function printItems($tree) { echo "<DL>\n"; foreach ($tree as $k => $item) { if (is_int($k)) { echo '<DT><a href="' . $item->url . '" title="' . implode(' ', $item->tags) . '">' . $item->title . "</a></DT>\n"; } else { echo "<DT>\n"; echo "<H3>" . $k . "</H3>\n"; printItems($item); echo "</DT>\n"; } } echo "</DL>\n"; }
} } $db->query("UPDATE rifs \n\t SET room_rate = " . $db->quote($_POST['room_rate']) . ", \n\t room_hours = " . $db->quote($_POST['room_hours']) . ", \n\t text_facilities = " . $db->quote($_POST['text_facilities']) . ", \n\t fee_uw = " . $db->quote($_POST['fee_uw']) . ", \n\t expected = " . $db->quote($_POST['expected']) . ",\n\t loc_spec = " . $db->quote($_POST['loc_spec']) . ", \n\t loc_gen = " . $db->quote($_POST['loc_gen']) . ",\n\t fee_gen = " . $db->quote($_POST['fee_gen']) . " \n\t WHERE id = " . $db->quote($_GET['id'])); var_dump($_POST); die; } if ($_POST['deleteItem']) { echo $_POST['id']; if (verifyAdminOrRifInstructor($_GET['id'])) { $db->query("DELETE FROM rifs_items WHERE id = " . $db->quote($_POST['id'])); echo 'lolzers'; } echo 'lel'; die; } if ($_POST['newItem']) { $db->query("INSERT INTO rifs_items (rif_id) VALUES (" . $db->quote($_GET['id']) . ")"); printItems(); die; } //Update the rif if ($_POST['update']) { var_dump($_POST); if ($_POST['info-overload'] == '') { $_POST['info-overload'] = 0; } echo "name is "; $data = $_POST['update']; var_dump($data); $db->query("UPDATE rifs\n\t SET name = " . $db->quote($_POST['name']) . ",\n\t category = " . $db->quote($_POST['category']) . ",\n\t size = " . $db->quote($_POST['size']) . ",\n\t firstday = " . $db->quote($_POST['firstday']) . ",\n\t overload = " . $db->quote($_POST['overload']) . ",\n\t underage = " . $db->quote($_POST['underage']) . ",\n\t text_email = " . $db->quote($_POST['text_email']) . ",\n\t text_short = " . $db->quote($_POST['text_short']) . ",\n\t text_long = " . $db->quote($_POST['text_long']) . "\n\t WHERE id = " . $db->quote($_GET['id'])); }
</div> <div role="tabpanel" class="tab-pane" id="rejected"> <div class="table-responsive"> <table class="table table-hover" id="item-approved-list"> <thead> <tr> <th>#</th> <th>主题</th> <th>所属分类</th> <th>发布者</th> <th>发布时间</th> <th>操作</th> </tr> </thead> <tbody> <?php printItems($itemsObj, '0', $page); ?> </tbody> </table> </div> </div> </div> </div> </div> </div> </div> </div>
<?php $operation = $_REQUEST['ajax']; switch ($operation) { case 'read': $item_id = $_POST['id']; // Currently a huge security hole! Fix later! $sql = "UPDATE lylina_items\n\t\t\t SET viewed = 1\n\t\t\t WHERE id = {$item_id}"; $result = runSQL($sql); break; case 'update': $conf['debug'] = 'false'; require find_op("fetch"); $newest = $_REQUEST['newest']; // Also stupid and should be fixed $sql = "SELECT COUNT(*)\n FROM lylina_items\n WHERE id > {$newest}\n AND UNIX_TIMESTAMP(dt) > UNIX_TIMESTAMP()-(8*60*60)"; $result = runSQL($sql); echo $result[0]["COUNT(*)"]; break; case 'items': require_once 'inc/display.php'; require_once 'inc/itemDisplay.inc.php'; // echo '<div id="new">Get new items</div>'; printItems(0, 8); break; }
<?php // Include the functions for item display require_once 'inc/itemDisplay.inc.php'; // Create a second smarty instance so we can magically flush the header out $header = new Smarty(); $header->assign('lang', $lang); $header->assign('conf', $conf); $header->assign('user', $UID); $header->assign('rss_id', md5($UID)); $header->assign('msg', $msg); $header->display('head.tpl'); // Flush the header ob_flush(); sleep(1); flush(); ob_flush(); $conf['debug'] = false; // Run the fetch operation require find_op("fetch"); $hours = $_REQUEST['hours']; if (!is_numeric($hours)) { $hours = 0; } if (!$hours) { $hours = 8; } printItems($UID, $hours); $output->assign('rss_id', md5($UID));