'FAIL'; }
write_log($sql, 'add_new_user'); $db->query($sql); // База RS; $sql = "INSERT INTO `users_apps` (`user_name`, `user_full_name`, `dep_id`, `app_id`, `department_boss`, `phone_number`, `telegram_auth`, `telegram_auth_code`, `telegram_id`, `telegram_code`, `google_auth`, `auth_key`, `status`, `type`)\n VALUES ('" . $new_user_login . "', '" . $new_user_fam . " " . $new_user_name . " " . $new_user_otch . "', " . $department_new_selector . ", " . $appointment_new_selector . ", 0, '" . $new_user_phone . "',NULL, NULL, NULL, NULL, 0, NULL, 'used', '" . $type_new_selector . "');"; write_log($sql, 'add_new_user'); $db_rs->query($sql); echo 'Логин нового пользователя: <b>' . $new_user_login . '</b><br>Пароль нового пользователя: <b>' . $user_password . '</b>'; } // Передача лоигна другому пользователю; if (isset($_POST['retake_login']) && $_POST['retake_login'] != '') { $user_id = $_POST['retake_login']; $new_user_fam = $_POST['new_user_fam']; $new_user_name = $_POST['new_user_name']; $new_user_otch = $_POST['new_user_otch']; $new_user_phone = $_POST['new_user_phone']; $user_login = get_user_login($user_id); // Обновляем в базе serv4; $sql = "UPDATE `users` SET `fam` = '" . $new_user_fam . "', `name` = '" . $new_user_name . "', `g_name` = '" . $new_user_otch . "', `p_numtel` = '" . $new_user_phone . "' WHERE `login` = '" . $user_login . "';"; $db->query($sql); // Обновляем в rs; $sql = "UPDATE `users_apps` SET `user_full_name` = '" . $new_user_fam . " " . $new_user_name . " " . $new_user_otch . "', `phone_number` = '" . $new_user_phone . "' WHERE `id` = '" . $user_id . "';"; $db_rs->query($sql); $new_password = rand(111111, 999999); // Теперь обновляем пароль польвазотелю; $sql = "UPDATE `user` SET `password` = PASSWORD('xfF" . $new_password . "J') WHERE `user` = '" . $user_login . "';"; $db_login->query($sql); $sql = "flush privileges"; $db_login->query($sql); echo 'Логин нового пользователя: <b>' . $user_login . '</b><br>Пароль нового пользователя: <b>' . $new_password . '</b>'; } }
<?php if (empty($_POST['old_password']) || empty($_POST['new_password1']) || empty($_POST['new_password2'])) { header('location: change_password_form.php'); } else { require_once 'lib/flip.php'; session_start(); check_valid_user(); $go_back = '<a href="change_password_form.php" class="menu">Spróbuj ponownie</a>.'; if (user_ok(get_user_login($_SESSION['valid_user_id']), $_POST['old_password']) == -1) { display_warning('Twoje has³o jest nieprawid³owe! ' . $go_back); } else { if ($_POST['new_password1'] != $_POST['new_password2']) { display_warning('Nowe has³a nie s± identyczne! ' . $go_back); } else { if (strlen($_POST['new_password1']) < 3) { display_warning('Nowe has³o jest za krótkie! ' . $go_back); } else { db_connect(); $q = "update users set password=old_password('" . $_POST['new_password1'] . "') where user_id=" . $_SESSION['valid_user_id']; $r = mysql_query($q); if (!$r) { $warning = 'Zmiana has³a zakoñczona niepowodzeniem!'; } else { $warning = 'Zmiana has³a zakoñczona sukcesem!'; } display_warning($warning); } } } }
echo '<tr><td>B³±d bazy danych, spróbuj pó¼niej.</td></tr></table>'; display_document_footer(); exit; } echo '<tr><td align="center" class="naglowek">Wybierz u¿ytkownika<hr></td></tr>'; echo '<tr><td><form method="GET" action="' . $_SERVER['PHP_SELF'] . '"><select name="user_id">' . "\n"; foreach ($users as $id => $name) { echo '<option value="' . $id . '">' . htmlspecialchars($name) . "</option>\n"; } echo "</select></td></tr>\n"; echo '<tr><td><input type="submit" value="Poka¿"></form></td></tr>'; echo "\n</table>\n"; display_document_footer(); exit; } echo '<tr><td align="center" class="naglowek">Dane u¿ytkownika <i>' . htmlspecialchars(get_user_login($_GET['user_id'])) . "</i><hr></td></tr>\n"; $ocp_projects = get_ocp_projects($_GET['user_id']); echo '<tr><td><table>' . "\n"; echo '<tr><td class="naglowek_maly">U¿ytkownik jest OCPem:</td></tr>' . "\n"; if ($ocp_projects === false) { echo '<tr><td>B³±d bazy danych, spróbuj pó¼niej.</td></tr>'; } else { if (empty($ocp_projects)) { echo "<tr><td>Brak projektów.</td></tr>\n"; } else { $num_project = 1; foreach ($ocp_projects as $pid => $name) { echo '<tr><td>' . $num_project . '. '; ++$num_project; display_link_to_project($pid); echo "</td></tr>\n";
$sql = "SELECT `kolvs` FROM `remont` WHERE `numm` = '" . $numm . "';"; $want_kolvs = $db->one($sql); // Кто хотел отказаться от выполнения заказа; $sql = "SELECT `kompl` FROM `remont` WHERE `numm` = '" . $numm . "';"; $want_kompl = $db->one($sql); $sql = "UPDATE `remont` SET `inj` = '" . $want_kolvs . "', `kolvs` = '', `kompl` = '' WHERE `numm` = '" . $numm . "';"; $db->query($sql); dvj_write($numm, 'Главный инженер подтвердил смену инженера у заказа: ' . get_user_full_name('', $want_kompl) . '->' . get_user_full_name('', $want_kolvs)); echo 'OK'; } /* Когда главный инженер принудительно меняет инежнера */ if (isset($_POST['full_inj_change']) && $_POST['full_inj_change'] != '') { $numm = $_POST['full_inj_change']; $new_inj = $_POST['new_inj']; // Получаем логин инженера; $new_inj_login = get_user_login($new_inj); $new_inj_full_name = get_user_full_name($new_inj); $current_inj = $systems->get_inj_user_id_in_numm($numm); $current_inj_full_name = get_user_full_name($current_inj); $sql = "UPDATE `remont` SET `inj` = '" . $new_inj_login . "', `kolvs` = '', `kompl` = '' WHERE `numm` = '" . $numm . "';"; $db->query($sql); dvj_write($numm, 'Главный инженер сделал принудительную смену инженера. ' . $current_inj_full_name . ' -> ' . $new_inj_full_name); echo 'OK'; } /* Пагинация */ if (isset($_POST['get_pagination_data']) && $_POST['get_pagination_data'] != '') { // Маркер сессии; $marker = $_POST['marker']; // Полный запрос; $sql = $_SESSION['pagination_' . $marker]; // Номер страницы;
<?php require_once 'lib/flip.php'; session_start(); check_valid_user(); if (!isset($_POST['subject']) || !isset($_POST['body'])) { header('location: feedback_form.php'); } $valid_user_login = get_user_login($_SESSION['valid_user_id']); $long_subject = date('Y-m-d H:i') . ' ' . $valid_user_login . ': "' . stripslashes($_POST['subject']) . '"'; $long_body = 'U¿ytkownik ' . $valid_user_login . ' przesy³a nastêpuj±c± uwagê:' . "\n----------------------------------\n" . stripslashes($_POST['body']) . "\n----------------------------------\n"; $long_body .= "Aby odpowiedzieæ na t± uwagê, u¿yj opcji 'Odpowied¼' lub napisz na ten adres: " . $valid_user_login . '@aiesec.uni.lodz.pl'; $long_body .= "\n\n\nFLIP"; $headers = "From: FLIP <*****@*****.**>\r\n" . 'Reply-To: ' . $valid_user_login . "@aiesec.uni.lodz.pl\r\n"; if (mail(ADMIN_MAIL, $long_subject, $long_body, $headers)) { $warning = 'Dziêkujemy! Twoje uwagi zosta³y przyjête.'; } else { $warning = 'Wys³anie uwag zakoñczone niepowodzeniem!'; } display_warning($warning);
} echo "</tr>\n"; foreach (array_keys($_POST['orgs']) as $org_id) { echo '<tr><td>' . htmlspecialchars(get_org_name($org_id)) . '</td>'; $org_info = get_org_info($org_id); if (false === $org_info) { for ($i = 0; $i < $num_info; ++$i) { echo '<td>-</td>'; } } else { reset($info_fields); for ($i = 0; $i < $num_info; ++$i) { $field = each($info_fields); $field = $field[1]; if ($field == 'updater_id') { $content = htmlspecialchars(get_user_login($org_info[$field])); } else { if ($field == 'phone' || $field == 'fax') { $content = parse_phone_number($org_info[$field]); } else { $content = htmlspecialchars($org_info[$field]); } } echo '<td>' . $content . '</td>'; } } echo "</tr>\n"; if (isset($_POST['comments'])) { echo '<tr><td colspan="' . ($num_info + 1) . '" align="left" valign="top" height="50"><i>Uwagi:<i></td></tr>' . "\n"; } }
group_id, DATE_FORMAT(updated, '%W %b %d %h:%i %Y') as updated, DATE_FORMAT(created, '%W %b %d %h:%i %Y') as created FROM " . T_TICKETS . " WHERE id IN(" . implode(",", $_SESSION["selected_tickets"]) . ")"; $rows = SQL_select($query); $i = 1; foreach($rows as $row) { if((int)$row["cc_member_id"]) $applicant = "Consumer ID: <b>" . (int)$row["cc_member_id"] . "</b> "; if($row["from_email"] != "") $applicant .= "E-mail: <b>" . trim($row["from_email"]) . "</b>"; $applicant_name = ""; if(trim($row["cc_fname"]) != "" || trim($row["cc_lname"]) != "") $applicant_name = " <b>" . ucwords(htmlspecialchars($row["cc_fname"])) . " " . ucwords(htmlspecialchars($row["cc_lname"])) . "</b>"; $xtpl->assign("APPLICANT", "#" . $i . ": " . $applicant . $applicant_name . "</br>"); $xtpl->parse("main.update.group_tickets.group_ticket_info"); $xtpl->assign("TICKET_INFO", "#" . $i . ": " . "Owner: <strong>" . get_user_login($row["user_id"]) . "</strong> Queue: <strong>" . get_queue_name($row["group_id"]) . "</strong> Status: <strong>" . $row["status"] . "</strong><br>"); $i++; $xtpl->parse("main.update.group_tickets.group_ticket_info1"); } $xtpl->parse("main.update.group_tickets"); get_group_operations($xtpl, "main.update", "form1", 0, 0); $type_message = array("comment"=>"Add comments", "reply"=>"Send answer"); $xtpl->assign("TYPE_MESSAGE", get_drop_down_list($type_message, "message_status")); $xtpl->assign("MESSAGE_STATUS", $_REQUEST["message_status"]); if($template > 0) $xtpl->assign("MESSAGE", get_template($template, 0, 0)); } $query = "SELECT id, name FROM " . T_TEMPLATES . " WHERE template_website='" . $_SESSION['website_url'] . "'";
function get_project_involved($project_id) { db_connect(); $involved = array(); $ocp_id = get_project_ocp($project_id); $involved[$ocp_id] = get_user_login($ocp_id); $q = 'select oc_member_id from oc where project_id=' . $project_id; $r = mysql_query($q); while ($row = mysql_fetch_array($r)) { $involved[$row['oc_member_id']] = get_user_login($row['oc_member_id']); } return $involved; }