Beispiel #1
0
function getCrsDefsAsArray($s)
{
    $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_crs` WHERE Code = " . returnDefault($s, 'text');
    $data = getDataFromSQL($sql, __FILE__, "details", __FUNCTION__);
    if ($data['Count'] != 1) {
        exit;
    } else {
        return $data;
    }
}
     } else {
         $sql .= returnDefault($login, 'Name') . ", ";
     }
     $sql .= returnDefault(getCryptedPwd($login, $password), 'text') . ", ";
     $sql .= returnDefault($country, 'list') . ", ";
     $sql .= returnDefault($contact, 'text') . ", ";
     $sql .= "Now(), ";
     $sql .= returnDefault($register_language, 'list') . ", ";
     $sql .= "1, ";
     $sql .= returnDefault($alert_for_news, 'checkbox') . ", ";
     $sql .= returnDefault($latitude, 'latlng') . ", ";
     $sql .= returnDefault($longitude, 'latlng') . ", ";
     $sql .= returnDefault($default_lat, 'text') . ", ";
     $sql .= returnDefault($default_lng, 'text') . ", ";
     $sql .= returnDefault($default_zoom, 'text') . ", ";
     $sql .= returnDefault($activation_code, 'text') . ")";
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $new_id = $req['mysql_insert_id'];
     $defaultUserGroup = 3;
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_caver_group` ";
     $sql .= "(`Id_caver`, `Id_group`)";
     $sql .= " VALUES (";
     $sql .= $new_id . ", " . $defaultUserGroup . ") ";
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     if (!defined('NO_PHPBB_INSTALLED')) {
         addphpBBuser($login, $password, $contact, $language);
     }
     sendActivationMail($contact, $login, $password, $new_id, $activation_code);
     trackAction("insert_user", $new_id, "T_caver");
     $save_failed = false;
 } else {
Beispiel #3
0
 if ($isNew == "True") {
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_massif` ";
     $sql .= "(`Id_author`, `Name`, `Date_inscription`)";
     $sql .= " VALUES (";
     $sql .= $_SESSION['user_id'] . ", ";
     $sql .= returnDefault($name, 'text') . ", ";
     $sql .= "Now()) ";
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $nid = $req['mysql_insert_id'];
     trackAction("insert_massif", $nid, "T_massif");
 } else {
     $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_massif` ";
     $sql .= " SET ";
     $sql .= "Locked = 'NO', ";
     $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", ";
     $sql .= "Name = " . returnDefault($name, 'text') . ", ";
     $sql .= "Date_reviewed = Now() ";
     $sql .= "WHERE Id = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` ";
     $sql .= "WHERE `Id_massif` = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     trackAction("edit_massif", $id, "T_massif");
 }
 if ($list != "") {
     if ($isNew == "True") {
         $onid = $nid;
     } else {
         $onid = $id;
     }
     $arrList = explode("|", $list);
header('Expires: ' . EXPIRATION_DATE);
header('Content-type: application/json; charset=utf-8');
$iso = isset($_GET['iso']) ? urldecode(stripslashes($_GET['iso'])) : Select_default;
$iso = isset($_POST['iso']) ? urldecode(stripslashes($_POST['iso'])) : $iso;
$crs_language = isset($_GET['lng']) ? ucfirst(urldecode(stripslashes($_GET['lng']))) : ucfirst($_SESSION['language']);
$crs_language = isset($_POST['lng']) ? ucfirst(urldecode(stripslashes($_POST['lng']))) : $crs_language;
$supported_languages = array('Fr', 'En', 'Es', 'De');
$crs_language = in_array($crs_language, $supported_languages) ? $crs_language : 'En';
$sql = "SELECT DISTINCT IFNULL(co." . $crs_language . "_name, '*World') AS country, crs.Code AS code, crs.Definition AS def FROM `" . $_SESSION['Application_host'] . "`.`T_crs` crs ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_country_crs` cc ON cc.Id_crs = crs.Id ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_country` co ON co.Iso = cc.Iso ";
$sql .= "WHERE crs.Code = 'WGS84' OR (crs.Enabled = 'YES' ";
if ($iso == Select_default) {
    $sql .= ") ";
} else {
    $sql .= "AND ((cc.Iso IS NULL) OR cc.Iso = " . returnDefault($iso, 'text') . ")) ";
}
$sql .= "ORDER BY co." . $crs_language . "_name";
$result = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
$num = $result["Count"];
$js_var = "{" . "\n";
$country = '';
$started = false;
$cstart = false;
if ($num > 0) {
    while (list($k, $crs) = each($result)) {
        if ($crs['code'] != '' && $crs['def'] != '') {
            if ($country != $crs['country']) {
                $country = $crs['country'];
                if ($started) {
                    $js_var .= "}," . "\n";
    }
    //Save the pwd :
    if (isset($_POST['save_pwd'])) {
        $password = isset($_POST['c_caver_password']) ? $_POST['c_caver_password'] : '';
        $new_password = isset($_POST['c_caver_new_password']) ? $_POST['c_caver_new_password'] : '';
        $key = isset($_POST['c_key']) ? $_POST['c_key'] : '';
        $password = crypt_xor(stripslashes($password), $key);
        $new_password = crypt_xor(stripslashes($new_password), $key);
        $login = addslashes($_SESSION['user_login']);
        $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver` ";
        $sql .= "WHERE `Id` = " . $_SESSION['user_id'] . " ";
        $sql .= "AND `Password` = '" . getCryptedPwd($login, $password) . "'";
        $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
        if ($data['Count'] > 0) {
            $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver` ";
            $sql .= "SET `Password` = " . returnDefault(getCryptedPwd($login, $new_password), 'text') . " ";
            $sql .= "WHERE `Id` = " . $_SESSION['user_id'];
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            if (!defined('NO_PHPBB_INSTALLED')) {
                chgPwdphpBBuser($login, $new_password);
            }
            $pwd_saved = true;
        } else {
            $pwd_saved = false;
        }
    }
}
if (allowAccess(caver_delete_himself)) {
    //Delete an account :
    if (isset($_POST['delete_user'])) {
        $password = isset($_POST['d_caver_password']) ? $_POST['d_caver_password'] : '';
Beispiel #6
0
         $sql .= $onid . ", ";
         //$sql .= returnDefault($cave_min_depth, 'float').", ";
         //$sql .= returnDefault($cave_max_depth, 'float').", ";
         $sql .= returnDefault($cave_depth, 'float') . ", ";
         $sql .= returnDefault($cave_length, 'float') . ", ";
         $sql .= returnDefault($cave_diving, 'checkbox') . ", ";
         $sql .= returnDefault($cave_temperature, 'float') . ") ";
     } else {
         $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_single_entry` ";
         $sql .= " SET ";
         //$sql .= "`Min_depth` = ".returnDefault($cave_min_depth, 'float').", ";
         //$sql .= "`Max_depth` = ".returnDefault($cave_max_depth, 'float').", ";
         $sql .= "`Depth` = " . returnDefault($cave_depth, 'float') . ", ";
         $sql .= "`Length` = " . returnDefault($cave_length, 'float') . ", ";
         $sql .= "`Temperature` = " . returnDefault($cave_temperature, 'float') . ", ";
         $sql .= "`Is_diving` = " . returnDefault($cave_diving, 'checkbox') . " ";
         $sql .= "WHERE `Id` = " . $onid;
     }
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $save_failed = false;
     $type = "menu";
 } else {
     if (isset($_GET['id'])) {
         $id = isset($_GET['id']) ? $_GET['id'] : '';
         if (takeOver("entry", $id) && $id != "") {
             $sql = "SELECT ey.*, ce.Id_cave, mc.Id_massif FROM `" . $_SESSION['Application_host'] . "`.`T_entry` ey ";
             $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_cave_entry` ce ON ey.Id = ce.Id_entry ";
             $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_massif_cave` mc ON ey.Id = mc.Id_entry ";
             $sql .= "WHERE ey.Id = " . $id;
             $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
             if ($data['Count'] > 0) {
Beispiel #7
0
                 $longitude = isset($_GET['nlng']) ? $_GET['nlng'] : '';
                 $showMe = "True";
             } else {
                 $showMe = "False";
             }
         }
     }
 }
 if ($type == "logo") {
     $id = isset($_GET['id']) ? $_GET['id'] : '';
     if (takeOver("grotto", $id) && $id != "") {
         if (isset($_GET['logo_changed']) && $_GET['logo_changed'] == "true") {
             $logo_file = isset($_GET['logo_name']) ? $_GET['logo_name'] : '';
             $logo_file = urldecode($logo_file);
             $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_grotto` SET ";
             $sql .= "Picture_file_name = " . returnDefault($logo_file, 'text') . ", ";
             $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", ";
             $sql .= "Date_reviewed = Now() ";
             $sql .= "WHERE Id = " . $id;
             $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
         }
         $sql = "SELECT Name, Picture_file_name FROM `" . $_SESSION['Application_host'] . "`.`T_grotto` WHERE Id = " . $id;
         $result = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
         $logo_file = $result[0]['Picture_file_name'];
         $grotto_name = $result[0]['Name'];
         $parameters = "&cancel=True&cid=" . $id . "&ccat=grotto";
     } else {
         $locked = true;
         $type = "menu";
     }
 }
Beispiel #8
0
            //Update the entry contribution flag
            $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_entry` ";
            $sql .= "SET Has_contributions = 'YES' ";
            $sql .= "WHERE Id = " . $id;
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            //Send an e-mail to the answered person
            if ($id_answered != "" && $ncat == "comment") {
                $get_answered_sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_comment` WHERE Id = " . $id_answered;
                $answered_array = getDataFromSQL($get_answered_sql, __FILE__, $frame, __FUNCTION__);
                if ($answered_array[0]["Alert"] == "YES") {
                    alertForCommentReply($id_answered, $nid, $category, $id);
                }
            }
            if ($ncat == "rigging" || $ncat == "description") {
                $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_entry_" . $ncat . "` (Id_entry, Id_" . $ncat . ") VALUES ( ";
                $sql .= returnDefault($id, 'id') . ", ";
                $sql .= $nid . " ";
                $sql .= ") ";
                $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            }
            $save_failed = false;
        }
    }
    $contributionSaved = !$save_failed && (isset($_POST['save']) || isset($_POST['new']));
}
if ($contributionSaved) {
    if ($caverRelevance < 0) {
        $scoreMessage = '<div class="error">';
    } else {
        $scoreMessage = '<div class="warning">';
    }
Beispiel #9
0
         $attachment_file = urldecode($attachment_file);
         if (isset($_GET['uploaded']) && $_GET['uploaded'] == "true") {
             if ($attachment_file != "") {
                 $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_file` ";
                 $sql .= "(Id_author, Date_inscription, Name, Path) VALUES (";
                 $sql .= returnDefault($_sess_user_id, 'id') . ", ";
                 $sql .= "Now(), ";
                 $sql .= returnDefault($original_attachment_file, 'text') . ", ";
                 $sql .= returnDefault($_SESSION['Application_url'] . '/upload/attachments/' . $attachment_file, 'text') . ") ";
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
                 $file_id = $req['mysql_insert_id'];
                 trackAction("insert_file", $file_id, "T_file");
                 $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_author_file` ";
                 $sql .= "(Id_author, Id_file) VALUES (";
                 $sql .= returnDefault($uploaded_author_id, 'id') . ", ";
                 $sql .= returnDefault($file_id, 'id') . ") ";
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
             }
         } elseif (isset($_GET['deleted']) && $_GET['deleted'] == "true") {
             $file_id = isset($_GET['file_id']) ? $_GET['file_id'] : '';
             if ($file_id != "") {
                 $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_author_file` WHERE Id_file = " . $file_id;
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
                 trackAction("delete_file", $file_id, "T_file");
                 $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`T_file` WHERE Id = " . $file_id;
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
             }
         }
     }
 }
 $sql = "SELECT DISTINCT T_file.Id AS File_id, T_file.Path, T_author.Id, T_author.Validated, T_topography.Id_author, T_status.Name AS Status_name ";
                    $caver_contact = $data[0]['Contact'];
                } else {
                    $type = "caver";
                }
            } else {
                $type = "caver";
            }
        }
    }
    if ($type == "caver_prop") {
        $activated = isset($_GET['Activated']) ? $_GET['Activated'] : '';
        $banned = isset($_GET['Banned']) ? $_GET['Banned'] : '';
        $id = isset($_GET['id']) ? $_GET['id'] : '';
        $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver` SET ";
        $sql .= "Activated = " . returnDefault($activated, "text") . ", ";
        $sql .= "Banned = " . returnDefault($banned, "text") . " ";
        $sql .= "WHERE `Id` = " . $id;
        $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
        $save_failed = false;
        $type = "caver";
    }
}
?>
    <script type="text/javascript">
    <?php 
echo getCDataTag(true);
?>
    //Gona need those functions : switchDOM();
    var namesArray = [];
<?php 
switch ($type) {
Beispiel #11
0
function insertWarning($warning, $frame, $comment)
{
    $warning = addslashes($warning);
    $comment = addslashes($comment);
    $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_warning` ";
    $sql .= "(`Id_caver`, `Date`, `Warning`, `Frame`, `Comment`) VALUES ";
    $sql .= "(" . returnDefault($_SESSION['user_id'], 'text');
    $sql .= ",Now(),";
    $sql .= returnDefault($warning, 'text') . ",";
    $sql .= returnDefault($frame, 'text') . ",";
    $sql .= returnDefault($comment, 'text') . ")";
    $req = execSQL($sql, "function", __FILE__, __FUNCTION__);
    $id = $req['mysql_insert_id'];
    return $id;
}
include "mailfunctions_" . $_SESSION['language'] . ".php";
$type = isset($_GET['type']) ? $_GET['type'] : 'manual';
$activated = false;
$manu_err = false;
$id = "";
$login = "";
$code = "";
$helpId = array("activation" => 18);
if (isset($_POST['activate']) || $type == "auto") {
    if ($type == "auto") {
        $id = isset($_GET['i']) ? $_GET['i'] : '';
        $code = isset($_GET['c']) ? $_GET['c'] : '';
    } else {
        $code = isset($_POST['a_code']) ? $_POST['a_code'] : '';
        $login = isset($_POST['a_login']) ? $_POST['a_login'] : '';
        $sql = "SELECT Id FROM T_caver WHERE Login = "******"") {
            $manu_err = true;
        }
    }
    if (!$manu_err) {
        $activated = activateAccount($id, $code);
    }
}
echo getDoctype(false) . "\n";
?>
<html <?php 
echo getHTMLTagContent();
?>
Beispiel #13
0
     $sql .= $_SESSION['user_id'] . ", ";
     $sql .= returnDefault($name, 'text') . ", ";
     $sql .= returnDefault($link, 'url') . ", ";
     $sql .= returnDefault($comments, 'text') . ", ";
     $sql .= "Now()) ";
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $nid = $req['mysql_insert_id'];
     trackAction("insert_url", $nid, "T_url");
 } else {
     $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_url` ";
     $sql .= " SET ";
     $sql .= "Locked = 'NO', ";
     $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", ";
     $sql .= "Name = " . returnDefault($name, 'text') . ", ";
     $sql .= "Url = " . returnDefault($link, 'url') . ", ";
     $sql .= "Comments = " . returnDefault($comments, 'text') . ", ";
     $sql .= "Date_reviewed = Now() ";
     $sql .= "WHERE Id = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_entry_url` ";
     $sql .= "WHERE `Id_url` = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     trackAction("edit_url", $id, "T_url");
 }
 if ($isNew == "True") {
     $onid = $nid;
 } else {
     $onid = $id;
 }
 if ($list != "") {
     $arrList = split('[|]+', $list);
Beispiel #14
0
        }
        if ($subject == "bad_content" || $subject == "restore_element") {
            $subject .= "; Category: " . $category;
        }
        if ($bad_name != "") {
            $subject .= "; Id: " . $bad_name;
        }
        sendMessageToWM($admin_id, $contact, $real_mail, $name, $subject, nl2br($body));
        if ($category == 'topography' && $bad_name != '') {
            $sql = "SELECT Id FROM T_status WHERE Name = 'canceled'";
            $status_id = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
            $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_topography` SET Enabled = 'NO' WHERE Id_request = " . $bad_name;
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            $user_login = $_SESSION['user_login'] == '' ? "guest" : $_SESSION['user_login'];
            $date_stamp = '---- <convert>#label=230<convert>: ' . $user_login . ' ' . date("Y-m-d H:i:s") . ' ----';
            $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_request` SET Id_status = " . returnDefault($status_id[0]['Id'], 'id') . ", Comments = " . returnDefault($date_stamp . "\n" . $body, 'text') . " WHERE Id = " . $bad_name;
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            trackAction("edit_request", $bad_name, "T_request");
            sendRequestMail($bad_name);
        }
        $send_failed = false;
    }
}
function formIsValid()
{
    $string = isset($_POST['m_check']) ? $_POST['m_check'] : '';
    $check = True;
    $check = $check && (md5(getIp() . strtolower($string)) == $_SESSION['userCheck'] || USER_IS_CONNECTED);
    return $check;
}
if (!USER_IS_CONNECTED) {
Beispiel #15
0
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     if ($isMassifed == "YES") {
         if ($isNewMassif == "YES") {
             $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_massif` ";
             $sql .= "(`Id_author`, `Name`, `Date_inscription`)";
             $sql .= " VALUES (";
             $sql .= $_SESSION['user_id'] . ", ";
             $sql .= returnDefault($cave_name, 'text') . ", ";
             $sql .= "Now()) ";
             $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
             $massif_id = $req['mysql_insert_id'];
             trackAction("insert_massif", $massif_id, "T_massif");
         }
         $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_massif_cave` (`Id_massif`, `Id_cave`, `Id_entry`) VALUES (";
         $sql .= returnDefault($massif_id, 'text') . ", ";
         $sql .= returnDefault($onid, 'text') . ", ";
         $sql .= "0) ";
         $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     }
     $save_failed = false;
     $type = "menu";
 } else {
     if (isset($_GET['id'])) {
         $id = isset($_GET['id']) ? $_GET['id'] : '';
         if (takeOver("cave", $id) && $id != "") {
             $sql = "SELECT ca.*, mc.Id_massif FROM `" . $_SESSION['Application_host'] . "`.`T_cave` ca ";
             $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_massif_cave` mc ON ca.Id = mc.Id_cave ";
             $sql .= "WHERE ca.Id = " . $id;
             $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
             if ($data['Count'] > 0) {
                 $name = $data[0]['Name'];