private function create_n_populate_tables()
{
$sql = null;
$result = null;
// Create states table
$sql = "CREATE TABLE states (STATE varchar(36), CODE varchar(2))";
$result = sql_result($sql);
echo "\"states\" table is created...<br />";
// Populate states table
$sql = "LOAD DATA\n LOCAL INFILE 'database/states.csv'\n INTO TABLE states\n FIELDS TERMINATED BY \",\" OPTIONALLY ENCLOSED BY '\"'\n LINES TERMINATED BY '\r\n'\n IGNORE 1 LINES";
$result = sql_result($sql);
echo "\"states\" table is populated...<br />";
// Create country table
$sql = "CREATE TABLE country (CODE varchar(3), NAME varchar(25))";
$result = sql_result($sql);
echo "\"country\" table is created...<br />";
// Populate country table
$sql = "LOAD DATA\n LOCAL INFILE 'database/country.csv'\n INTO TABLE country\n FIELDS TERMINATED BY \",\" OPTIONALLY ENCLOSED BY '\"'\n LINES TERMINATED BY '\r\n'\n IGNORE 1 LINES";
$result = sql_result($sql);
echo "\"country\" table is populated...<br />";
// Create airports table
$sql = "CREATE TABLE airports (CODE varchar(3), NAME varchar(32), CITY varchar(32), STATE varchar(2), COUNTRY varchar(2), X float, Y float)";
$result = sql_result($sql);
echo "\"airports\" table is created...<br />";
// Populate airports table
$sql = "LOAD DATA\n LOCAL INFILE 'database/airports.csv'\n INTO TABLE airports\n FIELDS TERMINATED BY \",\" OPTIONALLY ENCLOSED BY '\"'\n LINES TERMINATED BY '\r\n'\n IGNORE 1 LINES";
$result = sql_result($sql);
echo "\"airports\" table is populated...<br /><br />";
}
function rr_delete()
{
global $rr_table_name, $auto_update_ptr, $rr_active_types, $allow_ixfr;
/* Load the SOA for this zone */
$soa = sql_result(soa_select() . "WHERE id=" . (int) $_POST['zone'], "SOA record for zone {$_POST['zone']}");
/* Get form vars */
$rr = rr_post_vars($soa);
if ($allow_ixfr) {
sql_query("UPDATE {$rr_table_name} SET active='" . $rr_active_types[2] . "',serial=" . (int) next_serial($soa['serial']) . " WHERE id=" . (int) $rr['id']) or ErrSQL("Error marking record deleted " . (int) $rr['id'] . " from zone " . (int) $soa['id'] . ".");
} else {
/* Delete the resource record */
sql_query("DELETE FROM {$rr_table_name} WHERE id=" . (int) $rr['id']) or ErrSQL("Error deleting record " . (int) $rr['id'] . " from zone " . (int) $soa['id'] . ".");
}
/* Update serial number for zone if configured to do so */
soa_update_serial($soa);
/* Do PTR record update if configured to do so */
if ($auto_update_ptr) {
if ($rr['type'] == "A") {
$arpazone = ptr_create_soa($rr['data'], $name);
ptr_delete_rr($arpazone, $name, $rr['name'], $soa['origin']);
}
}
zone_redirect($soa['id']);
}
$name_check = 0;
$prequery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"id\"=%i LIMIT 1", array($_POST['id']));
$preresult = sql_query($prequery, $SQLStat);
$prenum = sql_num_rows($preresult);
if ($prenum == 0) {
redirect("location", $rbasedir . url_maker($exfile['admin'], $Settings['file_ext'], "act=view", $Settings['qstr'], $Settings['qsep'], $prexqstr['admin'], $exqstr['admin'], false));
sql_free_result($preresult);
ob_clean();
header("Content-Type: text/plain; charset=" . $Settings['charset']);
$urlstatus = 302;
gzip_page($Settings['use_gzip'], $GZipEncode['Type']);
session_write_close();
die;
}
if ($prenum >= 1) {
$OldGroupName = sql_result($preresult, 0, "Name");
sql_free_result($preresult);
if ($_POST['GroupName'] != $OldGroupName) {
$sql_name_check = sql_query(sql_pre_query("SELECT \"Name\" FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"Name\"='%s'", array($_POST['GroupName'])), $SQLStat);
$name_check = sql_num_rows($sql_name_check);
sql_free_result($sql_name_check);
}
$errorstr = "";
if (!isset($_POST['PromotePosts'])) {
$_POST['PromotePosts'] = 0;
}
if ($_POST['PromotePosts'] == null || !is_numeric($_POST['PromotePosts'])) {
$_POST['PromotePosts'] = 0;
}
if (!isset($_POST['PromoteKarma'])) {
$_POST['PromoteKarma'] = 0;
}
$bdresult = sql_query($bdquery, $SQLStat);
$bdmembers = sql_num_rows($bdresult);
$bdi = 0;
if ($bdmembers > 0) {
$bdstring = $bdmembers . " member(s) have a birthday today";
}
if ($bdmembers <= 0) {
$bdstring = "<div> </div> No members have a birthday today<div> </div>";
}
while ($bdi < $bdmembers) {
$bdmemberz = $bdmembers - 1;
$birthday['ID'] = sql_result($bdresult, $bdi, "id");
$birthday['Name'] = sql_result($bdresult, $bdi, "Name");
$birthday['IP'] = sql_result($bdresult, $bdi, "IP");
$birthday['BirthYear'] = sql_result($bdresult, $bdi, "BirthYear");
$bdThisYear = GMTimeGet("Y", $_SESSION['UserTimeZone'], 0, $_SESSION['UserDST']);
$birthday['Age'] = $bdThisYear - $birthday['BirthYear'];
$bdMemTitle = null;
if ($GroupInfo['HasAdminCP'] == "yes") {
$bdMemTitle = " title=\"" . $birthday['IP'] . "\"";
}
if ($bdi === 0) {
$bdstring = $bdstring . "\n<br /> ";
}
$bdMemURL = "<a" . $bdMemTitle . " href=\"" . url_maker($exfile['member'], $Settings['file_ext'], "act=view&id=" . $birthday['ID'], $Settings['qstr'], $Settings['qsep'], $prexqstr['member'], $exqstr['member']) . "\">" . $birthday['Name'] . "</a>";
if ($bdi < $bdmemberz) {
$bdstring = $bdstring . $bdMemURL . " (<span style=\"font-weight: bold;\">" . $birthday['Age'] . "</span>), ";
}
if ($bdi == $bdmemberz) {
$bdstring = $bdstring . $bdMemURL . " (<span style=\"font-weight: bold;\">" . $birthday['Age'] . "</span>)";
$NextDay++;
}
}
$EventsID[$EventDay] = $EventID;
++$is;
}
sql_free_result($result);
$bdquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "members\" WHERE \"BirthMonth\"=%i", array($MyMonth));
$bdresult = sql_query($bdquery, $SQLStat);
$bdnum = sql_num_rows($bdresult);
$bdi = 0;
while ($bdi < $bdnum) {
$UserNamebd = sql_result($bdresult, $bdi, "Name");
$BirthDay = sql_result($bdresult, $bdi, "BirthDay");
$BirthMonth = sql_result($bdresult, $bdi, "BirthMonth");
$BirthYear = sql_result($bdresult, $bdi, "BirthYear");
$oldusername = $UserNamebd;
$UserNamebd1 = pre_substr($UserNamebd, 0, 20);
if (pre_strlen($UserNamebd) > 20) {
$UserNamebd1 = $UserNamebd1 . "...";
}
$UserNamebd = $UserNamebd1;
if (!isset($EventsName[$BirthDay])) {
$EventsName[$BirthDay] = null;
}
if ($EventsName[$BirthDay] != null) {
$EventsName[$BirthDay] .= ", <span title=\"" . $oldusername . "'s birthday.\">" . $UserNamebd1 . "</span>";
}
if ($EventsName[$BirthDay] == null) {
$EventsName[$BirthDay] = "<span title=\"" . $oldusername . "'s birthday.\">" . $UserNamebd1 . "</span>";
}
if ($ForumType == "subforum") {
$apcquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "forums\" WHERE \"ShowForum\"='yes' AND \"InSubForum\"=%i" . $ForumIgnoreList2 . " ORDER BY \"OrderID\" ASC, \"id\" ASC", array($ForumID));
$apcresult = sql_query($apcquery, $SQLStat);
$apcnum = sql_num_rows($apcresult);
$apci = 0;
$apcl = 1;
if ($apcnum >= 1) {
while ($apci < $apcnum) {
$NumsTopics = sql_result($apcresult, $apci, "NumTopics");
$NumTopics = $NumsTopics + $NumTopics;
$NumsPosts = sql_result($apcresult, $apci, "NumPosts");
$NumPosts = $NumsPosts + $NumPosts;
$SubsForumID = sql_result($apcresult, $apci, "id");
$SubsForumName = sql_result($apcresult, $apci, "Name");
$SubsForumType = sql_result($apcresult, $apci, "ForumType");
$SubsForumShowTopics = sql_result($result, $i, "CanHaveTopics");
if (isset($PermissionInfo['CanViewForum'][$SubsForumID]) && $PermissionInfo['CanViewForum'][$SubsForumID] == "yes") {
$ExStr = "";
if ($SubsForumType != "redirect" && $SubsForumShowTopics != "no") {
$ExStr = "&page=1";
}
$shownum = null;
if ($SubsForumType == "redirect") {
$shownum = "(" . $NumRedirects . " redirects)";
}
if ($SubsForumType != "redirect") {
$shownum = "(" . $NumsPosts . " posts)";
}
$sfurl = "<a href=\"";
$sfurl = url_maker($exfile[$SubsForumType], $Settings['file_ext'], "act=lowview&id=" . $SubsForumID . $ExStr, $Settings['qstr'], $Settings['qsep'], $prexqstr[$SubsForumType], $exqstr[$SubsForumType]);
$sfurl = "<li><ul style=\"list-style-type: none;\"><li><a href=\"" . $sfurl . "\">" . $SubsForumName . "</a><span style=\"color: gray; font-size: 10px;\">" . $shownum . "</span></li></ul></li>";
$Per2Error = true;
}
$CatPermissionInfo['ID'][$PerCatID] = sql_result($per2esult, $per2i, "id");
if (!is_numeric($CatPermissionInfo['ID'][$PerCatID])) {
$Per2Error = true;
}
$CatPermissionInfo['PermissionID'][$PerCatID] = sql_result($per2esult, $per2i, "PermissionID");
if (!is_numeric($CatPermissionInfo['PermissionID'][$PerCatID])) {
$Per2Error = true;
}
$CatPermissionInfo['Name'][$PerCatID] = sql_result($per2esult, $per2i, "Name");
$CatPermissionInfo['CategoryID'][$PerCatID] = sql_result($per2esult, $per2i, "CategoryID");
if (!is_numeric($CatPermissionInfo['CategoryID'][$PerCatID])) {
$Per2Error = true;
}
$CatPermissionInfo['CanViewCategory'][$PerCatID] = sql_result($per2esult, $per2i, "CanViewCategory");
if ($CatPermissionInfo['CanViewCategory'][$PerCatID] != "yes" && $CatPermissionInfo['CanViewCategory'][$PerCatID] != "no") {
$Per2Error = true;
}
if ($CatPermissionInfo['CanViewCategory'][$PerCatID] == "no") {
if (strlen($CatIgnoreList1) > 1) {
$CatIgnoreList1 .= " AND \"id\"<>" . $PerCatID;
}
if (strlen($CatIgnoreList1) < 1) {
$CatIgnoreList1 = " \"id\"<>" . $PerCatID;
}
if (strlen($CatIgnoreList2) > 1) {
$CatIgnoreList2 .= " AND \"id\"<>" . $PerCatID;
}
if (strlen($CatIgnoreList2) < 1) {
$CatIgnoreList2 = " AND \"id\"<>" . $PerCatID;
$themenum = count($themelist);
$themei = 0;
while ($themei < $themenum) {
echo $themelist[$themei] . "\n";
++$themei;
}
}
}
if ($Settings['SQLThemes'] == "on") {
$sknquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "themes\" ORDER BY \"id\" ASC, \"Name\" ASC", array(null));
$sknresult = sql_query($sknquery, $SQLStat);
$sknum = sql_num_rows($sknresult);
$skni = 0;
while ($skni < $sknum) {
$ThemeInfo['Name'] = sql_result($sknresult, $skni, "Name");
$ThemeInfo['ThemeName'] = sql_result($sknresult, $skni, "ThemeName");
if ($Settings['DefaultTheme'] == $ThemeInfo['Name']) {
echo "<option selected=\"selected\" value=\"" . $ThemeInfo['Name'] . "\">" . $ThemeInfo['ThemeName'] . "</option>\n";
}
if ($Settings['DefaultTheme'] != $ThemeInfo['Name']) {
echo "<option value=\"" . $ThemeInfo['Name'] . "\">" . $ThemeInfo['ThemeName'] . "</option>\n";
}
++$skni;
}
}
?>
</select></td>
<?php
if ($_GET['board'] == $Settings['root_board']) {
?>
</tr><tr style="text-align: left;">
</tr>
<tr class="TableMenuRow4">
<td class="TableMenuColumn4"> </td>
</tr>
</table>
</div>
<?php
}
if ($_POST['act'] == "editmember" && $_POST['update'] == "now" && $_GET['act'] == "editmember" && ($_POST['id'] != "0" || $_POST['id'] != "-1")) {
$ggidquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"Name\"='%s' LIMIT 1", array($Settings['GuestGroup']));
$ggidresult = sql_query($ggidquery, $SQLStat);
$GuestGroupID = sql_result($ggidresult, 0, "id");
sql_free_result($ggidresult);
$vgidquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"Name\"='%s' LIMIT 1", array($Settings['ValidateGroup']));
$vgidresult = sql_query($vgidquery, $SQLStat);
$ValidateGroupID = sql_result($vgidresult, 0, "id");
sql_free_result($vgidresult);
$DMemName = GetUserName($_POST['id'], $Settings['sqltable']);
$DMemName = $DMemName['Name'];
$_POST['MemName'] = stripcslashes(htmlspecialchars($_POST['MemName'], ENT_QUOTES, $Settings['charset']));
//$_POST['MemName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['MemName']);
$_POST['MemName'] = remove_spaces($_POST['MemName']);
$_POST['MemEmail'] = remove_spaces($_POST['MemEmail']);
$username_check = null;
if ($_POST['MemName'] != $DMemName) {
$tquery = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "topics\" SET \"GuestName\"='%s' WHERE \"UserID\"=%i", array($_POST['MemName'], $_POST['id']));
sql_query($tquery, $SQLStat);
$r1query = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "posts\" SET \"GuestName\"='%s' WHERE \"UserID\"=%i", array($_POST['MemName'], $_POST['id']));
sql_query($r1query, $SQLStat);
$r2query = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "posts\" SET \"EditUserName\"='%s' WHERE \"EditUser\"=%i", array($_POST['MemName'], $_POST['id']));
sql_query($r2query, $SQLStat);
if ($numlog2 == 1) {
$YourIDAM = sql_result($resultlog2, 0, "id");
$YourNameAM = sql_result($resultlog2, 0, "Name");
$YourGroupAM = sql_result($resultlog2, 0, "GroupID");
$YourGroupIDAM = $YourGroupAM;
$YourPassAM = sql_result($resultlog2, 0, "UserPassword");
$gquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"id\"=%i LIMIT 1", array($YourGroupAM));
$gresult = sql_query($gquery, $SQLStat);
$YourGroupAM = sql_result($gresult, 0, "Name");
sql_free_result($gresult);
$BanError = null;
$YourTimeZoneAM = sql_result($resultlog2, 0, "TimeZone");
$UseThemeAM = sql_result($resultlog2, 0, "UseTheme");
$YourDSTAM = sql_result($resultlog2, 0, "DST");
$YourLastPostTime = sql_result($resultlog2, 0, "LastPostTime");
$YourBanTime = sql_result($resultlog2, 0, "BanTime");
sql_free_result($resultlog2);
$CGMTime = GMTimeStamp();
if ($YourBanTime != 0 && $YourBanTime != null) {
if ($YourBanTime >= $CGMTime) {
$BanError = "yes";
}
if ($YourBanTime < 0) {
$BanError = "yes";
}
}
$NewDay = GMTimeStamp();
$NewIP = $_SERVER['REMOTE_ADDR'];
if ($BanError != "yes") {
$queryup = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "members\" SET \"LastActive\"=%i,\"IP\"='%s' WHERE \"id\"=%i", array($NewDay, $NewIP, $YourIDAM));
$_SESSION['Theme'] = $UseThemeAM;
<td><b>Avg time</b></td>
<td><b>Total time</b></td>
<td><b>%</b></td>
<td><b>W/M Requests</b></td>
<td><b>W/M Avg time</b></td>
<td><b>W/M Total time</b></td>
<td><b>W/M %</b></td>
</tr>
<?php
$prfResult = sql_query("SELECT SUM(`prfTime`) FROM `profiler`");
$totalTime = sql_result($prfResult);
if ($totalTime == 0) {
$totalTime = 1;
}
$prfResult = sql_query("SELECT SUM(`prfWMTime`) FROM `profiler`");
$totalTimeWM = sql_result($prfResult);
if ($totalTimeWM == 0) {
$totalTimeWM = 1;
}
$prfResult = sql_query("SELECT * FROM `profiler` ORDER BY `prfTime` DESC");
while ($prfData = sql_next($prfResult)) {
if ($prfData["prfCount"] == 0) {
$prfData["prfCount"] = 1;
}
if ($prfData["prfWMCount"] == 0) {
$prfData["prfWMCount"] = 1;
}
if (strpos($prfData["prfPage"], "(bot)") !== false) {
$prfData["prfPage"] = '<span class="error">' . $prfData["prfPage"] . '</span>';
}
?>
<div style="width: 100%; height: 160px; overflow: auto;">
<table style="width: 100%; text-align: center;"><?php
$renee_query = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "smileys\" WHERE \"Display\"='yes'", array(null));
$renee_result = sql_query($renee_query, $SQLStat);
$renee_num = sql_num_rows($renee_result);
$renee_s = 0;
$SmileRow = 0;
$SmileCRow = 0;
while ($renee_s < $renee_num) {
++$SmileRow;
$FileName = sql_result($renee_result, $renee_s, "FileName");
$SmileName = sql_result($renee_result, $renee_s, "SmileName");
$SmileText = sql_result($renee_result, $renee_s, "SmileText");
$SmileDirectory = sql_result($renee_result, $renee_s, "Directory");
$ShowSmile = sql_result($renee_result, $renee_s, "Display");
$ReplaceType = sql_result($renee_result, $renee_s, "ReplaceCI");
if ($SmileRow == 1) {
?>
<tr>
<?php
}
if ($SmileRow < 5) {
++$SmileCRow;
?>
<td><img src="<?php
echo $SmileDirectory . "" . $FileName;
?>
" style="vertical-align: middle; border: 0px; cursor: pointer;" title="<?php
echo $SmileName;
?>
" alt="<?php
}
if (!isset($SetupDir['setup'])) {
$SetupDir['setup'] = "setup/";
}
if (!isset($SetupDir['convert'])) {
$SetupDir['convert'] = "setup/convert/";
}
$query = sql_pre_query("ALTER DATABASE \"" . $_POST['DatabaseName'] . "\" DEFAULT CHARACTER SET " . $Settings['sql_charset'] . " COLLATE " . $Settings['sql_collate'] . ";", array(null));
sql_query($query, $SQLStat);
if (isset($Settings['sql_storage_engine'])) {
$result = sql_query(sql_pre_query("SHOW ENGINES;", array(null)), $SQLStat);
$num = sql_num_rows($result);
$i = 0;
$SQLEngines = null;
while ($i < $num) {
$SQLEngines[$i] = sql_result($result, $i, "Engine");
++$i;
}
if (!in_array($Settings['sql_storage_engine'], $SQLEngines)) {
$Settings['sql_storage_engine'] = "MyISAM";
}
}
if (!isset($Settings['sql_storage_engine'])) {
$Settings['sql_storage_engine'] = "MyISAM";
}
// You can set this to MyISAM or Maria/Aria
if ($Settings['sql_storage_engine'] == "CSV") {
$SQLStorageEngine = "CSV";
}
if ($Settings['sql_storage_engine'] == "Maria") {
$SQLStorageEngine = "Maria";
function load_danhmuc_option()
{
$sql_load_cat = "select * from danh_muc ORDER BY cat_id";
$kq_load_cat = sql_result($sql_load_cat);
//echo $sql_load_cat;
while ($row = mysql_fetch_array($kq_load_cat, MYSQL_ASSOC)) {
if ($row['cat_id_cha'] == 0) {
echo "<option value='" . $row['cat_id'] . "'>" . $row['cat_name'] . "</option>";
} else {
echo "<option style='background-color:yellow;' disabled value='" . $row['cat_id'] . "'>" . $row['cat_name'] . "</option>";
}
}
}
//$kt_kichhoat=get_value_2dk('xacnhan','Code',$ma_kh,'ID',$id_kh,'Status');
//echo $kt_kichhoat;
if (isset($kt_validate) && $status == "NO") {
if ($time_ex < $time_current) {
$sql_update_status = "update xacnhan set Status='YES' where ID='{$id_kh}'";
$kq_update_status = sql_result($sql_update_status);
echo "<br/>Kích hoạt thành công. Sẽ quay lại trang chủ trong 5 giây.";
//Set Cookie
$username = get_value_dk('thanhvien', 'ID', $id_kh, 'Username');
setcookie("name", $username, time() + 86400);
echo "<meta http-equiv='refresh' content='5;url=index.php'>";
} else {
echo "\t\t<br/>KÍCH HOẠT THẤT BẠI vì:<br/>\n\t\t\t- Link kích hoạt đã hết hạn. !<br/>";
echo "<br/>Sẽ quay lại trang chủ trong 5 giây.";
$sql_delete_thanhvien = "delete from thanhvien where ID='{$id_kh}'";
$kq_delete_thanhvien = sql_result($sql_delete_thanhvien);
echo "<meta http-equiv='refresh' content='5;url=index.php'>";
}
} else {
echo "\t\t<br/>KHÔNG THỂ XÁC NHẬN EMAIL NÀY VÌ:<br/>\n\t\t- Email này đã được kích hoạt!<br/>\n\t\t- Email và mã kích hoạt không trùng khớp!<br/>";
}
} else {
}
?>
<?php
include "right.php";
include "footer.php";
?>
$RWholeWord = "no";
}
if ($RWholeWord != "yes" || $RWholeWord != "no") {
$RWholeWord = "no";
}
$RestrictedEventName = sql_result($lonewolfrt, $lonewolfs, "RestrictedEventName");
if ($RestrictedEventName == "on") {
$RestrictedEventName = "yes";
}
if ($RestrictedEventName == "off") {
$RestrictedEventName = "no";
}
if ($RestrictedEventName != "yes" || $RestrictedEventName != "no") {
$RestrictedEventName = "no";
}
$RestrictedUserName = sql_result($lonewolfrt, $lonewolfs, "RestrictedUserName");
if ($RestrictedUserName == "on") {
$RestrictedUserName = "******";
}
if ($RestrictedUserName == "off") {
$RestrictedUserName = "******";
}
if ($RestrictedUserName != "yes" || $RestrictedUserName != "no") {
$RestrictedUserName = "******";
}
$RWord = preg_quote($RWord, "/");
if ($RCaseInsensitive != "yes" && $RWholeWord == "yes") {
if ($RestrictedEventName == "yes") {
$RMatches = preg_match("/\\b(" . $RWord . ")\\b/", $_POST['EventName']);
if ($RMatches == true) {
break 1;
function getContent($type)
{
$query = 'SELECT scontent FROM ' . sql_table('skin') . " WHERE sdesc={$this->id} and stype='" . sql_real_escape_string($type) . "'";
$res = sql_query($query);
if (sql_num_rows($res) == 0) {
return '';
} else {
return sql_result($res, 0, 0);
}
}
$MyDescription = text2icons($MyDescription, $Settings['sqltable'], $SQLStat);
$MyDescription = preg_replace("/\\<br\\>/", "<br />", nl2br($MyDescription));
$MyDescription = url2link($MyDescription);
if (isset($GroupNamePrefix) && $GroupNamePrefix != null) {
$UsersName = $GroupNamePrefix . $UsersName;
}
if (isset($GroupNameSuffix) && $GroupNameSuffix != null) {
$UsersName = $UsersName . $GroupNameSuffix;
}
$TheTime = sql_result($result, $i, "TimeStamp");
$AtomTime = GMTimeChange("Y-m-d\\TH:i:s\\Z", $TheTime, 0);
//$OldRSSTime=GMTimeChange("Y-m-d\TH:i:s+0:00",$TheTime,0);
$OldRSSTime = $AtomTime;
$TheTime = GMTimeChange("D, j M Y G:i:s \\G\\M\\T", $TheTime, 0);
$TopicName = sql_result($result, $i, "TopicName");
$ForumDescription = sql_result($result, $i, "Description");
if (isset($PermissionInfo['CanViewForum'][$ForumID]) && $PermissionInfo['CanViewForum'][$ForumID] == "yes" && isset($CatPermissionInfo['CanViewCategory'][$CategoryID]) && $CatPermissionInfo['CanViewCategory'][$CategoryID] == "yes") {
if ($_GET['feedtype'] == "atom") {
$CDataDescription = "<![CDATA[\n" . $MyDescription . "\n]]>";
$Atom .= '<entry>' . "\n" . '<title>' . $TopicName . '</title>' . "\n" . '<summary>' . $CDataDescription . '</summary>' . "\n" . '<link rel="alternate" href="' . $BoardURL . url_maker($exfilerss['topic'], $Settings['file_ext'], "act=view&id=" . $TopicID . "&page=1", $Settings['qstr'], $Settings['qsep'], $prexqstrrss['topic'], $exqstrrss['topic']) . '" />' . "\n" . '<id>' . $BoardURL . url_maker($exfilerss['topic'], $Settings['file_ext'], "act=view&id=" . $TopicID . "&page=1", $Settings['qstr'], $Settings['qsep'], $prexqstrrss['topic'], $exqstrrss['topic']) . '</id>' . "\n" . '<author>' . "\n" . '<name>' . $UsersName . '</name>' . "\n" . '</author>' . "\n" . '<updated>' . $AtomTime . '</updated>' . "\n" . '</entry>' . "\n";
}
if ($_GET['feedtype'] == "oldrss") {
$CDataDescription = "<![CDATA[\n" . $MyDescription . "\n]]>";
$PreRSS .= ' <rdf:li rdf:resource="' . $BoardURL . url_maker($exfilerss['topic'], $Settings['file_ext'], "act=view&id=" . $TopicID . "&page=1", $Settings['qstr'], $Settings['qsep'], $prexqstrrss['topic'], $exqstrrss['topic']) . '" />' . "\n";
$RSS .= '<item rdf:about="' . $BoardURL . url_maker($exfilerss['topic'], $Settings['file_ext'], "act=view&id=" . $TopicID . "&page=1", $Settings['qstr'], $Settings['qsep'], $prexqstrrss['topic'], $exqstrrss['topic']) . '">' . "\n" . '<title>' . $TopicName . '</title>' . "\n" . '<description>' . $CDataDescription . '</description>' . "\n" . '<dc:publisher>' . $UsersName . '</dc:publisher>' . "\n" . '<dc:creator>' . $UsersName . '</dc:creator>' . "\n" . '<dc:date>' . $OldRSSTime . '</dc:date>' . "\n" . '</item>' . "\n";
}
if ($_GET['feedtype'] == "rss") {
$CDataDescription = "<![CDATA[\n" . $MyDescription . "\n]]>";
$RSS .= '<item>' . "\n" . '<pubDate>' . $TheTime . '</pubDate>' . "\n" . '<author>' . $UsersName . '</author>' . "\n" . '<title>' . $TopicName . '</title>' . "\n" . '<description>' . $CDataDescription . '</description>' . "\n" . '<link>' . $BoardURL . url_maker($exfilerss['topic'], $Settings['file_ext'], "act=view&id=" . $TopicID . "&page=1", $Settings['qstr'], $Settings['qsep'], $prexqstrrss['topic'], $exqstrrss['topic']) . '</link>' . "\n" . '<guid>' . $BoardURL . url_maker($exfilerss['topic'], $Settings['file_ext'], "act=view&id=" . $TopicID . "&page=1", $Settings['qstr'], $Settings['qsep'], $prexqstrrss['topic'], $exqstrrss['topic']) . '</guid>' . "\n" . '</item>' . "\n";
}
}
echo "</td></tr>";
echo "<tr>";
echo "<td><p>Tựa đề: </p></td><td>" . $title_rv;
echo "</td></tr>";
echo "<tr>";
// echo "<td><p>Nội dung tin: </p></td><td>".$content_rv."</td>";
echo "</tr>";
echo "<tr>";
echo "<td><p>Khoản giá: </p></td><td>" . $price_range_name;
echo "</td></tr>";
echo "</table>";
echo "</div>";
//////////////////
$sql_insert_duyet = "insert into duyet_rv values('{$id_rv}','','{$date_rv}','pending')";
//echo $sql_insert_duyet;
$kq_insert_duyet = sql_result($sql_insert_duyet);
} else {
echo "<br/>ĐĂNG TIN RAO VẶT THẤT BẠI!";
echo "<a href='dangtin_raovat.php'>Trở lại</a>";
}
//IF KIEM TRA THUC THI SQL
}
//ẢNH OK THÌ THỰC THI
?>
</span>
</div>
<?php
} else {
//CODE FORM NHAP THONG TIN RAO VAT
?>
redirect("refresh", $rbasedir . url_maker($exfile['admin'], $Settings['file_ext'], "act=view&menu=categories", $Settings['qstr'], $Settings['qsep'], $prexqstr['admin'], $exqstr['admin'], FALSE), "4");
$prequery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "catpermissions\" WHERE \"id\"=%i LIMIT 1", array($_POST['permid']));
$preresult = sql_query($prequery, $SQLStat);
$prenum = sql_num_rows($preresult);
if ($prenum == 0) {
redirect("location", $rbasedir . url_maker($exfile['admin'], $Settings['file_ext'], "act=view", $Settings['qstr'], $Settings['qsep'], $prexqstr['admin'], $exqstr['admin'], false));
sql_free_result($preresult);
ob_clean();
header("Content-Type: text/plain; charset=" . $Settings['charset']);
$urlstatus = 302;
gzip_page($Settings['use_gzip'], $GZipEncode['Type']);
session_write_close();
die;
}
if ($prenum >= 1) {
$PermissionName = sql_result($preresult, 0, "Name");
sql_free_result($preresult);
}
//$nextidnum = sql_get_next_id($Settings['sqltable'],"catpermissions",$SQLStat);
$query = sql_pre_query("INSERT INTO \"" . $Settings['sqltable'] . "catpermissions\" (\"PermissionID\", \"Name\", \"CategoryID\", \"CanViewCategory\") VALUES\n" . "(%i, '%s', %i, '%s')", array($_POST['permid'], $PermissionName, $_POST['id'], $_POST['CanViewCategory']));
sql_query($query, $SQLStat);
}
}
$doupdate = false;
if (isset($_POST['id']) && $_POST['subact'] == "editnow") {
$doupdate = true;
}
if (isset($_POST['id']) && isset($_POST['permid']) && $_POST['subact'] == "makenow") {
$doupdate = true;
}
if ($_POST['act'] == "addcategory" && $_POST['update'] == "now" && $_GET['act'] == "addcategory") {
function getSkinContent($pageType, $skinID)
{
$skinID = intval($skinID);
$pageType = addslashes($pageType);
$query = 'SELECT scontent ' . 'FROM %s ' . 'WHERE sdesc = %d ' . 'AND stype = %d';
$query = sprintf($query, sql_table('skin'), $skinID, $pageType);
$res = sql_query($query);
if (sql_num_rows($res) == 0) {
return '';
} else {
return sql_result($res, 0, 0);
}
}
$TForumID = sql_result($result, $i, "ForumID");
$OldForumID = sql_result($result, $i, "OldForumID");
$UsersID = sql_result($result, $i, "UserID");
$GuestsName = sql_result($result, $i, "GuestName");
$TheTime = sql_result($result, $i, "TimeStamp");
$TheTime = GMTimeChange($_SESSION['iDBDateFormat'] . ", " . $_SESSION['iDBTimeFormat'], $TheTime, $_SESSION['UserTimeZone'], 0, $_SESSION['UserDST']);
$NumReply = sql_result($result, $i, "NumReply");
$NumberPosts = $NumReply + 1;
$prepagelist = null;
if (!isset($Settings['max_posts'])) {
$Settings['max_posts'] = 10;
}
$TopicName = sql_result($result, $i, "TopicName");
$TopicDescription = sql_result($result, $i, "Description");
$PinnedTopic = sql_result($result, $i, "Pinned");
$TopicStat = sql_result($result, $i, "Closed");
$PreTopic = null;
if ($PinnedTopic > 2) {
$PinnedTopic = 1;
}
if ($PinnedTopic < 0) {
$PinnedTopic = 0;
}
if (!is_numeric($PinnedTopic)) {
$PinnedTopic = 0;
}
if ($TopicStat > 3) {
$TopicStat = 1;
}
if ($TopicStat < 0) {
$TopicStat = 0;
/**
* Returns true if member is an admin for the given blog
* (returns false if not a team member)
*/
function isBlogAdmin($blogid)
{
$query = 'SELECT tadmin FROM ' . sql_table('team') . ' WHERE' . ' tblog=' . intval($blogid) . ' and tmember=' . $this->getID();
$res = sql_query($query);
if (sql_num_rows($res) == 0) {
return 0;
} else {
return sql_result($res, 0, 0) == 1;
}
}
}
}
}
++$lonewolfs;
}
sql_free_result($lonewolfrt);
$requery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "members\" WHERE \"Name\"='%s'", array($_POST['SendMessageTo']));
$reresult = sql_query($requery, $SQLStat);
$renum = sql_num_rows($reresult);
$rei = 0;
while ($rei < $renum) {
$SendMessageToID = sql_result($reresult, $rei, "id");
$SendToGroupID = sql_result($reresult, $rei, "GroupID");
$gquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"id\"=%i", array($SendToGroupID));
$gresult = sql_query($gquery, $SQLStat);
$SendUserCanPM = sql_result($gresult, 0, "CanPM");
$SendUserCanPM = strtolower($SendUserCanPM);
if ($SendUserCanPM != "yes" && $SendUserCanPM != "no") {
$SendUserCanPM = "no";
}
sql_free_result($gresult);
++$rei;
}
sql_free_result($reresult);
if ($renum == 0) {
$Error = "Yes";
?>
<tr>
<td><span class="TableMessage">
<br />Cound not find users name.<br />
</span> </td>
$User1Name = sql_result($reresult, $rei, "Name");
$User1IP = sql_result($reresult, $rei, "IP");
if ($User1IP == $MyPostIP) {
$ipshow = "one";
}
$User1Email = sql_result($reresult, $rei, "Email");
$User1Title = sql_result($reresult, $rei, "Title");
$User1Joined = sql_result($reresult, $rei, "Joined");
$User1Joined = GMTimeChange($_SESSION['iDBDateFormat'], $User1Joined, $_SESSION['UserTimeZone'], 0, $_SESSION['UserDST']);
$User1Hidden = sql_result($reresult, $rei, "HiddenMember");
$User1GroupID = sql_result($reresult, $rei, "GroupID");
$gquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"id\"=%i LIMIT 1", array($User1GroupID));
$gresult = sql_query($gquery, $SQLStat);
$User1Group = sql_result($gresult, 0, "Name");
$GroupNamePrefix = sql_result($gresult, 0, "NamePrefix");
$GroupNameSuffix = sql_result($gresult, 0, "NameSuffix");
sql_free_result($gresult);
}
if ($User1CanUseBBags1 == "yes") {
$MyPost = bbcode_parser($MyPost);
}
if ($User1CanExecPHP == "no") {
$MyPost = preg_replace("/\\[ExecPHP\\](.*?)\\[\\/ExecPHP\\]/is", "<span style=\"color: red; font-weight: bold;\">ERROR:</span> cannot execute php code.", $MyPost);
}
if ($User1CanExecPHP == "yes") {
$MyPost = php_execute($MyPost);
}
if ($User1CanDoHTML1 == "no") {
$MyPost = preg_replace("/\\[DoHTML\\](.*?)\\[\\/DoHTML\\]/is", "<span style=\"color: red; font-weight: bold;\">ERROR:</span> cannot execute html.", $MyPost);
}
if ($User1CanDoHTML1 == "yes") {
$telephone = $_POST['dk_tel'];
$address = $_POST['dk_address'];
$join = date("Y-m-d");
if (isset($_POST['dk_username'])) {
$sql_insert_thanhvien = "Insert into thanhvien (ID, Ten, Username, Password, Email, Sex, Telephone, Address, Join_date) values('{$id}', '{$ten}','{$username}','{$pw}','{$email}','{$sex}','{$telephone}','{$address}','{$join}')";
//echo $sql_insert_thanhvien;
$kq_insert_thanhvien = sql_result($sql_insert_thanhvien);
//
if ($kq_insert_thanhvien) {
echo "<div style='margin-left:50px;margin-top:30px;text-align:center;float:left;'>";
echo "Một email có chứa liên kết xác nhận đã được gửi đến email: <b>{$email}</b>,\n\t\t\t\t<br>Bạn vui lòng truy cập hộp thư để hoàn tất thủ tục đăng ký trở thành thành viên của CẦN THƠ NEW";
echo "</div>";
//
$validate_code = tao_ma_validate();
$ex_time = strtotime($join . "+1 day");
$sql_insert_validate = "Insert into xacnhan (ID,Code,Ex_time,Status) values ('{$id}','{$validate_code}','{$ex_time}','NO')";
//echo $sql_insert_validate;
$kq_insert_validate = sql_result($sql_insert_validate);
gui_mail_validate($email, $validate_code);
} else {
echo "THẤT BẠI!";
}
}
?>
<?php
include "right.php";
include "footer.php";
?>
</tr>
</table>
</div>
<?php
sql_free_result($result);
}
if ($_POST['update'] == "now") {
if ($_POST['act'] == "userinfo" && $_SESSION['UserGroup'] != $Settings['GuestGroup']) {
$query = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "members\" WHERE \"id\"=%i LIMIT 1", array($_SESSION['UserID']));
$result = sql_query($query, $SQLStat);
$num = sql_num_rows($result);
$i = 0;
$OldPassword = sql_result($result, $i, "UserPassword");
$OldHashType = sql_result($result, $i, "HashType");
$OldJoined = sql_result($result, $i, "Joined");
$OldSalt = sql_result($result, $i, "Salt");
$UpdateHash = false;
if ($OldHashType == "ODFH") {
$YourPassword = PassHash2x($_POST['OldPass']);
}
if ($OldHashType == "IPB2") {
$YourPassword = hash2xkey($_POST['OldPass'], $OldSalt);
}
if ($OldHashType == "DF4H") {
$YourPassword = b64e_hmac($_POST['OldPass'], $OldJoined, $OldSalt, "sha1");
}
if ($OldHashType == "iDBH2") {
$YourPassword = b64e_hmac($_POST['OldPass'], $OldJoined, $OldSalt, "md2");
}
if ($OldHashType == "iDBH4") {
$YourPassword = b64e_hmac($_POST['OldPass'], $OldJoined, $OldSalt, "md4");
if ($_SESSION['UserGroup'] == $Settings['GuestGroup']) {
$User1Name = $_POST['GuestName'];
}
$User1Email = sql_result($reresult, $rei, "Email");
$User1Title = sql_result($reresult, $rei, "Title");
$User1GroupID = sql_result($reresult, $rei, "GroupID");
$PostCount = sql_result($reresult, $rei, "PostCount");
if ($PostCountAdd == "on") {
$NewPostCount = $PostCount + 1;
}
if (!isset($NewPostCount)) {
$NewPostCount = $PostCount;
}
$gquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"id\"=%i LIMIT 1", array($User1GroupID));
$gresult = sql_query($gquery, $SQLStat);
$User1Group = sql_result($gresult, 0, "Name");
sql_free_result($gresult);
$User1IP = $_SERVER['REMOTE_ADDR'];
++$rei;
}
sql_free_result($reresult);
$query = sql_pre_query("INSERT INTO \"" . $Settings['sqltable'] . "topics\" (\"PollID\", \"ForumID\", \"CategoryID\", \"OldForumID\", \"OldCategoryID\", \"UserID\", \"GuestName\", \"TimeStamp\", \"LastUpdate\", \"TopicName\", \"Description\", \"NumReply\", \"NumViews\", \"Pinned\", \"Closed\") VALUES\n" . "(0, %i, %i, %i, %i, %i, '%s', %i, %i, '%s', '%s', 0, 0, 0, 0)", array($ForumID, $ForumCatID, $ForumID, $ForumCatID, $User1ID, $User1Name, $LastActive, $LastActive, $_POST['TopicName'], $_POST['TopicDesc']));
sql_query($query, $SQLStat);
$topicid = sql_get_next_id($Settings['sqltable'], "topics", $SQLStat);
$query = sql_pre_query("INSERT INTO \"" . $Settings['sqltable'] . "posts\" (\"TopicID\", \"ForumID\", \"CategoryID\", \"UserID\", \"GuestName\", \"TimeStamp\", \"LastUpdate\", \"EditUser\", \"EditUserName\", \"Post\", \"Description\", \"IP\", \"EditIP\") VALUES\n" . "(" . $topicid . ", %i, %i, %i, '%s', %i, %i, 0, '', '%s', '%s', '%s', '0')", array($ForumID, $ForumCatID, $User1ID, $User1Name, $LastActive, $LastActive, $_POST['TopicPost'], $_POST['TopicDesc'], $User1IP));
sql_query($query, $SQLStat);
$postid = sql_get_next_id($Settings['sqltable'], "posts", $SQLStat);
$_SESSION['LastPostTime'] = GMTimeStamp() + $GroupInfo['FloodControl'];
if ($User1ID != 0 && $User1ID != -1) {
$queryupd = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "members\" SET \"LastActive\"=%i,\"IP\"='%s',\"PostCount\"=%i,\"LastPostTime\"=%i WHERE \"id\"=%i", array($LastActive, $User1IP, $NewPostCount, $_SESSION['LastPostTime'], $User1ID));
sql_query($queryupd, $SQLStat);
if ($UsersName == "Guest") {
$UsersName = $GuestsName;
if ($UsersName == null) {
$UsersName = "Guest";
}
}
if ($PermissionInfo['CanViewForum'][$ForumID] == "yes" && $CatPermissionInfo['CanViewCategory'][$CategoryID] == "yes" && $TopicStat >= 0 && $TopicStat < 3 || $PermissionInfo['CanViewForum'][$ForumID] == "yes" && $CatPermissionInfo['CanViewCategory'][$CategoryID] == "yes" && $PermissionInfo['CanModForum'][$ForumID] == "yes" && $TopicStat == 3) {
$LastReply = " <br /> ";
$glrquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "posts\" WHERE \"TopicID\"=%i ORDER BY \"TimeStamp\" DESC LIMIT 1", array($TopicID));
$glrresult = sql_query($glrquery, $SQLStat);
$glrnum = sql_num_rows($glrresult);
if ($glrnum > 0) {
$ReplyID1 = sql_result($glrresult, 0, "id");
$UsersID1 = sql_result($glrresult, 0, "UserID");
$GuestsName1 = sql_result($glrresult, 0, "GuestName");
$TimeStamp1 = sql_result($glrresult, 0, "TimeStamp");
$TimeStamp1 = GMTimeChange($_SESSION['iDBDateFormat'] . ", " . $_SESSION['iDBTimeFormat'], $TimeStamp1, $_SESSION['UserTimeZone'], 0, $_SESSION['UserDST']);
$PreUsersName1 = GetUserName($UsersID1, $Settings['sqltable'], $SQLStat);
if ($PreUsersName1['Name'] === null) {
$UsersID1 = -1;
$PreUsersName1 = GetUserName($UsersID1, $Settings['sqltable'], $SQLStat);
}
$UsersName1 = $PreUsersName1['Name'];
$UsersHidden1 = $PreUsersName1['Hidden'];
}
$NumPages = null;
$NumRPosts = $NumReply + 1;
if (!isset($Settings['max_posts'])) {
$Settings['max_posts'] = 10;
}
if ($NumRPosts > $Settings['max_posts']) {
}
$gltnum = count($gltf);
$glti = 0;
$OldUpdateTime = 0;
$UseThisFonum = null;
if ($ForumType == "subforum") {
while ($glti < $gltnum) {
$ExtraIgnores = null;
if ($PermissionInfo['CanModForum'][$gltf[$glti]] == "no") {
$ExtraIgnores = " AND \"Closed\"<>3";
}
$gltfoquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "topics\" WHERE \"ForumID\"=%i" . $ExtraIgnores . " ORDER BY \"LastUpdate\" DESC LIMIT 1", array($gltf[$glti]));
$gltforesult = sql_query($gltfoquery, $SQLStat);
$gltfonum = sql_num_rows($gltforesult);
if ($gltfonum > 0) {
$NewUpdateTime = sql_result($gltforesult, 0, "LastUpdate");
if ($NewUpdateTime > $OldUpdateTime) {
$UseThisFonum = $gltf[$glti];
$OldUpdateTime = $NewUpdateTime;
}
}
sql_free_result($gltforesult);
++$glti;
}
}
$shownum = null;
if ($ForumType == "redirect") {
$shownum = "(" . $NumRedirects . " redirects)";
}
if ($ForumType != "redirect") {
$shownum = "(" . $NumPosts . " posts)";
