function ajout_fichier($doc_file, $dest, $cpt_doc, $id_groupe) { global $max_size, $total_max_size; /* Vérification du type de fichier */ $ext = ''; //if (my_ereg("\.([^.]+)$", $doc_file['name'][$cpt_doc], $match)) { if (function_exists("mb_ereg") && mb_ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match) || function_exists("ereg") && ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match)) { $ext = corriger_caracteres(my_strtolower($match[1])); $ext = corriger_extension($ext); } $query = "SELECT id_type FROM ct_types_documents WHERE extension='{$ext}' AND upload='oui'"; $result = sql_query($query); if ($row = @sql_row($result, 0)) { $id_type = $row[0]; } else { echo "Erreur : Ce type de fichier n'est pas autorisé en téléchargement.\nSi vous trouvez cela regrettable, contactez l'administrateur.\nIl pourra modifier ce paramétrage dans\n *Gestion des modules/Cahiers de textes/Types de fichiers autorisés en téléchargement*."; die; } /* Vérification de la taille du fichier */ $max_size_ko = $max_size / 1024; $taille = $doc_file['size'][$cpt_doc]; if ($taille > $max_size) { echo "Erreur : Téléchargement impossible : taille maximale autorisée : " . $max_size_ko . " Ko"; die; } if ($taille == 0) { echo "Le fichier sélectionné semble vide : transfert impossible."; die; } $query = "SELECT DISTINCT sum(taille) somme FROM ct_documents d, ct_entry e WHERE (e.id_groupe='" . $id_groupe . "' and e.id_ct = d.id_ct)"; $total = sql_query1($query); if ($total + $taille > $total_max_size) { echo "Erreur : Téléchargement impossible : espace disque disponible (" . ($total_max_size - $total) / 1024 . " Ko) insuffisant."; die; } /* Crétion du répertoire de destination */ if (!creer_repertoire($dest)) { echo "Erreur : Problème d'écriture sur le répertoire. Veuillez signaler ce problème à l'administrateur du site"; echo $dest; die; } /* Recopier le fichier */ $nom_sans_ext = mb_substr(basename($doc_file['name'][$cpt_doc]), 0, mb_strlen(basename($doc_file['name'][$cpt_doc])) - (mb_strlen($ext) + 1)); $nom_sans_ext = my_ereg_replace("[^.a-zA-Z0-9_=-]+", "_", $nom_sans_ext); if (strstr($nom_sans_ext, "..")) { echo "Erreur : Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site"; die; } $n = 0; while (file_exists($newFile = $dest . "/" . $nom_sans_ext . ($n++ ? '-' . $n : '') . '.' . $ext)) { } $dest_file_path = $newFile; if (!deplacer_fichier_upload($doc_file['tmp_name'][$cpt_doc], $dest_file_path)) { echo "Erreur : Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site"; die; } return $dest_file_path; }
function get_hint($params) { $out = ''; extract($params); if (empty($keyword)) { return ''; } $lang = !empty(Project::getInstance()->getCurUser()->lang) ? Project::getInstance()->getCurUser()->lang : 'en'; $hint = sql_row('SELECT * FROM hints WHERE keyword="' . $keyword . '" AND lang="' . $lang . '"'); if (!empty($hint)) { $out = htmlspecialchars($hint['value']); } if (Project::getInstance()->getCurUser()->access == ACCESS_LEVEL_ADMIN) { $out .= ' <span style="font-weight:normal;">(<a href="#" style="text-decoration:none;">?</a>)</span>'; } return $out; }
// if we're adding the very first entry, then it should be an admin; // if we're adding a subsequent entry, then it should be an ordinary user; if ($Action == "Edit" && $i == $data[$key] || $Action == "Add" && $initial_user_creation && $i == $max_level || $Action == "Add" && !$initial_user_creation && $i == 1) { $params['value'] = $i; } } $params['force_assoc'] = TRUE; generate_select($params); break; case 'area_id': $params['disabled'] = $level < $min_user_editing_level; $params['options'] = array(); $result1 = sql_query("select id,area_name from mrbs_area"); $i = 0; $params['options'][0] = "Select Area"; while ($data1 = sql_row($result1, $i)) { $params['options'][$data1[0]] = $data1[1]; if ($Action == "Edit" && $data1[0] == $data[$key]) { // echo " Current Area :".$data1[1]; $params["value"] = $data1[0]; } $i++; } $params['force_assoc'] = TRUE; // $params['multiple'] = TRUE; generate_select($params); break; case 'name': // you cannot change a username (even your own) unless you have user editing rights $params['disabled'] = $level < $min_user_editing_level; $params['mandatory'] = TRUE;
<?php $ACCESS_LEVEL = ACCESS_LEVEL_USER; include_once DOC_ROOT . '/includes/authorization.php'; $user = sql_row(' SELECT SQL_CALC_FOUND_ROWS ' . (PRO_VERSION ? 'users.*' : implode(',', $GLOBALS['USERS_FIELDS'])) . ', SUM(IF(t.type="d", t.amount, NULL)) as deposit, SUM(IF(t.type="w", t.amount, NULL)) as withdrawal, SUM(IF(t.type="e", t.amount, NULL)) as earning, SUM(IF(t.type="r", t.amount, NULL)) as referral, SUM(IF(t.type="i", t.amount, NULL)) as reinvest, SUM(IF(t.type="b", t.amount, NULL)) as bonus FROM users LEFT JOIN translines as t ON t.user_id = users.id AND t.stamp < ' . Project::getInstance()->getNow() . ' AND t.status > 0 WHERE users.id="' . Project::getInstance()->getCurUser()->id . '" GROUP BY users.id '); Project::getInstance()->getSmarty()->assign('user', $user); Project::getInstance()->showPage('user/account.tpl');
function sql_version() { $r = sql_query("select version()"); $v = sql_row($r, 0); sql_free($r); return "MySQL {$v['0']}"; }
} echo " done.<br>Updating repeating entries: "; $sql = "select id,name,description from mrbs_repeat"; $repeats_res = sql_query($sql); for ($i = 0; $row = sql_row($repeats_res, $i); $i++) { $id = $row[0]; $name = slashes(iconv($encoding, "utf-8", $row[1])); $desc = slashes(iconv($encoding, "utf-8", $row[2])); $upd_sql = "update mrbs_repeat set name='{$name}',description='{$desc}' where id={$id}"; sql_command($upd_sql); echo "."; } echo " done.<br>Updating normal entries: "; $sql = "select id,name,description from mrbs_entry"; $entries_res = sql_query($sql); for ($i = 0; $row = sql_row($entries_res, $i); $i++) { $id = $row[0]; $name = slashes(iconv($encoding, "utf-8", $row[1])); $desc = slashes(iconv($encoding, "utf-8", $row[2])); $upd_sql = "update mrbs_entry set name='{$name}',description='{$desc}' where id={$id}"; sql_command($upd_sql); echo "."; } echo 'done.<p> Finished everything, byebye! '; } ?> </body> </html>
function get_area_name($user, $all = FALSE) { $sql = "SELECT name\n FROM users\n WHERE code='{$user}'"; if (empty($all)) { $sql .= " AND disabled=0"; } $sql .= " LIMIT 1"; $res = sql_query($sql); if ($res === FALSE) { trigger_error(sql_error(), E_USER_WARNING); return FALSE; } if (sql_count($res) == 0) { return NULL; } $row = sql_row($res, 0); return $row[0]; }
min="' . $_POST['min'] . '", max="' . $_POST['max'] . '", percent="' . $_POST['percent'] . '", percent_per="' . $_POST['percent_per'] . '", periodicy_value="' . $_POST['periodicy_value'] . '", periodicy="' . $_POST['periodicy'] . '", term="' . $_POST['term'] . '", attempts="' . $_POST['attempts'] . '", comment="' . $_POST['comment'] . '", type="' . $_POST['type'] . '", working_days="' . $_POST['working_days'] . '" WHERE id="' . $_POST['id'] . '" '); location($_SERVER['PHP_SELF'], '<p class=imp>Plan <u>' . htmlspecialchars($_POST['name']) . '</u> has been saved!</p>'); } $plan = sql_row('SELECT * FROM plans WHERE id="' . intval($_REQUEST['id']) . '"'); Project::getInstance()->getSmarty()->assign('plan', stripslashes_array($plan)); Project::getInstance()->getSmarty()->display('../default/admin/plan_profile.tpl'); break; case 'add': if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'save') { $_POST = sql_escapeArray($_POST); sql_query(' INSERT INTO plans SET id=0, name="' . $_POST['name'] . '", min="' . $_POST['min'] . '", max="' . $_POST['max'] . '", percent="' . $_POST['percent'] . '", percent_per="' . $_POST['percent_per'] . '",
<? include('inc/conf.php'); if ($_POST['confirm_x']) { switch ($_POST['module']) { case 1: header("location: Administrative/Index.html"); break; case 2: header("location: DomoUpravitel.php"); break; case 3: header("location: Sdrujenie.php"); break; case 4: header("location: spravkaDom.php"); break; case 5: header("location: spravkaSdr.php"); break; case 6: header("location: asoc/index.php"); break; } } $modules_id = array(); $row = sql_row("SELECT id FROM users WHERE username = '******' "); $result = sql_q("SELECT gu.group_id FROM group_users gu, groups g WHERE gu.group_id = g.id AND gu.user_id = '$row[id]' AND g.status = '1' ORDER BY gu.user_id, gu.group_id"); while ($row = mysql_fetch_array($result)) { $result_data = sql_q("SELECT DISTINCT module_id FROM permissions WHERE group_id = '$row[group_id]' ORDER BY module_id"); while ($row_data = mysql_fetch_array($result_data)) { if (!in_array($row_data['module_id'], $modules_id)) { array_push($modules_id, $row_data['module_id']); } } mysql_free_result($result_data); } ?> <html>
function mrbsGetEntryInfo($id) { global $tbl_entry; $sql = "SELECT start_time, end_time, entry_type, repeat_id, room_id,\n\t timestamp, create_by, name, type, description\n FROM {$tbl_entry} WHERE (ID = {$id})"; $res = sql_query($sql); if (!$res) { return; } $ret = ""; if (sql_count($res) > 0) { $row = sql_row($res, 0); $ret["start_time"] = $row[0]; $ret["end_time"] = $row[1]; $ret["entry_type"] = $row[2]; $ret["repeat_id"] = $row[3]; $ret["room_id"] = $row[4]; $ret["timestamp"] = $row[5]; $ret["create_by"] = $row[6]; $ret["name"] = $row[7]; $ret["type"] = $row[8]; $ret["description"] = $row[9]; } sql_free($res); return $ret; }
/** * Renvoie la date et l'heure de la dernière connexion ou d'une tentative de connexion avec mauvais mot de passe * * @global string * @return string la date et l'heure */ function last_connection() { global $gepiPath; global $mysqli; $sql = "select START, AUTOCLOSE, REMOTE_ADDR from log where LOGIN = '******'login'] . "' and SESSION_ID != '" . session_id() . "' order by START desc"; $res = mysqli_query($mysqli, $sql); $r = ''; if ($res) { $row = $res->fetch_row(); $annee_b = substr($row[0], 0, 4); $mois_b = substr($row[0], 5, 2); $jour_b = substr($row[0], 8, 2); $heures_b = substr($row[0], 11, 2); $minutes_b = substr($row[0], 14, 2); $secondes_b = substr($row[0], 17, 2); if ($row[0] != '') { if ($row[1] == "4") { $r = "<span style=\"color: red\"><strong>Tentative de connexion le " . $jour_b . "/" . $mois_b . "/" . $annee_b . " à " . $heures_b . " h " . $minutes_b . " avec un mot de passe erroné</strong></span> (<a href='" . $gepiPath . "/utilisateurs/mon_compte.php#connexion'" . insert_confirm_abandon() . ">journal des connexions</a>)"; // On compte le nombre de tentatives infructueuses successives $nb_tentative = 0; $flag = 0; for ($i = 0; $row_b = sql_row($res, $i) and $flag < 1; $i++) { if ($row_b[1] == "2" and $row_b[2] == $row[2]) { $nb_tentative++; } else { $flag = 1; } } if ($nb_tentative > 1) { $r .= "<br /><strong>Nombre de tentatives de connexion successives : " . $nb_tentative . ".</strong></font>"; } } else { $r = " Dernière session ouverte le " . $jour_b . "/" . $mois_b . "/" . $annee_b . " à " . $heures_b . " h " . $minutes_b . " (<a href='" . $gepiPath . "/utilisateurs/mon_compte.php#connexion'" . insert_confirm_abandon() . ">journal des connexions</a>)"; } } } $res->close(); return $r; }
if ($has_next) { echo "</A>"; } } ?> <P> <TABLE BORDER=2 CELLSPACING=0 CELLPADDING=3> <TR> <TH><? echo $lang["entry"] ?></TH> <TH><? echo $lang["createdby"] ?></TH> <TH><? echo $lang["namebooker"] ?></TH> <TH><? echo $lang["description"] ?></TH> <TH><? echo $lang["start_date"] ?></TH> </TR> <? for ($i = 0; ($row = sql_row($result, $i)); $i++) { echo "<TR>"; echo "<TD><A HREF=\"view_entry.php?id=$row[0]\">$lang[view]</A></TD>\n"; echo "<TD>" . htmlspecialchars($row[1]) . "</TD>\n"; echo "<TD>" . htmlspecialchars($row[2]) . "</TD>\n"; echo "<TD>" . htmlspecialchars($row[3]) . "</TD>\n"; // generate a link to the day.php $link = getdate($row[4]); echo "<TD><A HREF=\"day.php?day=$link[mday]&month=$link[mon]&year=$link[year]&area=$row[5]\">" . strftime('%X - %A %d %B %Y', $row[4]) . "</A></TD>"; echo "</TR>\n"; } echo "</TABLE>\n"; include "trailer.inc";
public function getXML() { $dates = sql_row('select min(stamp), max(stamp) from translines where type in ("w", "d") and status in (1, 2)'); $start_date = $dates[0]; $end_date = $dates[1]; $first_day = mktime(0, 0, 0, date('m', $start_date), date('d', $start_date), date('Y', $start_date)); $step = 86400 * 7; //1day $i = $first_day; $data = array(); while ($i < $end_date + $step) { $this->select = 'sum(amount) as s'; $deposited = $this->getLines(array('d'), 2, $i, $i + $step); $reinvested = $this->getLines(array('i'), 1, $i, $i + $step); $withrawn = $this->getLines(array('w'), 1, $i, $i + $step); $data[$i] = array($deposited[0]['s'] - abs($reinvested[0]['s']), abs($withrawn[0]['s'])); $i += $step; } array_pop($data); $fp = fopen('stats.xml', 'w'); $xml = "<chart>\n \t\t<axis_category orientation='diagonal_up' size='10' step='1' />\n \t\t<chart_type>\n \t\t\t<string>line</string>\n \t\t\t<string>line</string>\n \t\t</chart_type>\n \t\t<chart_grid_h alpha='10' thickness='1' />\n\t\t<chart_guide horizontal='true' vertical='true' thickness='1' alpha='25' type='dashed' text_h_alpha='0' text_v_alpha='0' />\n\t\t<chart_pref line_thickness='2' point_shape='circle' point_size='7' fill_shape='false' />\n\t\t<series_color>\n\t\t\t<color>ff4422</color>\n\t\t\t<color>00FF00</color>\n\t\t</series_color>\n\t\t<filter>\n\t\t\t<shadow id='medium' distance='2' angle='45' alpha='40' blurX='7' blurY='7' />\n\t\t\t<bevel id='note' angle='45' blurX='10' blurY='10' distance='3' highlightAlpha='60' shadowAlpha='15' />\n\t\t</filter>\n\t\t<chart_data><row><null/>"; $xml .= ''; foreach ($data as $key => $value) { $xml .= '<string>' . date('d.m.Y', $key) . '</string>'; } $xml .= '</row><row><string>Deposits per day</string>'; foreach ($data as $key => $value) { if (is_null($value[0])) { $value[0] = 0; } if (is_null($value[1]) || $value[1] == 0) { $value[1] = 1; } $xml .= '<number tooltip="$' . $value[0] . '" ' . ($value[0] > 0 ? 'note="' . number_format($value[0] / $value[1] * 100, 2) . '"' : '') . '>' . $value[0] . '</number>'; } $xml .= '</row><row><string>Withdrawals per day</string>'; foreach ($data as $key => $value) { if (is_null($value[1])) { $value[1] = 0; } $xml .= '<number tooltip="$' . $value[1] . '">' . $value[1] . '</number>'; } $xml .= '</row>'; $xml .= "</chart_data></chart>"; fputs($fp, $xml); fclose($fp); }
$classes = null; for ($c = 0; $c < $nb_classes; $c++) { $current_classe = old_mysql_result($get_classes, $c, "classe"); $classes .= $current_classe; if ($c + 1 < $nb_classes) { $classes .= ", "; } } if ($nom_groupe == "-1") { $nom_groupe = "<font color='red'>Groupe inexistant</font>"; } $sql_prof = sql_query("select nom, prenom from utilisateurs where login = '******'"); if (!$sql_prof) { $nom_prof = "<font color='red'>" . $id_prop . " : utilisateur inexistant</font>"; } else { $row_prof = sql_row($sql_prof, 0); $nom_prof = $row_prof[1] . " " . $row_prof[0]; $test_groupe_prof = sql_query("select login from j_groupes_professeurs WHERE (id_groupe='" . $id_groupe . "' and login = '******')"); if (sql_count($test_groupe_prof) == 0) { $nom_prof = "<font color='red'>" . $nom_prof . " : <br />Ce professeur n'enseigne pas dans ce groupe</font>"; } } // Nombre de notices de chaque utilisateurs $nb_ct = sql_count(sql_query("select 1=1 FROM ct_entry WHERE (id_groupe='" . $id_groupe . "' and id_login='******' AND visa != 'y') ")); // Nombre de notices devoirs de haque utilisateurs $nb_ct_devoirs = sql_count(sql_query("select 1=1 FROM ct_devoirs_entry WHERE (id_groupe='" . $id_groupe . "' and id_login='******') ")); //Nombre de visa sur un cahier de texte $sql = "select 1=1 FROM ct_entry WHERE (id_groupe='" . $id_groupe . "' and id_login='******' and visa ='y');"; $nb_ct_visa = sql_count(sql_query($sql)); // Affichage des lignes echo "<tr class='lig{$alt} white_hover'><td>" . $classes . "</td>";
function my_tab_docs_joints($id_ct, $type_notice) { $tab_documents_joints = array(); if ($type_notice == "t") { $sql = "SELECT titre, emplacement FROM ct_devoirs_documents WHERE id_ct_devoir='{$id_ct}' ORDER BY 'titre'"; } else { if ($type_notice == "c") { $sql = "SELECT titre, emplacement FROM ct_documents WHERE id_ct='{$id_ct}' ORDER BY 'titre'"; } } $res = sql_query($sql); if ($res and sql_count($res) != 0) { for ($i = 0; $row = sql_row($res, $i); $i++) { $titre = $row[0]; $emplacement = $row[1]; $tab_documents_joints[] = $emplacement; } } return $tab_documents_joints; }
function convert_one_db($db) { global $alterdatabasecharset; global $altertablecharset; global $charset; global $collate; global $printonly; global $db_handle; $db_cha = PMA_getDbCollation($db); if (substr($db_cha[0], 0, 4) == 'utf8') { // This doesn't work for me, but isn't a big deal, as the table // check below works echo "Skipping utf8 database '{$db}'\n"; return; } sql_command("USE {$db}", $db_handle); $rs = sql_query("SHOW TABLES", $db_handle); if (!$rs) { echo "\n\n" . sql_error($db_handle) . "\n\n"; } else { for ($i = 0; $data = sql_row($rs, $i, $db_handle); $i++) { echo "Converting '{$data['0']}' table...\n"; $rs1 = sql_query("show FULL columns from {$data['0']}", $db_handle); if (!$rs1) { echo "\n\n" . sql_error($db_handle) . "\n\n"; } else { for ($j = 0; $data1 = sql_row_keyed($rs1, $j, $db_handle); $j++) { if (in_array(array_shift(split("\\(", $data1['Type'], 2)), array('char', 'varchar', 'tinytext', 'text', 'mediumtext', 'longtext', 'enum', 'set'))) { if (substr($data1['Collation'], 0, 4) != 'utf8') { $sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . ' CHARACTER SET binary ' . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL'); if (!$printonly && !sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } else { if ($printonly) { echo $sq . "\n"; } $sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . " CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}") . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL') . ($data1['Comment'] == '' ? '' : ' COMMENT \'' . addslashes($data1['Comment']) . '\''); if (!$printonly && !sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } else { if ($printonly) { echo $sq . "\n"; } } } // end of if (!$printonly) } // end of if (substr) } // end of if (in_array) } // end of inner for } // end of if ($rs1) if ($altertablecharset) { $sq = 'ALTER TABLE `' . $data[0] . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}"); if ($printonly) { echo $sq . "\n"; } else { if (!sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } } } // end of if ($altertablecharset) print "done.<br>\n"; } // end of outer for } // end of if (!$rs) if ($alterdatabasecharset) { $sq = 'ALTER DATABASE `' . $db . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}"); if ($printonly) { echo $sq . "\n"; } else { if (!sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } } } // end of if ($alterdatabasecharset) }
function sql_version() { $r = sql_query("select version()"); $v = sql_row($r, 0); sql_free($r); return $v[0]; }
die; } else { if ($resultat_session == '0') { header("Location: ../logout.php?auto=1"); die; } } if (!checkAccess()) { header("Location: ../logout.php?auto=1"); die; } if (isset($_POST['sup'])) { $call_data = sql_query("SELECT indice_aid FROM aid_config"); $sup_all = ""; $liste_cible = ''; for ($i = 0; $row = sql_row($call_data, $i); $i++) { $id = $row[0]; $temp = "sup" . $id; if (isset($_POST[$temp])) { $test = sql_count(sql_query("SELECT indice_aid FROM aid WHERE indice_aid='" . $id . "'")); if ($test != 0) { $sup_all = 'no'; } else { $liste_cible = $liste_cible . $id . ";"; } } } $_SESSION['chemin_retour'] = $_SERVER['REQUEST_URI'] . "?sup_all=" . $sup_all; header("Location: ../lib/confirm_query.php?liste_cible={$liste_cible}&action=del_type_aid" . add_token_in_url(false)); } if (isset($_GET['sup_all'])) {
print "<thead>\n"; print "<tr>"; // The first 2 columns are the user rights and user name. print "<th>" . get_vocab("rights") . "</th><th>" . get_vocab("user_name") . "</th>"; // The remaining columns are all the columns from the database, past the initial 3 (id, name, password). foreach ($fields as $fieldname) { if ($fieldname != 'id' && $fieldname != 'name' && $fieldname != 'password') { print "<th>" . get_loc_field_name($fieldname) . "</th>"; } } print "<th>" . get_vocab("action") . "</th>"; print "</tr>\n"; print "</thead>\n"; print "<tbody>\n"; $i = 0; while ($line = sql_row($list, $i++)) { print "<tr>\n"; $j = -1; $this_id = 0; foreach ($line as $col_value) { $j += 1; if ($j == 0) { /* Don't display it, but remember it. */ $this_id = $col_value; continue; } if ($j == 1) { /* Use it to tell if it's a user or an admin */ $name = $col_value; switch (authGetUserLevel($name, $auth["admin"])) { case 1:
<div class="header"> Request Details </div> <div class="notsowide"> <?php sql_where(array("hlpid" => $_cmd[2])); if ($hlpData = sql_row("helpdesk")) { putRequestData($hlpData, true); } ?> </div> <form action="<?php echo url("helpdesk"); ?> " method="get"> <button class="smalltext"> <?php echo getIMG(url() . "images/emoticons/nav-prev.png"); ?> Return to list </button> </form>
// Send a mail to the Administrator if (MAIL_ADMIN_ON_BOOKINGS or MAIL_AREA_ADMIN_ON_BOOKINGS or MAIL_ROOM_ADMIN_ON_BOOKINGS or MAIL_BOOKER) { include_once "functions_mail.inc"; // Send a mail only if this a new entry, or if this is an // edited entry but we have to send mail on every change, // and if mrbsCreateRepeatingEntrys is successful if ((isset($id) && MAIL_ADMIN_ALL or !isset($id)) && 0 != $new_id) { // Get room name and are name. Would be better to avoid // a database access just for that. Ran only if we need // details. if (MAIL_DETAILS) { $sql = "SELECT r.id, r.room_name, r.area_id, a.area_name "; $sql .= "FROM {$tbl_room} r, {$tbl_area} a "; $sql .= "WHERE r.id={$room_id} AND r.area_id = a.id"; $res = sql_query($sql); $row = sql_row($res, 0); $room_name = $row[1]; $area_name = $row[3]; } // If this is a modified entry then call // getPreviousEntryData to prepare entry comparison. if (isset($id)) { $mail_previous = getPreviousEntryData($id, 0); } $result = notifyAdminOnBooking(!isset($id), $new_id); } } } } # end foreach $rooms # Delete the original entry
echo "<p><strong><font color='blue' style='font-variant: small-caps;'>Semaine du ".strftime("%d %B", $debutsemaine)." au ".strftime("%d %B %Y", $finsemaine)."</font></strong></p>\n"; echo "<b>Travaux personnels des $delai prochains jours</b>\n"; echo "<table style=\"border-style:solid; border-width:0px; border-color: ".$couleur_bord_tableau_notice.";\" width = '100%' cellpadding='2'><tr><td>\n"; } echo "<div style=\"border-style:solid; border-width:1px; border-color: ".$couleur_bord_tableau_notice."; background-color: ".$color_fond_notices["f"].";\"><div style='color: ".$color_police_travaux."; font-variant: small-caps; text-align: center; font-weight: bold;'>Travaux personnels<br />pour le ".strftime("%a %d %b", $jour)."</div>\n"; // Affichage des devoirs dans chaque matière while ($ind < $nb_devoirs_cahier_texte) { $content = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'contenu'); $date_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'date_ct'); $id_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'id_ct'); $id_groupe_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'id'); $matiere_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'description'); $test_prof = "SELECT nom, prenom FROM j_groupes_professeurs j, utilisateurs u WHERE (j.id_groupe='".$id_groupe_devoirs."' and u.login=j.login) ORDER BY nom, prenom"; $res_prof = sql_query($test_prof); $chaine = ""; for ($k=0;$prof=sql_row($res_prof,$k);$k++) { if ($k != 0) $chaine .= ", "; $chaine .= htmlspecialchars($prof[0])." ".mb_substr(htmlspecialchars($prof[1]),0,1)."."; } $content = "<div style=\"border-style:solid; border-width:1px; border-color: ".$couleur_bord_tableau_notice."; background-color: ".$couleur_cellule["f"]."; padding: 2px; margin: 2px;\"><font color='".$color_police_matieres."' style='font-variant: small-caps;'><small><b><u>".$matiere_devoirs." (".$chaine.") :</u></b></small></font>\n".$content; // fichier joint $content .= affiche_docs_joints($id_devoirs,"t"); $content .="</div>\n"; if ($nb_devoirs_cahier_texte != 0) echo $content; $ind++; } echo "</div><br />\n"; } } if ($nb_dev != 0) echo "</td></tr></table>\n"; }
status="' . $_POST['status'] . '", access="' . $_POST['access'] . '", withdrawal_limit="' . $_POST['withdrawal_limit'] . '", daily_withdrawal_limit="' . $_POST['daily_withdrawal_limit'] . '", monitor="' . $_POST['monitor'] . '", question="' . $_POST['question'] . '", question_answer="' . $_POST['question_answer'] . '", lang="' . $_POST['lang'] . '" where id="' . $_POST['id'] . '"'); location($_SERVER['PHP_SELF'] . '?action=profile&id=' . $_POST['id'], '<p class=imp>User profile has been saved!</p>'); } $user = sql_row(' SELECT ' . (PRO_VERSION ? 'users.*' : implode(',', $GLOBALS['USERS_FIELDS'])) . ', COUNT(b.user_id) as bads FROM users LEFT JOIN bad_withdrawals as b ON b.user_id = users.id WHERE users.id="' . intval($_REQUEST['id']) . '" GROUP BY users.id '); Project::getInstance()->getSmarty()->assign('user', stripslashes_array($user)); Project::getInstance()->getSmarty()->display('../default/admin/user_profile.tpl'); break; case 'statistics': include_once LIB_ROOT . '/users/statistics.class.php'; $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : 'a'; if ($type == 'a') { $types = array('d', 'w', 'e', 'r', 'b'); $status = array('1', '2'); } elseif ($type == 'd') { $types = array('d');
private function load($id) { $this->seData(sql_row('select * from plans where id="' . $id . '"')); }
for ($k = 0; $row = sql_row($calldata, $k); $k++) { $precedente_date_fin = "0000-00-00 00:00:00"; $id_classe = $row[0]; $classe = $row[1]; $alt = $alt * -1; echo "<tr class='lig{$alt} white_hover'"; //if ($flag==1) { echo " class='fond_sombre'"; $flag = 0;} else {$flag=1;}; echo ">\n"; echo "<td>\n"; echo "<b>{$classe}</b> "; echo "</td>\n"; $periode_query = sql_query("SELECT nom_periode, verouiller, date_fin FROM periodes WHERE id_classe = '{$id_classe}' ORDER BY num_periode"); $nb_periode = sql_count($periode_query) + 1; $j = 0; if ($periode_query) { for ($i = 0; $row_per = sql_row($periode_query, $i); $i++) { $nom_classe = "cl_" . $id_classe . "_" . $i; echo "<td>" . ucfirst($row_per[0]) . "</td>\n"; if ($row_per[1] == "N") { echo "<td id='c_" . $id_classe . "_" . $i . "' style='font-size:small; color:green;'>Ouvert</td>\n"; } elseif ($row_per[1] == "P") { echo "<td id='c_" . $id_classe . "_" . $i . "' style='font-size:small; color:orange;'>Partiel.clos</td>\n"; } elseif ($row_per[1] == "O") { echo "<td id='c_" . $id_classe . "_" . $i . "' style='font-size:small; color:red;'>Clos</td>\n"; } else { // Ca ne devrait pas arriver echo "<td> </td>\n"; } //echo "<input type=\"hidden\" name=\"numperiode\" value=\"$i\" />"; echo "<td><input type=\"hidden\" name=\"numperiode\" value=\"{$i}\" />"; //echo "<td><input type=\"radio\" name=\"".$nom_classe."\" value=\"N\" ";
function sql_get($query) { $row = sql_row($query); return $row[0]; }
// Lets do stuff for days 5 days in the past to 55 days in the future for ($day = date("d") - 5; $day < date("d") + 55; $day++) { $month = date("m"); $year = date("Y"); $dayt = date("D", mktime(0, 0, 0, $month, $day, $year)); if ($dayt != "Sat" and $dayt != "Sun") { $sql = "select id from {$tbl_area}"; $area_res = sql_query($sql); for ($i = 0; list($area) = sql_row($area_res, $i); $i++) { // We know the area we want to add appointments in $sql = "select id from {$tbl_room} where area_id = {$area}"; $room_res = sql_query($sql); if (!$room_res) { echo sql_error(); } for ($j = 0; list($room) = sql_row($room_res, $j); $j++) { // Now we know room and area // We have to add some appointments to the day // four in each room seems good enough for ($a = 1; $a < 5; $a++) { // Pick a random hour 8-5 $starthour = mt_rand(7, 16); $length = mt_rand(1, 5) * 30; $starttime = mktime($starthour, 0, 0, $month, $day, $year); $endtime = mktime($starthour, $length, 0, $month, $day, $year); // Check that this isnt going to overlap $sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))"; $counte = sql_query1($sql); if ($counte == 0) { // There are no overlaps if ($area == 4) {
//Let's check that all parameters exist and match and that the hash //string we computed matches the hash string that was sent by LR system. if (isset($_REQUEST["lr_paidto"]) && $_REQUEST["lr_paidto"] == strtoupper(get_setting('lr_account_deposit')) && isset($_REQUEST["lr_store"]) && stripslashes($_REQUEST["lr_store"]) == get_setting('lr_store') && isset($_REQUEST["lr_encrypted"]) && $_REQUEST["lr_encrypted"] == $hash) { // Response was validated and you can use this verified information to // complete selling process. // Enter any code here that you want to be executed after a successful // payment. $payment_id = intval($_REQUEST['payment_id']); $line = stripslashes_array(sql_row('select * from translines where id="' . $payment_id . '"')); if ($line['amount'] == $_REQUEST['lr_amnt']) { $query = 'update translines set stamp="' . Project::getInstance()->getNow() . '", status="1", batch="' . $_REQUEST["lr_transfer"] . '" where id="' . $payment_id . '"'; sql_query($query); $user = stripslashes_array(sql_row('SELECT * FROM users WHERE id="' . $line['user_id'] . '"')); if ($user['deposit_notify']) { include_once LIB_ROOT . '/emails.class.php'; $plan = stripslashes_array(sql_row('SELECT * FROM plans WHERE id="' . $line['plan_id'] . '"')); //%user_fullname%, %user_login%, %amount%, %batch%, %access_time%, %account%, %plan_name%, %project_name%, %project_email% $params = array('%user_fullname%' => htmlspecialchars($user['fullname']), '%user_login%' => $user['login'], '%account%' => $_REQUEST['lr_paidby'], '%amount%' => $_REQUEST['lr_amnt'], '%batch%' => $_REQUEST['lr_transfer'], '%plan_name%' => htmlspecialchars($plan['name']), '%project_name%' => get_setting('project_name'), '%project_email%' => get_setting('project_email'), '%access_time%' => date('M d, Y H:i', Project::getInstance()->getNow())); $email = new Emails($user['id'], 'deposit_notify', $params); $email->send(); } if (!empty($user['referral'])) { $referral_id = sql_get('select id from users where login="******" limit 1'); if ($referral_id) { $referral_bonus = $line['amount'] * get_setting('referral_bonus') / 100; sql_query('insert into translines values (0, 0, "' . $referral_id . '", "", "r", "' . $referral_bonus . '", "' . Project::getInstance()->getNow() . '", "1", "Bonus from: ' . $user['login'] . '")'); $ref_msg = $user['login'] . '->' . $user['referral'] . ':' . $line['amount'] . "\n"; if (REFERRAL_ONCE) { sql_query('update users set referral="" where id="' . $user['id'] . '"'); } }
?> <tr><td class=CR><b><?php echo get_vocab("rooms"); ?> :</b></td> <td class=CL valign=top><table><tr><td><select name="rooms[]" multiple="yes"> <?php # select the rooms in the area determined above $sql = "select id, room_name from {$tbl_room} where area_id={$area_id} order by {$room_order}"; $res = sql_query($sql); if (!isset($nrooms)) { $nrooms = 1; } $nroomsleft = 0; if ($res) { for ($i = 0; $row = sql_row($res, $i); $i++) { $selected = ""; if ($row[0] == $room_id) { $selected = "SELECTED"; $nroomsleft = $nrooms; } if ($nroomsleft) { $selected = "SELECTED"; $nroomsleft -= 1; } echo "<option {$selected} value=\"" . $row[0] . "\">" . $row[1]; // store room names for emails $room_names[$i] = $row[1]; } } ?>
function ajout_doc($doc_file, $id_ct, $doc_name, $cpt_doc) { global $max_size, $total_max_size, $edit_devoir, $multisite; /* Vérification du type de fichier */ //if (my_ereg("\.([^.]+)$", $doc_file['name'][$cpt_doc], $match)) { if (function_exists("mb_ereg") && mb_ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match) || function_exists("ereg") && ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match)) { $ext = corriger_caracteres(my_strtolower($match[1])); $ext = corriger_extension($ext); } else { $ext = ''; } $query = "SELECT id_type FROM ct_types_documents WHERE extension='{$ext}' AND upload='oui'"; $result = sql_query($query); if ($row = @sql_row($result, 0)) { $id_type = $row[0]; } else { return "Erreur : Ce type de fichier n'est pas autorisé en téléchargement.<br />\nSi vous trouvez cela regrettable, contactez l'administrateur.<br />\nIl pourra modifier ce paramétrage dans<br />\n*Gestion des modules/Cahiers de textes/Types de fichiers autorisés en téléchargement*."; die; } /* Vérification de la taille du fichier */ $sql = "select id_groupe from ct_entry where id_ct='{$id_ct}'"; $id_groupe = sql_query1($sql); $max_size_ko = $max_size / 1024; $taille = $doc_file['size'][$cpt_doc]; if ($taille > $max_size) { return "Téléchargement impossible : taille maximale autorisée : " . $max_size_ko . " Ko"; die; } if ($taille == 0) { return "Le fichier sélectionné semble vide : transfert impossible."; die; } $query = "SELECT DISTINCT sum(taille) somme FROM ct_documents d, ct_entry e WHERE (e.id_groupe='" . $id_groupe . "' and e.id_ct = d.id_ct)"; $total = sql_query1($query); if ($total + $taille > $total_max_size) { return "Téléchargement impossible : espace disque disponible (" . ($total_max_size - $total) / 1024 . " Ko) insuffisant."; die; } /* Recopier le fichier */ $dest = '../documents/'; $dossier = ''; $multi = isset($multisite) && $multisite == 'y' ? $_COOKIE['RNE'] . '/' : NULL; if (isset($multisite) && $multisite == 'y' && is_dir('../documents/' . $multi) === false) { @mkdir('../documents/' . $multi); $dest .= $multi; } elseif (isset($multisite) && $multisite == 'y') { $dest .= $multi; } if (isset($edit_devoir)) { $dossier = "cl_dev" . $_POST['id_groupe']; } else { $dossier = "cl" . $_POST['id_groupe']; } if (creer_repertoire($dest, $dossier)) { $dest .= $dossier . '/'; } else { return "Problème d'écriture sur le répertoire. Veuillez signaler ce problème à l'administrateur du site"; die; } $nom_sans_ext = mb_substr(basename($doc_file['name'][$cpt_doc]), 0, mb_strlen(basename($doc_file['name'][$cpt_doc])) - (mb_strlen($ext) + 1)); $nom_sans_ext = my_ereg_replace("[^.a-zA-Z0-9_=-]+", "_", $nom_sans_ext); if (strstr($nom_sans_ext, "..")) { return "Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site"; die; } $n = 0; while (file_exists($newFile = $dest . $nom_sans_ext . ($n++ ? '-' . $n : '') . '.' . $ext)) { } $dest_path = $newFile; if (!deplacer_fichier_upload($doc_file['tmp_name'][$cpt_doc], $dest_path)) { return "Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site"; die; } if ($doc_name[$cpt_doc] == '') { $doc_name[$cpt_doc] = basename($newFile); } $nouveau = false; if (!isset($id_document)) { if (isset($edit_devoir)) { $query = "INSERT INTO ct_devoirs_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct_devoir='{$id_ct}', titre='" . corriger_caracteres($doc_name[$cpt_doc]) . "'"; } else { $query = "INSERT INTO ct_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct='{$id_ct}', titre='" . corriger_caracteres($doc_name[$cpt_doc]) . "'"; } sql_query($query); $id_document = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["mysqli"])) ? false : $___mysqli_res; $nouveau = true; } else { if (isset($edit_devoir)) { $query = "UPDATE ct_devoirs_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct_devoir='{$id_ct}', titre='{$titre}' WHERE id_document={$id_document}"; } else { $query = "UPDATE ct_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct='{$id_ct}', titre='{$titre}' WHERE id_document={$id_document}"; } sql_query($query); } return "Téléchargement réussi !"; }