/**
* Supprimer les révisions des objets disparus
*/
function optimiser_base_revisions()
{
/**
* On commence par récupérer la liste des types d'objet ayant au moins une révision
*/
$objets_revises = sql_select('objet', 'spip_versions', 'id_version=1', 'objet');
/**
* Pour chaque objet, on va contruire un tableau des identifiants disparus
* On supprimera ensuite les occurences dans spip_versions et spip_versions_fragments
*/
while ($objet = sql_fetch($objets_revises)) {
$in = array();
$table = table_objet_sql($objet['objet']);
$id_table_objet = id_table_objet($objet['objet']);
$res = sql_select("A.id_objet AS id_objet, A.objet AS objet", "spip_versions AS A LEFT JOIN {$table} AS R\n\t\t\t\t\t\t\tON R.{$id_table_objet}=A.id_objet AND A.objet=" . sql_quote($objet['objet']), "R.{$id_table_objet} IS NULL AND A.objet=" . sql_quote($objet['objet']) . " AND A.id_objet > 0", "A.id_objet", "A.id_objet");
while ($row = sql_fetch($res)) {
$in[$row['id_objet']] = true;
}
sql_free($res);
/**
* Si on a un array
* On supprime toute occurence des objets disparus dans :
* -* spip_versions
* -* spip_versions_fragments
*/
if ($in) {
foreach (array('spip_versions', 'spip_versions_fragments') as $table) {
sql_delete($table, sql_in('id_objet', array_keys($in)) . " AND objet=" . sql_quote($objet['objet']));
}
}
}
}
function admin_repair_tables()
{
$repair = sql_repair('repair', NULL, 'continue');
// recreer les tables manquantes eventuelles
include_spip('base/create');
creer_base();
$connexion = $GLOBALS['connexions'][0];
$prefixe = $connexion['prefixe'];
$rows = array();
if ($res1 = sql_showbase()) {
while ($r = sql_fetch($res1)) {
$rows[] = $r;
}
sql_free($res1);
}
$res = "";
if (count($rows)) {
while ($r = array_shift($rows)) {
$tab = array_shift($r);
$class = "";
$m = "<strong>{$tab}</strong> ";
spip_log("Repare {$tab}", _LOG_INFO_IMPORTANTE);
// supprimer la meta avant de lancer la reparation
// car le repair peut etre long ; on ne veut pas boucler
effacer_meta('admin_repair');
if ($repair) {
$result_repair = sql_repair($tab);
if (!$result_repair) {
return false;
}
}
// essayer de maj la table (creation de champs manquants)
maj_tables($tab);
$count = sql_countsel($tab);
if ($count > 1) {
$m .= "(" . _T('texte_compte_elements', array('count' => $count)) . ")\n";
} else {
if ($count == 1) {
$m .= "(" . _T('texte_compte_element', array('count' => $count)) . ")\n";
} else {
$m .= "(" . _T('texte_vide') . ")\n";
}
}
if ($result_repair and $msg = join(" ", is_resource($result_repair) ? sql_fetch($result_repair) : $result_repair) . ' ' and strpos($msg, ' OK ') === FALSE) {
$class = " class='notice'";
$m .= "<br /><tt>" . htmlentities($msg) . "</tt>\n";
} else {
$m .= " " . _T('texte_table_ok');
}
$res .= "<div{$class}>{$m}</div>";
}
}
return $res;
}
function optimiser_sansref($table, $id, $sel, $and = "")
{
$in = array();
while ($row = sql_fetch($sel)) {
$in[$row['id']] = true;
}
sql_free($sel);
if ($in) {
sql_delete($table, sql_in($id, array_keys($in)) . ($and ? " AND {$and}" : ""));
spip_log("Numeros des entrees {$id} supprimees dans la table {$table}: {$in}");
}
return count($in);
}
function urls_migre_urls_segments()
{
sql_updateq('spip_urls', array('segments' => 1), "segments<1 OR NOT(url REGEXP '\\/')");
$res = sql_select('DISTINCT url', 'spip_urls', "url REGEXP '\\/' AND segments=1");
while ($row = sql_fetch($res)) {
$segments = count(explode('/', $row['url']));
sql_updateq('spip_urls', array('segments' => $segments), "url=" . sql_quote($row['url']));
if (time() >= _TIME_OUT) {
sql_free($res);
return;
}
}
}
/**
* Inscrire un nouvel auteur sur la base de son nom et son email
* L'email est utilise pour reperer si il existe deja ou non
* => identifiant par defaut
*
* @param string $statut
* @param string $mail_complet
* @param string $nom
* @param array $options
* login : login precalcule
* id : id_rubrique fournit en second arg de #FORMULAIRE_INSCRIPTION
* from : email de l'envoyeur pour l'envoi du mail d'inscription
* force_nouveau : forcer le statut nouveau sur l'auteur inscrit, meme si il existait deja en base
* @return array|string
*/
function action_inscrire_auteur_dist($statut, $mail_complet, $nom, $options = array())
{
if (!is_array($options)) {
$options = array('id' => $options);
}
if (function_exists('test_inscription')) {
$f = 'test_inscription';
} else {
$f = 'test_inscription_dist';
}
$desc = $f($statut, $mail_complet, $nom, $options);
// erreur ?
if (!is_array($desc)) {
return _T($desc);
}
include_spip('base/abstract_sql');
$res = sql_select("statut, id_auteur, login, email", "spip_auteurs", "email=" . sql_quote($desc['email']));
// erreur ?
if (!$res) {
return _T('titre_probleme_technique');
}
$row = sql_fetch($res);
sql_free($res);
if ($row) {
if (isset($options['force_nouveau']) and $options['force_nouveau'] == true) {
$desc['id_auteur'] = $row['id_auteur'];
$desc = inscription_nouveau($desc);
} else {
$desc = $row;
}
} else {
// s'il n'existe pas deja, creer les identifiants
$desc = inscription_nouveau($desc);
}
// erreur ?
if (!is_array($desc)) {
return $desc;
}
// generer le mot de passe (ou le refaire si compte inutilise)
$desc['pass'] = creer_pass_pour_auteur($desc['id_auteur']);
// attribuer un jeton pour confirmation par clic sur un lien
$desc['jeton'] = auteur_attribuer_jeton($desc['id_auteur']);
// charger de suite cette fonction, pour ses utilitaires
$envoyer_inscription = charger_fonction("envoyer_inscription", "");
list($sujet, $msg, $from, $head) = $envoyer_inscription($desc, $nom, $statut, $options);
$notifications = charger_fonction('notifications', 'inc');
notifications_envoyer_mails($mail_complet, $msg, $sujet, $from, $head);
// Notifications
$notifications('inscription', $desc['id_auteur'], array('nom' => $desc['nom'], 'email' => $desc['email']));
return $desc;
}
function get_fields()
{
global $tbl_users;
global $fields, $field_props;
array_splice($fields, 0);
// clear out any existing field names
array_splice($field_props, 0);
// and properties
$result = sql_query("select * from {$tbl_users} limit 1");
$nfields = sql_num_fields($result);
for ($i = 0; $i < $nfields; $i++) {
$field_name = sql_field_name($result, $i);
$fields[] = $field_name;
$field_props[$field_name]['type'] = sql_field_type($result, $i);
$field_props[$field_name]['istext'] = $field_props[$field_name]['type'] == 'string' ? true : false;
$field_props[$field_name]['isnum'] = preg_match('/(int|real)/', $field_props[$field_name]['type']) ? true : false;
$field_props[$field_name]['isbool'] = $field_props[$field_name]['type'] == 'boolean' ? true : false;
}
sql_free($result);
}
<?php
// This script should be ran once an hour as a cronjob.
// -----------------------------------------------------------------------------
// Update the search cache where needed.
$seaResult = sql_query("SELECT `seaObject` FROM `searchcache` " . "WHERE `seaNeedsUpdate` = '1'");
while ($seaData = mysql_fetch_row($seaResult)) {
updateSearchCache($seaData[0], true);
}
sql_free($seaResult);
// -----------------------------------------------------------------------------
// Clean up old searches.
sql_query("TRUNCATE `search`");
sql_query("TRUNCATE `searchItems`");
/*
sql_where( array( "srcSubmitDate<!" => "DATE_SUB( NOW(), INTERVAL 1 HOUR )" ));
$srcResult = sql_rowset( "search", "srcid" );
while( $srcData = sql_next( $srcResult ))
{
sql_where( array( "sriSearch" => $srcData[ "srcid" ]));
sql_delete( "searchItems" );
}
sql_free( $srcResult );
sql_where( array( "srcSubmitDate<!" => "DATE_SUB( NOW(), INTERVAL 1 HOUR )" ));
sql_delete( "search" );
*/
// -----------------------------------------------------------------------------
/**
* Function used to create collection preview
*/
function update_collection($array = NULL)
{
global $db;
if ($array == NULL) {
$array = $_POST;
}
if (is_array($_FILES)) {
$array = array_merge($array, $_FILES);
}
$this->validate_form_fields($array);
$cid = $array['collection_id'];
if (!error()) {
$reqFields = $this->load_required_fields($array);
$otherFields = $this->load_other_fields($array);
$collection_fields = array_merge($reqFields, $otherFields);
if ($this->custom_collection_fields > 0) {
$collection_fields = array_merge($collection_fields, $this->custom_collection_fields);
}
foreach ($collection_fields as $field) {
$name = formObj::rmBrackets($field['name']);
$val = $array[$name];
if ($field['use_func_val']) {
$val = $field['validate_function']($val);
}
if (!empty($field['db_field'])) {
$query_field[] = $field['db_field'];
}
if (is_array($val)) {
$new_val = '';
foreach ($val as $v) {
$new_val .= "#" . $v . "# ";
}
$val = $new_val;
}
if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) {
$val = $val;
} else {
$val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val));
}
if (!empty($field['db_field'])) {
$query_val[] = $val;
}
}
if (has_access('admin_access', TRUE)) {
if (!empty($array['total_comments'])) {
$total_comments = $array['total_comments'];
if (!is_numeric($total_comments) || $total_comments < 0) {
$total_comments = 0;
}
$query_field[] = "total_comments";
$query_val[] = $total_comments;
}
if (!empty($array['total_objects'])) {
$tobj = $array['total_objects'];
if (!is_numeric($tobj) || $tobj < 0) {
$tobj = 0;
}
$query_field[] = "total_objects";
$query_val[] = $tobj;
}
}
}
if (!error()) {
if (!userid()) {
e(lang("you_not_logged_in"));
} elseif (!$this->collection_exists($cid)) {
e(lang("collect_not_exist"));
} elseif (!$this->is_collection_owner($cid, userid()) && !has_access('admin_access', TRUE)) {
e(lang("cant_edit_collection"));
} else {
$db->update(tbl($this->section_tbl), $query_field, $query_val, " collection_id = {$cid}");
e(lang("collection_updated"), "m");
if (!empty($array['collection_thumb']['tmp_name'])) {
$this->upload_thumb($cid, $array['collection_thumb']);
}
}
}
}
if (isset($_POST["summary"])) {
sql_values(array("hlpSummary" => $_POST["summary"], "hlpCategory" => $_POST["category"], "hlpSubmitDate!" => "NOW()", "hlpSubmitter" => $_auth["useid"], "hlpReferenceType" => $_POST["referenceType"], "hlpReferenceId" => $_POST["referenceID"], "hlpOwner" => getRequestRefOwner($_POST["referenceType"], $_POST["referenceID"])));
$helpdeskItem = sql_insert("helpdesk");
addRequestDetail($helpdeskItem, "publicDetail", "publicFile", "all");
addRequestDetail($helpdeskItem, "privateDetail", "privateFile", "submitter");
redirect(url("helpdesk"));
}
$requestCat = strtolower($_cmd[2]);
$requestRef = strtolower($_cmd[3]);
$requestRefId = intval($_cmd[4]);
$cats = array();
$catsResult = sql_rowset("helpdeskCats");
while ($catsData = sql_next($catsResult)) {
$cats[$catsData["hdcid"]] = array("name" => $catsData["hdcName"], "type" => $catsData["hdcType"]);
}
sql_free($catsResult);
?>
<div class="header">
Add a Request
</div>
<form action="<?php
echo url(".");
?>
" enctype="multipart/form-data" method="post">
<div class="container2 mar_bottom">
<table cellspacing="15" cellpadding="0" border="0">
<tr>
<td valign="bottom" width="50%">
<div class="mar_bottom">
<?php
echo getIMG(url() . "images/emoticons/a-left.png");
echo "</fieldset>\n";
echo "</form>\n";
echo "</div>\n";
}
// PHASE 2: Output the results, if called with parameters:
if ($phase == 2) {
if ($nmatch == 0 && !$cli_mode && $output_format == OUTPUT_HTML) {
if ($ajax) {
echo json_encode($json_data);
} else {
echo "<p class=\"report_entries\">" . get_vocab("nothing_found") . "</p>\n";
}
sql_free($res);
} elseif ($combination_not_supported) {
echo "<p>" . get_vocab("combination_not_supported") . "</p>\n";
sql_free($res);
} else {
if ($output_format == OUTPUT_ICAL) {
// We set $keep_private to FALSE here because we excluded all private
// events in the SQL query
export_icalendar($res, FALSE, $report_end);
exit;
}
if ($output_format == OUTPUT_HTML && !$ajax) {
echo "<p class=\"report_entries\"><span id=\"n_entries\">" . $nmatch . "</span> " . ($nmatch == 1 ? get_vocab("entry_found") : get_vocab("entries_found")) . "</p>\n";
}
// Report
if ($output == REPORT) {
open_report();
report_header();
$body_rows = array();
function inscrire_visiteur_candidatures_fraap($statut, $mail_complet, $nom, $prenom, $activite, $pass, $options = array())
{
if (!is_array($options)) {
$options = array('id' => $options);
}
include_spip('action/inscrire_auteur');
if (function_exists('test_inscription')) {
$f = 'test_inscription';
} else {
$f = 'test_inscription_dist';
}
$desc = $f($statut, $mail_complet, $nom, $options);
if (!is_array($desc)) {
return _T($desc);
}
// ajouter les arguments restants
$desc['prenom'] = $prenom;
$desc['activite'] = $activite;
$desc['pass'] = $pass;
include_spip('base/abstract_sql');
$res = sql_select("statut, id_auteur, login, email", "spip_auteurs", "email=" . sql_quote($desc['email']));
// erreur ?
if (!$res) {
return _T('titre_probleme_technique');
}
$row = sql_fetch($res);
sql_free($res);
if ($row) {
if (isset($options['force_nouveau']) and $options['force_nouveau'] == true) {
$desc['id_auteur'] = $row['id_auteur'];
$desc = inscription_nouveau($desc);
} else {
$desc = $row;
}
} else {
// s'il n'existe pas deja, creer les identifiants
$desc = inscription_nouveau($desc);
}
if (!is_array($desc)) {
return $desc;
}
// le mot de passe a été saisi par le visiteur,
// donc on ne fait rien ici
// generer le mot de passe (ou le refaire si compte inutilise)
// $desc['pass'] = creer_pass_pour_auteur($desc['id_auteur']);
// attribuer un jeton pour confirmation par clic sur un lien
$desc['jeton'] = auteur_attribuer_jeton($desc['id_auteur']);
// ajouter la zone restreinte stages
sql_insertq("spip_zones_liens", array('id_zone' => '1', "id_objet" => $desc['id_auteur'], "objet" => "auteur"));
// charger de suite cette fonction, pour ses utilitaires
$envoyer_inscription = charger_fonction("envoyer_inscription_fraap_candidatures", "action");
list($sujet, $msg, $from, $head) = $envoyer_inscription($desc, $nom, $prenom, $statut, $options);
$notifications = charger_fonction('notifications', 'inc');
notifications_envoyer_mails($mail_complet, $msg, $sujet, $from, $head);
// Notifications
$notifications('inscription', $desc['id_auteur'], array('nom' => $desc['nom'], 'email' => $desc['email']));
return $desc;
}
function putTagList($title, $order)
{
?>
<div style="margin-left : 2em;">
<?php
echo $title;
?>
:
</div>
<ul style="margin : 0.3em 1.2em; padding : 0; padding-left : 2em;">
<?php
sql_order($order);
sql_where(array("hftCount>" => 0));
$tagResult = sql_rowset("helpdeskFAQTags");
while ($tagData = sql_next($tagResult)) {
$url = url("helpdesk/faq/tag", array("tag" => $tagData["hftName"]));
?>
<li><a href="<?php
echo $url;
?>
"><?php
echo $tagData["hftName"];
?>
</a> (<?php
echo $tagData["hftCount"];
?>
)</li><?php
}
sql_free($tagResult);
?>
</ul>
<?php
}
function sql_version()
{
$r = sql_query("select version()");
$v = sql_row($r, 0);
sql_free($r);
return "MySQL {$v['0']}";
}
/**
* Pour eviter le recours a un verrou (qui bloque l'acces a la base),
* on commence par inserer systematiquement la signature
* puis on demande toutes celles ayant la propriete devant etre unique
* (mail ou site). S'il y en a plus qu'une on les retire sauf la premiere
* En cas d'acces concurrents il y aura des requetes de retraits d'elements
* deja detruits. Bizarre ? C'est mieux que de bloquer!
*
* http://doc.spip.org/@signature_entrop
*
* @param string $where
* @return array
*/
function signature_entrop($where)
{
$entrop = array();
$where .= " AND statut='publie'";
$res = sql_select('id_signature', 'spip_signatures', $where, '', "date_time desc");
$n = sql_count($res);
if ($n > 1) {
while ($r = sql_fetch($res)) {
$entrop[] = $r['id_signature'];
}
// garder la premiere signature
array_shift($entrop);
}
sql_free($res);
if (count($entrop)) {
sql_delete('spip_signatures', sql_in('id_signature', $entrop));
}
return $entrop;
}
function convert_table_utf8($f, $table, $champ)
{
echo "<br /><b>$table</b> ";
$s = spip_query("SELECT * FROM $table WHERE $champ LIKE '<CONVERT %'");
// recuperer 'id_article' (encore un truc a faire dans table_objet)
preg_match(',^spip_(.*?)s?$,', $table, $r);
$id_champ = 'id_'.$r[1];
if ($table == 'spip_petitions') $id_champ = 'id_article';
if ($table == 'spip_groupes_mots') $id_champ = 'id_groupe';
// lire les donnees dans un array
while ($t = sql_fetch($s)) {
$query = array();
$query_no_convert = '';
$query_extra = '';
$charset_source='AUTO';
foreach ($t as $c => $v) {
if ($c == $champ) {
preg_match(',^<CONVERT (.*?)>,', $v, $reg);
$v = substr($v, strlen($reg[0]));
$charset_source = $reg[1];
$query[] = "$c=" . sql_quote($v);
} else {
if (!is_numeric($v)
AND !is_ascii($v)) {
// traitement special car donnees serializees
if ($c == 'extra') {
$query_no_convert .= ", $c=".sql_quote($v);
$query_extra = convert_extra($v, $charset_source);
} else
$query[] = "$c=" . sql_quote($v);
} else
# pour le backup
$query_no_convert .= ", $c=".sql_quote($v);
}
}
$set = join(', ', $query);
$where = "$id_champ = ".$t[$id_champ];
// On l'enregistre telle quelle sur le fichier de sauvegarde
if ($f) fwrite($f,
"UPDATE $table SET $set$query_no_convert"
." WHERE $where;\n"
);
// Mais on la transcode
// en evitant une double conversion
if ($charset_source != 'utf-8') {
$query = "UPDATE $table SET "
. unicode_to_utf_8(charset2unicode($set, $charset_source))
. $query_extra
. " WHERE $where AND $champ LIKE '<CONVERT %'";
#echo $query;
spip_query($query);
echo '. '; flush();
}
}
sql_free($s);
}
/**
* Function used to validate signup form
*/
function signup_user($array = NULL, $send_signup_email = true)
{
global $LANG, $db, $userquery;
if ($array == NULL) {
$array = $_POST;
}
if (is_array($_FILES)) {
$array = array_merge($array, $_FILES);
}
$this->validate_form_fields($array);
//checking terms and policy agreement
if ($array['agree'] != 'yes' && !has_access('admin_access', true)) {
e(lang('usr_ament_err'));
}
if (!verify_captcha()) {
e(lang('usr_ccode_err'));
}
if (!error()) {
$signup_fields = $this->load_signup_fields($array);
//Adding Custom Signup Fields
if (count($this->custom_signup_fields) > 0) {
$signup_fields = array_merge($signup_fields, $this->custom_signup_fields);
}
foreach ($signup_fields as $field) {
$name = formObj::rmBrackets($field['name']);
$val = $array[$name];
if ($field['use_func_val']) {
$val = $field['validate_function']($val);
}
//Overrides use_func_val
if ($field['value_function'] && function_exists($field['value_function'])) {
$val = $field['value_function']($val);
}
if (!empty($field['db_field'])) {
$query_field[] = $field['db_field'];
}
if (is_array($val)) {
$new_val = '';
foreach ($val as $v) {
$new_val .= "#" . $v . "# ";
}
$val = $new_val;
}
if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) {
$val = mysql_clean($val);
} else {
$val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val));
}
if (!empty($field['db_field'])) {
$query_val[] = $val;
}
}
// Setting Verification type
if (EMAIL_VERIFICATION == '1') {
$status = 'unverified';
$welcome_email = 'no';
} else {
$status = 'verified';
$welcome_email = 'yes';
}
if (config('user_moderation') == 'yes') {
$active = 'no';
} else {
$active = 'yes';
}
if (has_access('admin_access', true)) {
if ($array['status'] == 'verified') {
$status = 'verified';
$welcome_email = 'yes';
} else {
$status = 'unverified';
$welcome_email = 'no';
}
if ($array['active'] == 'yes') {
$active = 'yes';
} else {
$active = 'yes';
}
$query_field[] = "level";
$query_val[] = $array['level'];
}
$query_field[] = "status";
$query_val[] = $status;
$query_field[] = "active";
$query_val[] = $active;
$query_field[] = "\twelcome_email_sent";
$query_val[] = $welcome_email;
//Creating AV Code
$avcode = RandomString(10);
$query_field[] = "avcode";
$query_val[] = $avcode;
//Signup IP
$signup_ip = $_SERVER['REMOTE_ADDR'];
$query_field[] = "signup_ip";
$query_val[] = $signup_ip;
//Date Joined
$now = NOW();
$query_field[] = "doj";
$query_val[] = $now;
/**
* A VERY IMPORTANT PART OF
* OUR SIGNUP SYSTEM IS
* SESSION KEY AND CODE
* WHEN A USER IS LOGGED IN
* IT IS ONLY VALIDATED BY
* ITS SIGNUP KEY AND CODE
*
*/
$sess_key = $this->create_session_key($_COOKIE['PHPSESSID'], $array['password']);
$sess_code = $this->create_session_code();
$query_field[] = "user_session_key";
$query_val[] = $sess_key;
$query_field[] = "user_session_code";
$query_val[] = $sess_code;
$query = "INSERT INTO " . tbl("users") . " (";
$total_fields = count($query_field);
//Adding Fields to query
$i = 0;
foreach ($query_field as $qfield) {
$i++;
$query .= $qfield;
if ($i < $total_fields) {
$query .= ',';
}
}
$query .= ") VALUES (";
$i = 0;
//Adding Fields Values to query
foreach ($query_val as $qval) {
$i++;
$query .= "'{$qval}'";
if ($i < $total_fields) {
$query .= ',';
}
}
//Finalzing Query
$query .= ")";
$db->Execute($query);
$insert_id = $db->insert_id();
$db->insert(tbl($userquery->dbtbl['user_profile']), array("userid"), array($insert_id));
if (!has_access('admin_access', true) && EMAIL_VERIFICATION && $send_signup_email) {
global $cbemail;
$tpl = $cbemail->get_template('email_verify_template');
$more_var = array('{username}' => post('username'), '{password}' => post('password'), '{email}' => post('email'), '{avcode}' => $avcode);
if (!is_array($var)) {
$var = array();
}
$var = array_merge($more_var, $var);
$subj = $cbemail->replace($tpl['email_template_subject'], $var);
$msg = nl2br($cbemail->replace($tpl['email_template'], $var));
//Now Finally Sending Email
//cbmail(array('to'=>post('email'),'from'=>WEBSITE_EMAIL,'subject'=>$subj,'content'=>$msg));
} elseif (!has_access('admin_access', true) && $send_signup_email) {
//$this->send_welcome_email($insert_id);
}
$log_array = array('username' => $array['username'], 'userid' => $insert_id, 'userlevel' => $array['level'], 'useremail' => $array['email'], 'success' => 'yes', 'details' => sprintf("%s signed up", $array['username']));
//Login Signup
insert_log('signup', $log_array);
//Adding User has Signup Feed
addFeed(array('action' => 'signup', 'object_id' => $insert_id, 'object' => 'signup', 'uid' => $insert_id));
return $insert_id;
}
return false;
}
function sql_version()
{
$r = sql_query("select version()");
$v = sql_row($r, 0);
sql_free($r);
return $v[0];
}
/**
* Update Photo
*/
function update_photo($array = NULL)
{
global $db;
if ($array == NULL) {
$array = $_POST;
}
$this->validate_form_fields($array);
$pid = $array['photo_id'];
$cid = $this->get_photo_field($pid, 'collection_id');
if (!error()) {
$reqFields = $this->load_required_forms($array);
$otherFields = $this->load_other_forms($array);
$fields = array_merge($reqFields, $otherFields);
foreach ($fields as $field) {
$name = formObj::rmBrackets($field['name']);
$val = $array[$name];
if ($field['use_func_val']) {
$val = $field['validate_function']($val);
}
if (!empty($field['db_field'])) {
$query_field[] = $field['db_field'];
}
if (is_array($val)) {
$new_val = '';
foreach ($val as $v) {
$new_val .= "#" . $v . "# ";
}
$val = $new_val;
}
if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) {
$val = $val;
} else {
$val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val));
}
if (!empty($field['db_field'])) {
$query_val[] = $val;
}
}
if (has_access('admin_access', TRUE)) {
if (isset($array['views'])) {
$query_field[] = 'views';
$query_val[] = $array['views'];
}
if (isset($array['total_comments'])) {
$query_field[] = "total_comments";
$query_val[] = $array['total_comments'];
}
if (isset($array['total_favorites'])) {
$query_field[] = "total_favorites";
$query_val[] = $array['total_favorites'];
}
if (isset($array['downloaded'])) {
$query_field[] = "downloaded";
$query_val[] = $array['downloaded'];
}
if (isset($array['voters'])) {
$query_field[] = "voters";
$query_val[] = $array['voters'];
}
}
if (!error()) {
if (!userid()) {
e(lang("you_not_logged_in"));
} elseif (!$this->photo_exists($pid)) {
e(lang("photo_not_exists"));
} elseif ($this->get_photo_owner($pid) != userid() && !has_access('admin_access', TRUE)) {
e(lang("cant_edit_photo"));
} else {
if ($cid != $array['collection_id']) {
$this->collection->change_collection($array['collection_id'], $pid, $cid);
}
$db->update(tbl('photos'), $query_field, $query_val, " photo_id='{$pid}'");
e(lang("photo_updated_successfully"), "m");
}
}
}
}
/**
* Function used add new topic in group
* @param ARRAY details
*/
function add_topic($array, $redirect_to_topic = false)
{
global $db;
if ($array == NULL) {
$array = $_POST;
}
if (is_array($_FILES)) {
$array = array_merge($array, $_FILES);
}
$fields = $this->load_add_topic_form_fields($array);
validate_cb_form($fields, $array);
$user = userid();
if (!error()) {
foreach ($fields as $field) {
$name = formObj::rmBrackets($field['name']);
$val = $array[$name];
if ($field['use_func_val']) {
$val = $field['validate_function']($val);
}
if (!empty($field['db_field'])) {
$query_field[] = $field['db_field'];
}
if (is_array($val)) {
$new_val = '';
foreach ($val as $v) {
$new_val .= "#" . $v . "# ";
}
$val = $new_val;
}
if (!$field['clean_func'] || !apply_func($field['clean_func'], $val) && !is_array($field['clean_func'])) {
$val = $val;
} else {
$val = apply_func($field['clean_func'], sql_free($val));
}
if (empty($val) && !empty($field['default_value'])) {
$val = $field['default_value'];
}
if (!empty($field['db_field'])) {
$query_val[] = $val;
}
}
}
$gp_details = $this->get_group_details($array['group_id']);
//Checking for weather user is allowed to post topics or not
$this->validate_posting_previlige($gp_details);
if (!error()) {
//Adding Topic icon
$query_field[] = "topic_icon";
$query_val[] = $array['topic_icon'];
//UID
$query_field[] = "userid";
$query_val[] = $user;
//DATE ADDED
$query_field[] = "date_added";
$query_val[] = now();
$query_field[] = "last_post_time";
$query_val[] = now();
//GID
$query_field[] = "group_id";
$query_val[] = $array['group_id'];
//Checking If posting requires approval or not
$query_field[] = "approved";
if ($gp_details['post_type'] == 1) {
$query_val[] = "no";
} else {
$query_val[] = "yes";
}
//Inserting IN Database now
$db->insert(tbl($this->gp_topic_tbl), $query_field, $query_val);
$insert_id = $db->insert_id();
//Increasing Group Topic Counts
$count_topics = $this->count_group_topics($array['group_id']);
$db->update(tbl($this->gp_tbl), array("total_topics"), array($count_topics), " group_id='" . $array['group_id'] . "'");
//leaving msg
e(lang("grp_tpc_msg"), "m");
//Redirecting to topic
if ($redirect_to_topic) {
$grp_details = $this->get_details($insert_id);
redirect_to(group_link($grp_details));
}
return $insert_id;
}
}
/**
* Function used to update playlist details
*/
function edit_playlist($array = null)
{
global $db;
if (is_null($array)) {
$array = $_POST;
}
$name = mysql_clean($array['name']);
$pdetails = $this->get_playlist($array['pid'] ? $array['pid'] : $array['list_id']);
if (!$pdetails) {
e(lang("playlist_not_exist"));
} elseif (!userid()) {
e(lang("you_not_logged_in"));
} elseif ($this->playlist_exists($name, userid(), $this->type)) {
e(sprintf(lang("play_list_with_this_name_arlready_exists"), $name));
} else {
$upload_fields = $this->load_playlist_fields($array);
$fields = array();
foreach ($upload_fields as $group) {
$fields = array_merge($fields, $group['fields']);
}
validate_cb_form($fields, $array);
if (!error()) {
foreach ($fields as $field) {
$name = formObj::rmBrackets($field['name']);
$val = $array[$name];
if ($field['use_func_val']) {
$val = $field['validate_function']($val);
}
if (is_array($val)) {
$new_val = '';
foreach ($val as $v) {
$new_val .= "#" . $v . "# ";
}
$val = $new_val;
}
if (!$field['clean_func'] || !function_exists($field['clean_func']) && !is_array($field['clean_func'])) {
$val = $val;
} else {
$val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val));
}
if (!empty($field['db_field'])) {
$query_values[$name] = $val;
}
}
if (has_access('admin_access')) {
if (isset($array['played']) and !empty($array['played'])) {
$query_values['played'] = $array['played'];
}
}
$query_values['last_update'] = NOW();
$db->update(tbl('playlists'), array_keys($query_values), array_values($query_values), " playlist_id = '" . $pdetails['playlist_id'] . "' ");
$array['playlist_id'] = $array['pid'] ? $array['pid'] : $array['list_id'];
cb_do_action('update_playlist', array('object_id' => $array['pid'] ? $array['pid'] : $array['list_id'], 'results' => $array));
}
/*$db->update(tbl($this->playlist_tbl),array("playlist_name"),
array($name)," playlist_id='".$params['pid']."'");*/
e(lang("play_list_updated"), "m");
}
}
/**
* Synchroniser les fichiers htpasswd
*
* @param int $id_auteur
* @param array $champs
* @param array $options
* all=>true permet de demander la regeneration complete des acces apres operation en base (import, upgrade)
* @param string $serveur
* @return void
*/
function auth_spip_synchroniser_distant($id_auteur, $champs, $options = array(), $serveur = '')
{
// ne rien faire pour une base distante : on ne sait pas regenerer les htaccess
if (strlen($serveur)) {
return;
}
// si un login, pass ou statut a ete modifie
// regenerer les fichier htpass
if (isset($champs['login']) or isset($champs['pass']) or isset($champs['statut']) or isset($options['all']) and $options['all']) {
$htaccess = _DIR_RESTREINT . _ACCESS_FILE_NAME;
$htpasswd = _DIR_TMP . _AUTH_USER_FILE;
// Cette variable de configuration peut etre posee par un plugin
// par exemple acces_restreint ;
// si .htaccess existe, outrepasser spip_meta
if ($GLOBALS['meta']['creer_htpasswd'] != 'oui' and !@file_exists($htaccess)) {
spip_unlink($htpasswd);
spip_unlink($htpasswd . "-admin");
return;
}
# remarque : ici on laisse passer les "nouveau" de maniere a leur permettre
# de devenir redacteur le cas echeant (auth http)... a nettoyer
// attention, il faut au prealable se connecter a la base (necessaire car utilise par install)
$p1 = '';
// login:htpass pour tous
$p2 = '';
// login:htpass pour les admins
$s = sql_select("login, htpass, statut", "spip_auteurs", sql_in("statut", array('1comite', '0minirezo', 'nouveau')));
while ($t = sql_fetch($s)) {
if (strlen($t['login']) and strlen($t['htpass'])) {
$p1 .= $t['login'] . ':' . $t['htpass'] . "\n";
if ($t['statut'] == '0minirezo') {
$p2 .= $t['login'] . ':' . $t['htpass'] . "\n";
}
}
}
sql_free($s);
if ($p1) {
ecrire_fichier($htpasswd, $p1);
ecrire_fichier($htpasswd . '-admin', $p2);
spip_log("Ecriture de {$htpasswd} et {$htpasswd}-admin");
}
}
}
function submit_upload($array = NULL)
{
global $eh, $Cbucket, $db, $userquery;
if (!$array) {
$array = $_POST;
}
$this->validate_video_upload_form($array, TRUE);
if (empty($eh->error_list)) {
$required_fields = $this->loadRequiredFields($array);
$location_fields = $this->loadLocationFields($array);
$option_fields = $this->loadOptionFields($array);
$upload_fields = array_merge($required_fields, $location_fields, $option_fields);
//Adding Custom Upload Fields
if (count($this->custom_upload_fields) > 0) {
$upload_fields = array_merge($upload_fields, $this->custom_upload_fields);
}
//Adding Custom Form Fields
if (count($this->custom_form_fields) > 0) {
$upload_fields = array_merge($upload_fields, $this->custom_form_fields);
}
$userid = userid();
if (!userid() && has_access('allow_video_upload', true, false)) {
$userid = $userquery->get_anonymous_user();
//$userid = $user['userid'];
} elseif (userid() && !has_access('allow_video_upload', true, true)) {
return false;
}
if (is_array($_FILES)) {
$array = array_merge($array, $_FILES);
}
foreach ($upload_fields as $field) {
$name = formObj::rmBrackets($field['name']);
$val = $array[$name];
if ($field['use_func_val']) {
$val = $field['validate_function']($val);
}
if (!empty($field['db_field'])) {
$query_field[] = $field['db_field'];
}
if (is_array($val)) {
$new_val = '';
foreach ($val as $v) {
$new_val .= "#" . $v . "# ";
}
$val = $new_val;
}
if (!$field['clean_func'] || !apply_func($field['clean_func'], $val) && !is_array($field['clean_func'])) {
$val = mysql_clean($val);
} else {
$val = apply_func($field['clean_func'], sql_free($val));
}
if (empty($val) && !empty($field['default_value'])) {
$val = $field['default_value'];
}
if (!empty($field['db_field'])) {
$query_val[] = $val;
}
}
//Adding Video Code
$query_field[] = "file_name";
$file_name = mysql_clean($array['file_name']);
$query_val[] = $file_name;
//ADding Video Key
$query_field[] = "videokey";
$query_val[] = $this->video_keygen();
//Userid
$query_field[] = "userid";
if (!$array['userid']) {
$query_val[] = $userid;
} else {
$query_val[] = $array['userid'];
}
//Upload Ip
$query_field[] = "uploader_ip";
$query_val[] = $_SERVER['REMOTE_ADDR'];
$activation = ACTIVATION;
//Setting Activation Option
if ($activation == 0) {
$active = 'yes';
} else {
$active = 'no';
}
$query_field[] = "active";
$query_val[] = $active;
$query_field[] = "date_added";
$query_val[] = now();
$query_field[] = 'file_directory';
$query_val[] = $array['file_directory'];
/*$query = "INSERT INTO " . tbl("video") . " (";
$total_fields = count($query_field);
//Adding Fields to query
$i = 0;
foreach ($query_field as $qfield) {
$i++;
$query .= $qfield;
if ($i < $total_fields)
$query .= ',';
}
$query .= ") VALUES (";
$i = 0;
//Adding Fields Values to query
foreach ($query_val as $qval) {
$i++;
$query .= "'$qval'";
if ($i < $total_fields)
$query .= ',';
}
//Finalzing Query
$query .= ")";
*/
$the_fields = array();
$total_fields = count($query_field);
for ($i = 0; $i < $total_fields; $i++) {
$the_fields[$query_field[$i]] = $query_val[$i];
}
//exit($query);
if (!userid() && !has_access('allow_video_upload', false, false)) {
e(lang("you_not_logged_in"));
//exit();
} else {
$insert_id = file_name_exists($file_name);
if (!$insert_id) {
//$db->Execute($query);
$insert_id = db_insert(tbl('video'), $the_fields);
//loggin Upload
$log_array = array('success' => 'yes', 'action_obj_id' => $insert_id, 'userid' => $userid, 'details' => "uploaded a video");
insert_log('upload_video', $log_array);
$db->update(tbl("users"), array("total_videos"), array("|f|total_videos+1"), " userid='" . $userid . "'");
}
}
}
//Adding Video Feed
//addFeed(array('action' => 'upload_video', 'object_id' => $insert_id, 'object' => 'video'));
return $insert_id;
}
echo $objData["objid"];
?>
" />
<a target="_blank" href="<?php
echo url("view/" . $objData["objid"]);
?>
">
<?php
echo $objData["objTitle"];
?>
</a>
</div>
<?php
}
}
sql_free($result);
?>
<div class="sep">
<u>Note</u>: you can only purge trash that has been in the trashcan for <b>at least 30 days</b>.
</div>
<div class="sep">
Purging removes all related files from the server and all the comments attached to submissions.
</div>
<?php
if ($showForm) {
?>
<div class="sep">
<b>This cannot be undone!</b>
</div>
<div class="sep">
<input type="submit" class="submit" name="submit" value="Purge" />
function ecrire_meta($nom, $valeur, $importable = NULL, $table = 'meta')
{
static $touch = array();
if (!$nom) {
return;
}
include_spip('base/abstract_sql');
$res = sql_select("*", 'spip_' . $table, "nom=" . sql_quote($nom), '', '', '', '', '', 'continue');
// table pas encore installee, travailler en php seulement
if (!$res) {
$GLOBALS[$table][$nom] = $valeur;
return;
}
$row = sql_fetch($res);
sql_free($res);
// ne pas invalider le cache si affectation a l'identique
// (tant pis si impt aurait du changer)
if ($row and $valeur == $row['valeur'] and $GLOBALS[$table][$nom] == $valeur) {
return;
}
$GLOBALS[$table][$nom] = $valeur;
// cf effacer pour comprendre le double touch
$antidate = time() - (_META_CACHE_TIME << 1);
if (!isset($touch[$table])) {
touch_meta($antidate, $table);
}
$r = array('nom' => $nom, 'valeur' => $valeur);
// Gaffe aux tables sans impt (vieilles versions de SPIP notamment)
if ($importable and isset($row['impt'])) {
$r['impt'] = $importable;
}
if ($row) {
sql_updateq('spip_' . $table, $r, "nom=" . sql_quote($nom));
} else {
sql_insertq('spip_' . $table, $r);
}
if (!isset($touch[$table])) {
touch_meta($antidate, $table);
$touch[$table] = false;
}
}
/**
* Implementation securisee du saut en avant
* pour la balise #SAUTER
*
* @param resource $res
* @param int $pos
* @param int $nb
* @param int $total
*/
function spip_bonux_sauter(&$res, &$pos, $nb, $total){
// pas de saut en arriere qu'on ne sait pas faire sans sql_seek
if (($nb=intval($nb))<=0) return;
$saut = $pos + $nb;
// si le saut fait depasser le maxi, on libere et on sort
if ($saut>=$total) {sql_free($res); return;}
if (sql_seek($res, $saut))
$pos += $nb;
else
while ($pos<$saut AND sql_fetch($res))
$pos++;
return;
}
/**
* Function used to update video
*/
function update_video($array = NULL)
{
global $eh, $Cbucket, $db, $Upload;
$Upload->validate_video_upload_form(NULL, TRUE);
if (empty($eh->error_list)) {
$required_fields = $Upload->loadRequiredFields($array);
$location_fields = $Upload->loadLocationFields($array);
$option_fields = $Upload->loadOptionFields($array);
$upload_fields = array_merge($required_fields, $location_fields, $option_fields);
//Adding Custom Upload Fields
if (count($Upload->custom_upload_fields) > 0) {
$upload_fields = array_merge($upload_fields, $Upload->custom_upload_fields);
}
//Adding Custom Form Fields
if (count($Upload->custom_form_fields) > 0) {
$upload_fields = array_merge($upload_fields, $Upload->custom_form_fields);
}
//Adding custom fields from group
if (count($Upload->custom_form_fields_groups) > 0) {
$custom_fields_from_group_fields = array();
$custom_fields_from_group = $Upload->custom_form_fields_groups;
foreach ($custom_fields_from_group as $cffg) {
$custom_fields_from_group_fields = array_merge($custom_fields_from_group_fields, $cffg['fields']);
}
$upload_fields = array_merge($upload_fields, $custom_fields_from_group_fields);
}
if (!$array) {
$array = $_POST;
}
$vid = $array['videoid'];
$the_video = get_video_details($vid);
if (is_array($_FILES)) {
$array = array_merge($array, $_FILES);
}
foreach ($upload_fields as $field) {
$name = formObj::rmBrackets($field['name']);
$val = $array[$name];
if (empty($val) && $field['use_if_value']) {
} else {
if ($field['use_func_val']) {
$val = $field['validate_function']($val);
}
if (!empty($field['db_field'])) {
$query_field[] = $field['db_field'];
}
if (is_array($val)) {
$new_val = '';
foreach ($val as $v) {
$new_val .= "#" . $v . "# ";
}
$val = $new_val;
}
if (!$field['clean_func'] || !apply_func($field['clean_func'], $val) && !is_array($field['clean_func'])) {
$val = $val;
} else {
$val = apply_func($field['clean_func'], sql_free('|no_mc|' . $val));
}
if (!empty($field['db_field'])) {
$query_val[] = $val;
}
}
}
#$query = "INSERT INTO video (";
$total_fields = count($query_field);
/* for($key=0;$key<$total_fields;$key++)
{
$query .= query_field[$key]." = '".$query_val[$key]."'" ;
if($key<$total_fields-1)
$query .= ',';
} */
if (has_access('admin_access', TRUE)) {
if (!empty($array['status'])) {
$query_field[] = 'status';
$query_val[] = $array['status'];
}
if (!empty($array['duration']) && is_numeric($array['duration']) && $array['duration'] > 0) {
$query_field[] = 'duration';
$query_val[] = $array['duration'];
}
if (!empty($array['views'])) {
$query_field[] = 'views';
$query_val[] = $array['views'];
}
if (!empty($array['rating'])) {
$query_field[] = 'rating';
$rating = $array['rating'];
if (!is_numeric($rating) || $rating < 0 || $rating > 10) {
$rating = 1;
}
$query_val[] = $rating;
}
if (!empty($array['rated_by'])) {
$query_field[] = 'rated_by';
$query_val[] = $array['rated_by'];
}
}
if (!userid()) {
e(lang("you_dont_have_permission_to_update_this_video"));
} elseif (!$this->video_exists($vid)) {
e(lang("class_vdo_del_err"));
} elseif (!$this->is_video_owner($vid, userid()) && !has_access('admin_access', TRUE)) {
e(lang("no_edit_video"));
} else {
//pr($upload_fields);
//Updating Slug
if (config('auto_update_slug') != 'no' || !$the_video['slug']) {
if ($the_video['title'] != $array['title']) {
$slug = slug($array['title']);
if ($the_video['slug'] != $slug) {
$db->update(tbl('slugs'), array('in_use'), array('no'), "object_id='{$vid}' AND object_type='v' ");
$slug_arr = add_slug($slug, $vid, 'v');
$query_field[] = 'slug_id';
$query_val[] = $slug_arr['id'];
}
}
}
$db->update(tbl('video'), $query_field, $query_val, " videoid='{$vid}'");
call_actions('update_video', array('videoid' => $vid, 'data' => $array));
//echo $db->db_query;
e(lang("class_vdo_update_msg"), 'm');
}
}
}
/**
* Implémentation sécurisée du saut en avant.
*
* Ne dépend pas de la disponibilité de la fonction `sql_seek()`.
* Ne fait rien pour une valeur négative ou nulle de `$saut`.
* Retourne la position après le saut
*
* @see sql_seek()
*
* @param resource $res
* Ressource issue d'une selection sql_select
* @param int $pos
* position courante
* @param int $saut
* saut demande
* @param int $count
* position maximale
* (nombre de resultat de la requete OU position qu'on ne veut pas depasser)
* @param string $serveur
* Nom du connecteur
* @param bool|string $option
* Peut avoir 2 valeurs :
* - true -> executer la requete
* - continue -> ne pas echouer en cas de serveur sql indisponible
*
* @return int
* Position apres le saut.
*/
function sql_skip($res, $pos, $saut, $count, $serveur = '', $option = true)
{
// pas de saut en arriere qu'on ne sait pas faire sans sql_seek
if (($saut = intval($saut)) <= 0) {
return $pos;
}
$seek = $pos + $saut;
// si le saut fait depasser le maxi, on libere la resource
// et on sort
if ($seek >= $count) {
sql_free($res, $serveur, $option);
return $count;
}
if (sql_seek($res, $seek)) {
$pos = $seek;
} else {
while ($pos < $seek and sql_fetch($res, $serveur, $option)) {
$pos++;
}
}
return $pos;
}
/**
* liberer les ressources
*
* @return bool
*/
public function free()
{
if (!$this->sqlresult) {
return true;
}
$a = sql_free($this->sqlresult, $this->command['connect']);
$this->sqlresult = null;
return $a;
}
<?
// print htmlspecialchars("SELECT a.id_pool, a.assessment, a.inconsistant, count(*) n, sum(if(in_pool='Y' and assessment='U',1,0)) pt, sum(if(in_pool='Y' and assessment<>'U',1,0)) pd FROM $db_assessments a, $db_pools p where p.state='$view_state' AND p.id_pool = a.id_pool GROUP BY id_pool, assessment, inconsistant");
$qh_pools = sql_query("SELECT id_pool FROM $db_pools WHERE state='$view_state' ");
while ($pool = sql_fetch_array($qh_pools)) {
$qh = sql_query("SELECT id_pool, assessment, inconsistant, count(*) n, sum(if(in_pool='Y' and assessment='U',1,0)) pt, sum(if(in_pool='Y' and assessment<>'U',1,0)) pd FROM $db_assessments where id_pool = $pool[id_pool] GROUP BY id_pool, assessment, inconsistant");
while ($row = sql_fetch_array($qh)) {
$a = ($row["inconsistant"] == 'Y' ? 'I' : $row["assessment"]);
$pools[$pool["id_pool"]][$a] += $row["n"];
$pools[$pool["id_pool"]]["total"] += $row["n"];
$pools[$pool["id_pool"]]["pd"] += $row["pd"];
$pools[$pool["id_pool"]]["pt"] += $row["pt"];
}
sql_free($qh);
}
sql_free($qh_pools);
$qh = sql_query("SELECT * FROM $db_pools where state='$view_state' order by id_pool");
?>
<script language="javascript">
function get_element(id) {
var e = document.getElementById(id);
if (!e) { alert("Element with id " + id + " can't be found"); return; }
return e;
}
function hidepanel(id) {
get_element(id).style.visibility = "hidden";
}
function show(id) {
include_once "include/xrai.inc";
make_header("Home");
print "<h1>Choose a pool</h1>";
$qh = do_query("select * from {$db_pools} " . ($is_root ? "" : " where login='******' ") . " order by id_pool");
print "<ul>";
while ($row = mysql_fetch_array($qh)) {
$name = "Pool for topic {$row['id_topic']}" . ($is_root ? " ({$row['login']})" : "");
print "<li><a href='pool.php?id_pool={$row['id_pool']}'>{$name}</a></li>";
}
print "</ul>";
mysql_free_result($qh);
?>
<h1>Browse the collections</h1>
<?php
$ch = sql_query("SELECT id, title from collections order by id");
while ($row = sql_fetch_array($ch)) {
print "<div>";
print " <a id='{$row['id']}' href=\"collections/{$row['id']}\">" . htmlspecialchars($row["title"]) . "</a>";
print "</div>";
}
sql_free($ch);
?>
</body>
</html>
