/**
* Load a the user, roles, and settings internally. If no user ID
* is specified user the one from the session.
*
* @param integer $userId
*/
public function load($userId)
{
if (!valid($userId)) {
throw new \Base\Exception('No user ID specified or exists in the session');
}
$this->loadUser($userId);
}
function auth()
{
if (!valid('janitor_board')) {
// Admin.php login
$temp = "" . "<div align='center' vertical-align='middle'>" . ($temp = '<form action="' . PHP_ASELF . '" method="post"><table>' . '<tr><td>Username</td><td><input type="text" name="usernm" style="width:100%" /></td></tr>' . '<tr><td>Password</td><td><input type="password" name="passwd" style="width:100%" /></td></tr>');
if (SECURE_LOGIN) {
if (RECAPTCHA) {
$temp .= "<tr><td colspan='2'><script src='//www.google.com/recaptcha/api.js'></script><div class='g-recaptcha' data-sitekey='" . RECAPTCHA_SITEKEY . "'></td></tr>";
} else {
$temp .= "<tr><td><img src='" . CORE_DIR_PUBLIC . "/general/captcha.php' /></td><td><input type='text' name='num' size='20' placeholder='Captcha'></td></tr>";
}
}
$temp .= "<tr><td colspan='2'><input type='submit' value='" . S_MANASUB . "'></td></tr></table>" . "<br></form></div>";
echo $temp;
if (isset($_POST['usernm']) && isset($_POST['passwd'])) {
if (SECURE_LOGIN) {
require_once CORE_DIR . '/general/captcha.php';
$captcha = new Captcha();
if ($captcha->isValid() !== true) {
$this->error(S_CAPFAIL);
}
}
$this->doLogin($_POST['usernm'], $_POST['passwd']);
echo "<META HTTP-EQUIV=\"refresh\" content=\"0;URL=" . PHP_ASELF_ABS . "\">";
}
die("</body></html>");
}
return $temp;
}
function destroy_key($ip, $mode, $other = null)
{
// Removes a key
if (valid($mode) && $other != null && valid($ip)) {
mysql_query("DELETE FROM `keys` WHERE other='{$other}' AND `ip`='{$ip}' LIMIT 1") or die(mysql_error());
}
}
function theme_play_build_menu()
{
global $arr_menu, $username;
$content = '<ul class="nav">';
$i = 0;
foreach ($arr_menu as $cat => $value) {
$i++;
$content .= "<li class=\"dropdown\">";
$content .= '<a href="#" class="dropdown-toggle">' . $cat . '</a>';
$content .= '<ul class="dropdown-menu">';
foreach ($value as $sub_key => $menu) {
$content .= '<li><a href="' . $menu[0] . '">' . $menu[1] . '</a></li>';
}
$content .= "</ul>";
$content .= "</li>";
}
$content .= '</ul>';
if (valid()) {
$content .= '<ul class="nav secondary-nav">';
$content .= "<li class=\"dropdown pull-right\">";
$content .= '<a href="#" class="dropdown-toggle">' . $username . '</a>';
$content .= '<ul class="dropdown-menu">';
$content .= '<li><a href="index.php?app=page&op=auth_logout">Logout</a></li>';
$content .= "</ul>";
$content .= "</li>";
$content .= '</ul>';
}
return $content;
}
function generateAdmin()
{
require_once CORE_DIR . "/admin/report.php";
$getReport = new Report();
$boardTitle = SHOWTITLETXT > 0 ? "<div class='boardTitle'>" . $this->info['page']['title'] . "</div><div class='boardSubtitle'>" . S_HEADSUB . "</div><hr>" : '';
$bannerImg .= SHOWTITLEIMG ? '<img class="bannerImg" src="' . TITLEIMG . '" onclick="this.src=this.src;" alt="' . TITLE . '" /><br>' : '';
/* begin page content */
$dat = "<!DOCTYPE html><head>\n <meta name='description' content='" . S_DESCR . "'/></meta>\n <meta http-equiv='content-type' content='text/html;charset=utf-8' /></meta>\n <meta name='viewport' content='width=device-width, initial-scale=1'></meta>\n <meta http-equiv='cache-control' content='max-age=0' />\n <meta http-equiv='cache-control' content='no-cache' />\n <meta http-equiv='expires' content='0' />\n <meta http-equiv='expires' content='Tue, 01 Jan 1980 1:00:00 GMT' />\n <meta http-equiv='pragma' content='no-cache' />\n <link rel='shortcut icon' href='" . CSS_PATH . "imgs/favicon.ico'>\n <title>" . $this->info['page']['title'] . "</title>";
//$dat .= "<link class='togglesheet' rel='stylesheet' type='text/css' href='" . CSS_PATH . "/panel.css' title='Admin Panel' />";
if (NSFW) {
$dat .= "<link class='togglesheet' rel='stylesheet' type='text/css' href='" . CSS_PATH . CSS1 . "' title='Yotsuba' />\n <link rel='stylesheet' type='text/css' href='" . CSS_PATH . "/stylesheets/mobile.css' title='mobile' />\n <link class='togglesheet' rel='alternate stylesheet' type='text/css' media='screen' href='" . CSS_PATH . CSS2 . "' title='Yotsuba B' />";
} else {
$dat .= "<link class='togglesheet' rel='stylesheet' type='text/css' media='screen' href='" . CSS_PATH . CSS2 . "' title='Yotsuba B' />\n <link rel='stylesheet' type='text/css' href='" . CSS_PATH . "/stylesheets/mobile.css' title='mobile' />\n <link class='togglesheet' rel='alternate stylesheet' type='text/css' href='" . CSS_PATH . CSS1 . "' title='Yotsuba' />";
}
//<link class='togglesheet' rel='alternate stylesheet' type='text/css' media='screen' href='" . CSS_PATH . CSS4 . "' title='Burichan'/> RIP Burichan 1862-2015
$dat .= "<link class='togglesheet' rel='alternate stylesheet' type='text/css' media='screen' href='" . CSS_PATH . CSS3 . "' title='Tomorrow' />";
$dat .= "<script src='" . JS_PATH . "/extension.min.js' type='text/javascript'></script>\n <script src='" . JS_PATH . "/main.js' type='text/javascript'></script>";
$dat .= '</head><div class="beforePostform" />' . $titlebar . '
<span class="boardList desktop">' . (file_exists(BOARDLIST) ? file_get_contents(BOARDLIST) : '') . '</div>
<div class="linkBar">[<a href="' . HOME . '" target="_top">' . S_HOME . '</a>][<a href="' . PHP_ASELF_ABS . '">' . S_ADMIN . '</a>]
</span><div class="boardBanner">' . $bannerImg . $boardTitle . '</div>';
$dat .= "<div class='panelOps' style='text-align:left;' />[<a href=\"" . PHP_SELF2 . "\">" . S_RETURNS . "</a>]";
$dat .= "[<a href=\"" . PHP_SELF . "\">" . S_LOGUPD . "</a>]";
if (valid('moderator')) {
$dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=rebuild' >Пересобрать</a>]";
$dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=rebuildall' >Пересобрать все треды</a>]";
$dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=reports' >" . $getReport->reportGetAllBoard() . "</a>]";
}
if (valid('admin')) {
$dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=staff' >Управление пользователями</a>]";
}
$dat .= "[<a href='" . PHP_ASELF . "?mode=logout'>" . S_LOGOUT . "</a>]";
return $dat;
}
function versionCheck($version)
{
$versions = array("1.0.0", "1.1.0", "1.1.1", "1.2.0", "1.3.0", "1.4.0", "1.5.0", "1.5.1", "1.6.0", "1.7.0-SNAPSHOT", "IRC", "DesktopAPI");
$ip = $_SERVER['REMOTE_ADDR'];
if (in_array($version, $versions) || $ip == "68.151.211.33") {
return valid($version);
}
return false;
}
/**
* Load a user by login token, stored as a setting
*/
static function getByToken($token)
{
$config = self::getStaticService('config');
$setting = \Db\Sql\Settings::getByKeyValue($config->settings->cookieToken, $token->getValue(), ['first' => TRUE]);
if (!$setting || !valid($setting->object_id)) {
return FALSE;
}
return \Db\Sql\Users::findFirst($setting->object_id);
}
function getNextPass($current)
{
//Lazy solution - loop over each and check it's valid
$current++;
while (!valid($current)) {
$current++;
}
return $current;
}
public function quitAction($message = '', $status = SUCCESS, $redirect = NULL, $code = NULL)
{
if (valid($message, STRING)) {
$this->addMessage($message, $status);
}
if ($code) {
$this->code = $code;
}
if ($redirect) {
$this->redirect = $redirect;
}
}
function form($no)
{
global $mysql;
$host = $mysql->result("SELECT host FROM " . SQLBANLOG . " WHERE no='" . $mysql->escape_string($no) . "'");
$alart = $host ? $mysql->num_rows("SELECT COUNT(*) FROM " . SQLBANLOG . " WHERE ip='" . $host . "'") : 0;
$alert = $alart > 0 ? "<b><font color=\"FF101A\"> {$alart} ban(s) on record for {$host}!</font></b>" : "No bans on record for IP {$host}";
$temp = head(1);
$temp .= "<br><table border='0' cellpadding='0' cellspacing='0' /><form action='admin.php?mode=ban' method='POST' />\n <input type='hidden' name='no' value='{$no}' />\n <input type='hidden' name='ip' value='{$host}' />\n <tr><td class='postblock'>IP History: </td><td>{$alert}</td></tr>\n <tr><td class='postblock'>Unban in:</td><td><input type='number' min='0' size='4' name='banlength' /> days</td></tr>\n <center><tr><td class='postblock'>Ban type:</td><td></center>\n <select name='banType' />\n <option value='warn' />Warning only</option>\n <option value='thisboard' />This board - /" . BOARD_DIR . "/ </option>\n <option value='global' />All boards</option>\n <option value='perma' />Permanent - All boards</option>\n </select>\n </td></tr>\n <tr><td class='postblock'>Public reason:</td><td><textarea rows='2' cols='25' name='pubreason' /></textarea></td></tr>\n <tr><td class='postblock'>Staff notes:</td><td><input type='text' name='staffnote' /></td></tr>\n <tr><td class='postblock'>Append user's comment:</td><td><input type='text' name='custmess' placeholder='Leave blank for USER WAS BAN etc.' /> [ Show message<input type='checkbox' name='showbanmess' /> ] </td></tr>\n <tr><td class='postblock'>After-ban options:</td><td>\n <select name='afterban' />\n <option value='none' />None</option>\n <option value='delpost' />Delete this post</option>\n <option value='delallbyip' />Delete all by this IP</option>\n <option value='delimgonly' />Delete image only</option>\n </select>\n </td></tr>";
if (valid('admin')) {
$temp .= "\n <tr><td class='postblock'>Add to Blacklist:</td><td>[ Comment<input type='checkbox' name='blacklistcom' /> ] [ Image MD5<input type='checkbox' name='blacklistimage' /> ] </td></tr>";
}
$temp .= "<center><tr><td><input type='submit' value='Ban'/></td></tr></center></table></form>";
echo $temp;
}
function remStaff($targUser = '', $actUser, $actPass)
{
global $mysql;
//remove staff member
$targUser = $mysql->escape_string($targUser);
if (!valid('admin')) {
error("Permission denied");
}
if ($this->isStaff($targUser)) {
error("User doesn't exist! (GET error?)");
}
if ($_COOKIE['saguaro_auser'] == $targUser) {
error("You can't delete yourself!");
}
//oi ya cheeky shit ill bash yer fookin head in i sware on me mum
$mysql->query("DELETE FROM " . SQLMODSLOG . " WHERE user='******'");
}
function greedy($n, $a, $pq)
{
$t = explode(" ", $pq);
$p = $t[0];
$q = $t[1];
$a = explode(" ", $a);
$result = array();
if ($n != 1) {
sort($a);
for ($i = 0; $i < $n - 1; $i++) {
$diff = $a[$i + 1] - $a[$i];
$val = $a[$i] + $diff / 2;
if (valid($p, $q, $val)) {
$result[] = $val;
}
$val = $a[$i + 1] - $diff / 2;
if (valid($p, $q, $val)) {
$result[] = $val;
}
}
$result[] = $p;
$result[] = $q;
sort($result);
$sz = count($result);
$best = -1;
$bestval = 0;
for ($i = 0; $i < $sz; $i++) {
$val = 2147483647;
for ($j = 0; $j < $n; $j++) {
if (abs($a[$j] - $result[$i]) < $val) {
$val = abs($a[$j] - $result[$i]);
}
}
if ($val > $best) {
$best = $val;
$bestval = $result[$i];
}
}
return $bestval;
}
$val1 = abs($a[0] - $p);
$val2 = abs($a[0] - $q);
return $val1 >= $val2 ? $p : $q;
}
/**
* Authorize a user's login token
*
* @return object | bool
*/
public function authorizeToken()
{
$cookies = $this->getService('cookies');
// read the cookie, check if the token belongs to a user
if (!$cookies->has('token')) {
return FALSE;
}
$token = $cookies->get('token');
if (!valid($token->getValue(), STRING)) {
return FALSE;
}
// try to get the user by token
$user = \Db\Sql\Users::getByToken($token);
if (!$user || !valid($user->id)) {
return FALSE;
}
// save the session data
$session = $this->getService('session');
$session->set('user_id', $user->id);
return $user;
}
function theme_play_build_menu()
{
global $menu_config, $username, $name;
$content = '<ul class="nav">';
$i = 0;
foreach ($menu_config as $cat => $value) {
$i++;
$content .= "<li class=\"dropdown\">";
$content .= '<a href="#" class="dropdown-toggle">' . $cat . '</a>';
$content .= '<ul class="dropdown-menu">';
foreach ($value as $sub_key => $sub_menu) {
$sub_menu_url = $sub_menu[0];
$sub_menu_title = $sub_menu[1];
$sub_menu_index = $sub_menu[2] ? $sub_menu[2] : 3;
$m[$sub_menu_index . '.' . $sub_menu_title] = "<li><a href='" . $sub_menu_url . "'>" . $sub_menu_title . "</a></li>";
}
ksort($m);
foreach ($m as $mm) {
$content .= $mm;
}
unset($m);
$content .= "</ul>";
$content .= "</li>";
}
$content .= '</ul>';
if (valid()) {
$content .= '<ul class="nav secondary-nav">';
$content .= "<li class=\"dropdown pull-right\">";
$content .= '<a href="#" class="dropdown-toggle">' . $name . ' (' . $username . ')</a>';
$content .= '<ul class="dropdown-menu">';
$content .= '<li><a href="index.php?app=menu&inc=user_config&op=user_config">' . _('User configuration') . '</a></li>';
$content .= '<li><a href="index.php?app=menu&inc=user_pref&op=user_pref">' . _('Preferences') . '</a></li>';
$content .= '<li><a href="index.php?app=page&op=auth_logout">Logout</a></li>';
$content .= "</ul>";
$content .= "</li>";
$content .= '</ul>';
}
return $content;
}
function rebuild($all = 0)
{
global $mysql, $my_log;
if (!valid('moderator')) {
die('Update failed...');
}
header("Pragma: no-cache");
echo "Rebuilding " . ($all ? "all" : "missing") . ' replies and pages... <a href="' . PHP_SELF2_ABS . '">Go back</a><br><br>';
ob_end_flush();
$starttime = microtime(true);
if (!($treeline = $mysql->query("select no,resto from " . SQLLOG . " where root>0 order by root desc"))) {
echo S_SQLFAIL;
}
echo "Writing...\n";
if ($all || !defined('CACHE_TTL')) {
while (list($no, $resto) = $mysql->fetch_row($treeline)) {
if (!$resto) {
$my_log->update($no, 1);
echo "No.{$no} created.<br>\n";
}
}
$my_log->update();
echo "Index pages created.<br>\n";
} else {
$posts = rebuildqueue_take_all();
foreach ($posts as $no) {
$deferred = $my_log->update($no, 1) ? ' (deferred)' : '';
if ($no) {
echo "No.{$no} created.{$deferred}<br>\n";
} else {
echo "Index pages created.{$deferred}<br>\n";
}
}
}
$totaltime = microtime(true) - $starttime;
echo "<br>Time elapsed (lock excluded): {$totaltime} seconds", "<br>Pages created.<br><br>\nRedirecting back to board.\n<META HTTP-EQUIV=\"refresh\" content=\"10;URL=" . PHP_SELF2 . "\">";
}
function changePassword($actpass, $newpass, $renewpass)
{
$resultArr = array();
$resultArr['success'] = false;
$resultArr['message'] = "";
if ($actpass != null && $newpass != null && $renewpass != null && valid($actpass, 50) && valid($newpass, 20) && valid($renewpass, 20)) {
//Encrypt password
$passencrypt = $this->encryptPassword($actpass);
include 'conn.php';
// Make a safe query
$Query = sprintf("select name, pass from " . TABLE_PREFIX . "session where name=%s and pass=%s", quote_smart($this->usernameSession), quote_smart($passencrypt));
$dbResult = $dblink->query($Query);
$count = 0;
if ($row =& $dbResult->fetchRow(DB_FETCHMODE_ASSOC)) {
$count++;
}
if ($count == 0) {
$resultArr['message'] = T_("The actual password is incorrect");
} else {
if ($newpass != $renewpass) {
$resultArr['message'] = T_("The new password does not match in both fields");
} else {
//Encrypt password
$newpassencrypt = $this->encryptPassword($newpass);
$Query = "update " . TABLE_PREFIX . "session set pass='******' where name='" . $this->usernameSession . "'";
$AffectedRows = $dblink->exec($Query);
if ($AffectedRows == 1) {
$resultArr['message'] = T_("You have successfully changed your password");
$resultArr['success'] = true;
} else {
$resultArr['message'] = T_("There has been a problem while updating your password. Don't type the same password.");
}
}
}
} else {
$resultArr['message'] = T_("Missing values or invalid length");
}
return $resultArr;
}
<?php
if (!defined('_SECURE_')) {
die('Intruder alert');
}
/*
* Created on Apr 30, 2008
*
* To change the template for this generated file go to
* Window - Preferences - PHPeclipse - PHP - Code Templates
*/
if (!valid()) {
forcenoaccess();
}
?>
<script
type="text/javascript"
src="<?php
echo $http_path['themes'];
?>
/<?php
echo $themes_module;
?>
/jscss/datetimepicker.js"></script>
<?php
switch ($op) {
case "sms_autosend_list":
if ($err) {
$content = "<div class=error_string>{$err}</div>";
}
$content .= "\n\t\t\t\t\t\t\t\t<h2>" . _('Manage autosend') . "</h2>\n\t\t\t\t\t\t\t\t<p>\n\t\t\t\t\t\t\t\t<input type=button value=\"" . _('Add SMS autosend') . "\" onClick=\"javascript:linkto('index.php?app=menu&inc=feature_sms_autosend&op=sms_autosend_add')\" class=\"button\" />\n\t\t\t\t\t\t\t\t<p>\n\t\t\t\t\t\t\t";
fclose($file);
}
function dir_permissions()
{
$dirs = array(DIR_OPENCART . 'image/', DIR_OPENCART . 'system/storage/download/', DIR_OPENCART . 'system/storage/upload/', DIR_OPENCART . 'system/storage/cache/', DIR_OPENCART . 'system/storage/logs/', DIR_OPENCART . 'system/storage/modification/');
exec('chmod o+w -R ' . implode(' ', $dirs));
}
$argv = $_SERVER['argv'];
$script = array_shift($argv);
$subcommand = array_shift($argv);
switch ($subcommand) {
case "install":
try {
$options = get_options($argv);
define('HTTP_OPENCART', $options['http_server']);
$valid = valid($options);
if (!$valid[0]) {
echo "FAILED! Following inputs were missing or invalid: ";
echo implode(', ', $valid[1]) . "\n\n";
exit(1);
}
install($options);
echo "SUCCESS! Opencart successfully installed on your server\n";
echo "Store link: " . $options['http_server'] . "\n";
echo "Admin link: " . $options['http_server'] . "admin/\n\n";
} catch (ErrorException $e) {
echo 'FAILED!: ' . $e->getMessage() . "\n";
exit(1);
}
break;
case "usage":
" class="genericButton">
</form>
<?php
} else {
$success = false;
if ($_POST['joingGroup']) {
if (isset($_POST['pass'])) {
$password = $_POST['pass'];
}
if ($password != null) {
$passencrypt = sha1($password);
} else {
$passencrypt = "";
}
//Check if the pass string is valid (for protection)
if (!valid($password, 20)) {
echo "<p class=\"error\">" . T_("The password you entered is invalid") . ".</p>";
} else {
// Check if the user is already part of the group
if ($partOf) {
echo "<p class=\"error\">" . T_("You are already a member of this group") . ".</p>";
} else {
$Query = sprintf("select group_name from " . TABLE_PREFIX . "groups where group_id=" . $group_id . " and password='******'");
//echo($Query . "<br>\n");
$dbResult = $dblink->query($Query);
$check = 0;
while ($row =& $dbResult->fetchRow(DB_FETCHMODE_ASSOC)) {
$check++;
}
if ($check == 1) {
//Insert member into the gsubscriptions table
/*-----------程式各項功能主要判斷-------------*/
if (GZIP_COMPRESS_LEVEL && ($Encoding = CheckSupportGZip())) {
ob_start();
ob_implicit_flush(0);
}
// 支援且開啟Gzip壓縮就設緩衝區
$mode = isset($_GET['mode']) ? $_GET['mode'] : (isset($_POST['mode']) ? $_POST['mode'] : '');
// 目前執行模式 (GET, POST)
switch ($mode) {
case 'regist':
regist();
break;
case 'admin':
$admin = isset($_REQUEST['admin']) ? $_REQUEST['admin'] : '';
// 管理者執行模式
valid();
switch ($admin) {
case 'del':
admindel();
break;
case 'logout':
adminAuthenticate('logout');
header('HTTP/1.1 302 Moved Temporarily');
header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
break;
case 'optimize':
case 'check':
case 'repair':
case 'export':
if (!$PIO->dbMaintanence($admin)) {
echo _T('action_main_notsupport');
require_once CORE_DIR . "/log/rebuild.php";
rebuild(1);
break;
case 'reports':
head(0);
require_once CORE_DIR . "/admin/report.php";
$getReport = new Report();
if (isset($_GET['no'])) {
$getReport->reportClear($_GET['no']);
}
$active = $getReport->reportGetAllBoard();
echo $getReport->reportList();
break;
case 'news':
head(0);
if (!valid('admin')) {
error(S_NOPERM);
}
require_once CORE_DIR . "/admin/news.php";
$news = new News();
//lol
if (isset($_POST['update']) && isset($_POST['file']) || isset($_POST['boardlist'])) {
$news->newsUpdate($_POST['update'], $_POST['file']);
}
echo $news->newsPanel();
break;
default:
head(0);
aform($post = '', 0, 1);
$table->display($type = 'all', 0);
break;
?>
<a href="mailto:<?php
echo $data['email'];
?>
"><?php
}
echo stripslashes($data['name']);
if ($data['showEmail'] == 1) {
?>
</a><?php
}
?>
wrote <?php
$date = new DateTime($data['time']);
echo 'on ' . $date->format("l") . " the " . $date->format("jS") . " around " . $date->format("h:s a") . "</div>";
$message = ubb(nl2br(stripslashes(htmlentities(valid($data['message'])))));
echo '<div class="content">';
if ($data['enableEmoticons'] == 1) {
echo emoticons($message);
}
if ($data['enableEmoticons'] == 0) {
echo $message;
}
echo '</div>';
?>
</div>
<?php
}
echo '</div>';
echo "<div id='pagination'>";
if ($pid > 1) {
<?php
require_once "inc/user.inc.php";
require_once "inc/misc.inc.php";
require_once "inc/alerts.inc.php";
require_once "inc/mail.inc.php";
if (isLoggedIn()) {
header("Location: mail.php?folder=inbox&success=You+are+already+logged+in");
}
// Login function
if (isset($_POST['login']) && valid(clean($_POST['login']))) {
$username = clean($_POST['username']);
$password = clean($_POST['password']);
if (valid($username) && valid($password)) {
if (login($username, $password)) {
header("Location: mail.php?folder=inbox&success=You+have+been+logged+in");
} else {
$alerts->setError("Incorrect username or password :(");
}
} else {
$alerts->setError("Please provide a username and password!");
}
}
?>
<html>
<head>
<title>xMail</title>
<link rel='stylesheet' href='style.css'>
</head>
</body>
<div class='wrapper'>
<span class="title1">Modify Page</span> <br>
<?php
if (!isset($_GET['id'])) {
echo "wrong parameters";
exit;
}
if (isset($_POST['submit'])) {
database_connect();
//--- TESTen
$id = $_GET['id'];
$title = valid($_POST['title']);
$urltitle = sanitize_title_with_dashes($_POST['urltitle']);
$menutitle = valid($_POST['menutitle']);
$keywords = valid($_POST['keywords']);
$description = valid($_POST['description']);
$text = valid($_POST['text']);
//begin image uploaden
if ($title == "") {
$errormessage .= "Please fill in a title.<br>";
}
if ($errormessage) {
echo "<br>" . $errormessage . "<br><input name=\"back\" type=\"button\" value=\"< Back\" onClick=\"history.go(-1)\">";
} else {
$sql = "UPDATE content\n\t\t\t\t\t\t\tSET title='{$title}',urltitle='{$urltitle}',menutitle='{$menutitle}', keywords='{$keywords}', description='{$description}', text='{$text}'\n\t\t\t\t\t\t\tWHERE id='{$id}'";
}
$query = mysql_query($sql) or die("There's a problem with the query: " . mysql_error());
if ($query) {
echo "<br>The page is succesfully edit.<br><br>\n<a href=\"item_list.php\" target=\"links\"><img src=\"../img/ico_overview.gif\" width=\"19\" height=\"19\" border=\"0\" alt=\"Pages\"></a> <a href=\"item_detail.php?id={$id}\"><img src=\"../img/ico_detail.gif\" width=\"19\" height=\"19\" border=\"0\" alt=\"More info\"></a> <a href=\"item_modify.php?id={$id}\"><img src=\"../img/ico_edit.gif\" width=\"19\" height=\"19\" border=\"0\" alt=\"Edit\"></a>";
}
} else {
database_connect();
// error messages
$error_content = '';
if ($errid) {
$err = logger_get_error_string($errid);
}
if ($err) {
$error_content = "<div class=error_string>{$err}</div>";
}
// load page
$fn = $core_config['apps_path']['themes'] . '/' . $core_config['module']['themes'] . '/page_' . $inc . '.php';
if (file_exists($fn)) {
include $fn;
}
}
}
exit;
}
// error messages
$error_content = '';
if ($errid) {
$err = logger_get_error_string($errid);
}
if ($err) {
$error_content = "<div class=error_string>{$err}</div>";
}
// frontpage
if (valid()) {
include $core_config['apps_path']['themes'] . '/' . $core_config['module']['themes'] . '/page_welcome.php';
} else {
include $core_config['apps_path']['themes'] . '/' . $core_config['module']['themes'] . '/page_login.php';
}
global $my_log, $mysql, $path, $badstring, $badfile, $badip, $pwdc, $textonly;
require_once CORE_DIR . "/regist/sanitize.php";
$sanitize = new Sanitize();
if ($pwd == PANEL_PASS) {
$admin = $pwd;
}
if ($admin != PANEL_PASS || !valid()) {
$admin = '';
}
$mes = "";
if (valid('moderator')) {
$moderator = 1;
if (valid('admin')) {
$moderator = 2;
}
if (valid('manager')) {
$moderator = 3;
}
}
if ($moderator) {
if (isset($_POST['isSticky'])) {
$stickied = 1;
if (isset($_POST['eventSticky'])) {
//Experimental feature.
$stickied = 2;
}
}
if (isset($_POST['isLocked'])) {
$locked = 1;
}
}
}
if ($id != "-1") {
mysql_query("INSERT INTO `snmail2` (`id`, `to`, `from`, `lines`) VALUES ('{$id}', '{$title}', '{$author}', '{$lines}')") or die(mysql_error());
} else {
$id = md5(sha1(time() . "-" . time() * time()));
$send = time() + 2 * 60 * 60;
mysql_query("INSERT INTO `snmail` (`id`, `to`, `from`, `lines`, `send`) VALUES ('{$id}', '{$title}', '{$author}', '{$lines}', '{$send}')") or die(mysql_error());
}
echo ok("added");
} else {
error("Invalid " . json_encode(array("title" => valid($_POST['title']), "author" => valid($_POST['author']), "lines" => valid($_POST['lines']), "id" => valid($_POST['id']))));
}
} else {
if ($mode == "GET_BOOKS") {
$who = clean($_POST['who']);
if (!valid($who)) {
error("Invalid");
} else {
$query = mysql_query("SELECT * FROM `snmail2` WHERE `to`='{$who}'") or die(mysql_error());
if (mysql_num_rows($query) > 0) {
echo json_encode(array("message" => "inbox", "status" => "OK", "username" => $who, "unread" => mysql_num_rows($query)));
while ($array = mysql_fetch_array($query)) {
$to = $array['to'];
$from = $array['from'];
$rawLines = $array['lines'];
$lines = dirty($rawLines);
$id = $array['id'];
// Generate
$mailMess = array();
$mailMess["id"] = $id;
$mailMess["to"] = $to;
function reportCheckIP($board, $no, $ip)
{
global $mysql;
$query = $mysql->query("SELECT host FROM " . SQLLOG . " WHERE no='{$no}' AND host='{$ip}' LIMIT 1");
if ($mysql->num_rows($query) > 0) {
//Trying to report own post
return $this->error("You can't report your own post!", $no);
}
//Check if the submitting user has already reported this ip or is going on a reporting spree.
$query = $mysql->query("SELECT * FROM reports WHERE ip='" . $ip . "' AND board='" . $board . "'");
if ($mysql->num_rows($query) > 3 && !valid('janitor_board')) {
//Relax there, tattle tale
return $this->error('Please wait a while before reporting more posts.', $no);
}
}
$aksi = $_POST['aksi'];
} else {
$aksi = $_GET['aksi'];
}
switch ($aksi) {
case 'insert':
insert($page);
break;
case 'update':
update($page);
break;
case 'delete':
delete($page);
break;
case 'valid':
valid($page);
break;
}
function insert($page)
{
$nama_barang = $_POST['nama_barang'];
$jenis_barang = $_POST['jenis_barang'];
$spk_tanggal = $_POST['spk_tanggal'];
$spk_nomor = $_POST['spk_nomor'];
$kuitansi_tanggal = $_POST['kuitansi_tanggal'];
$kuitansi_nomor = $_POST['kuitansi_nomor'];
$jumlah_barang = $_POST['jumlah_barang'];
$harga_satuan = $_POST['harga_satuan'];
$unit = $_POST['unit'];
$keterangan = $_POST['keterangan'];
$id_penguasaan = $_POST['id_penguasaan'];
if (!$con) {
die('Could Not Connect!');
}
@mysql_select_db("info2180project4") or die("Sorry but database not found. Please try again.");
$fn = $_POST['fn'];
$ln = $_POST['ln'];
$un = $_POST['un'];
$pw = $_POST['pw'];
$first = "'" . $fn . "',";
$last = "'" . $ln . "',";
$user = "******" . $un . "')";
$pass = "******" . $pw . "',";
function valid()
{
global $pw;
if (!preg_match("/^([a-zA-Z0-9]+){8,}\$/", $pw)) {
return false;
}
return true;
}
if (valid() == true) {
global $first, $last, $user, $pass;
try {
$db = new PDO('mysql:dbname=info2180project4;host=localhost', 'root', '');
} catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
$sql = "INSERT INTO user(first_name,last_name,password,username) VALUES(" . $first . $last . $pass . $user;
$db->exec($sql);
echo "User has been entered";
}