<?php
// used in integration tests to see if POST method works.
// for security reasons we allow max 3 post vars, each key and value is only allowed to have max 6 hex characters
function accept($key)
{
if (ctype_xdigit($key) && strlen($key) <= 6) {
return $key;
}
}
if (count($_POST) > 4) {
exit;
}
$values = array();
foreach ($_POST as $key => $value) {
if (accept($key) && accept($value)) {
$values[$key] = $value;
}
}
if (!empty($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) === 'post') {
$values['method'] = 'post';
}
echo json_encode($values);
exit;
#
#
#
#
# Get settings
require "settings.php";
require "core-settings.php";
require "libs/ext.lib.php";
# decide what to do
if (isset($_GET["invid"])) {
$OUTPUT = details($_GET);
} else {
if (isset($_POST["key"])) {
switch ($_POST["key"]) {
case "accept":
$OUTPUT = accept($_POST);
break;
default:
$OUTPUT = "<li class=err>Invalid use of module.";
}
} else {
$OUTPUT = "<li class=err>Invalid use of module.";
}
}
# Get templete
require "template.php";
# Details
function details($_GET)
{
# Get vars
foreach ($_GET as $key => $value) {
<!DOCTYPE html>
<html lang="en">
<?php
include_once 'header.php';
include_once '../includes/functions.php';
if (!loggedinadmin()) {
die("<script>location.href = 'login.php'</script>");
}
if (isset($_GET['del'])) {
$no = $_GET['del'];
delete($no);
} elseif (isset($_GET['acpt'])) {
$no = $_GET['acpt'];
accept($no);
} elseif (isset($_GET['actv'])) {
$no = $_GET['actv'];
active($no);
} elseif (isset($_GET['inac'])) {
$no = $_GET['inac'];
inactive($no);
}
function delete($no)
{
require_once "../includes/sql.php";
$conexion = db_connect();
$sql = "DELETE FROM user WHERE user_id='" . $no . "'";
$result = $conexion->query($sql) or die("oopsy, error when tryin to delete ");
}
function accept($no)
{
require_once "../includes/sql.php";
if ($vc->status != "cancelled") {
$html .= CHtml::ajaxLink('Cancel', Yii::app()->createAbsoluteUrl('videoConference/cancel/' . $vc->id), array('type' => 'post', 'data' => array('id' => $vc->id, 'type' => 'post'), 'update' => 'message', 'success' => 'function(response) {
$(".message").html(response);
location.reload();
}'), array('confirm' => 'Are you sure you want to cancel this conference?', "visible" => $ismoderator, 'role' => "button", "class" => "btn btn-warning"));
}
} else {
$invitation = VCInvitation::model()->findByAttributes(array('videoconference_id' => $vc->id, 'invitee_id' => $user->id));
if ($invitation->status == "Unknown") {
$html .= accept($vc->id);
$html .= reject($vc->id);
} else {
if ($invitation->status == "Accepted") {
$html .= reject($vc->id);
} else {
$html .= accept($vc->id);
}
}
}
$html .= "</div>";
$html = str_replace("%SUBJECT%", $vc->subject, $html);
$html = str_replace("%MSTATUS%", $vc->status, $html);
$html = str_replace("%MSTATUS%", $vc->status, $html);
if ($vc->status == "cancelled") {
$html = str_replace("%STATUS%", "<p style='font-weight: bold'>Status: Cancelled</p>", $html);
} else {
$html = str_replace("%STATUS%", "", $html);
}
$html = str_replace("%DATE%", $user_friendly_date, $html);
$html = str_replace("%NOTE%", $vc->notes, $html);
$html = str_replace("%PARTICIPANTS%", $vc->findParticipantsHTMLList(), $html);
<form>
<p style="text-align: center">
<span style="font-size: 150%;">
<?php
if (isset($_POST['accept'])) {
$trans_id = $_POST['trans_id'];
accept($con, $trans_id, $_SESSION['uid']);
}
?>
Search Transactions
</span>
<br /><br />
Zip Code:
$z = $single["coordinateZ"];
if ($single["timeChecked"] == "" || isset($single["timeChecked"])) {
$already = 1;
}
}
$quest = array();
$quest = questInfo($qId, $mysqli);
foreach ($quest as $single) {
$name = $single["questName"];
$description = $single["questDescription"];
$detailedDescription = $single["questDetailedDescription"];
$materials = $single["recommendedMaterials"];
$xp = $single["givenXp"];
}
if (isset($_GET["action"]) && $_GET["action"] == "accept") {
accept($completed, $uId, $xp, $mysqli);
}
if (isset($_GET["action"]) && $_GET["action"] == "reject") {
deny($completed, $mysqli);
}
if (isset($_GET["action"]) && $_GET["action"] == "delete") {
delete($completed, $mysqli);
}
//$uId = getPlayerId($_COOKIE["MTU"],$mysqli);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
{
//echo '<br />Dodaj nowego newsa!<br /><br />';
if (isset($_GET['id'])) {
$n_id = $_GET['id'];
// 0 nie kliknal domyslne
// 1 kliknal tak
// 2 kliknal nie
if ($_GET['accept'] == 'true') {
$n_accept = 1;
echo '<br /><br /><br /><b>Dodano maila. Oferta zostanie przesłana niebawem. Dziękujemy za zainteresowanie!</b>';
} else {
if ($_GET['accept'] == 'false') {
echo '<br /><br /><br /><b>Mail nie zostanie dodany do bazy. W każdej chwili możecie Państwo zmienić swoje zdanie na temat oferty klikając w mailu TAK.</b>';
$n_accept = 2;
}
}
$baza = polacz_z_baza();
$sql = "UPDATE mail_sender SET accept_offer = '{$n_accept}' WHERE id = {$n_id}";
mysql_query($sql) or die(mysql_error());
mysql_close($baza);
echo '<meta http-equiv="Refresh" content="5; URL=http://abc.com.pl/" />';
//echo '<meta http-equiv="Refresh" content="3; URL=cms.php?page=start">';
} else {
echo '<meta http-equiv="Refresh" content="0; URL=http://abc.com.pl/" />';
}
}
accept();
?>
</body>
</html>
$ectemplates->display('step');
} elseif ($dbclass == 1) {
$dbhost = accept('dbhost', 'R');
$dbname = accept('dbname', 'R');
$dbuser = accept('dbuser', 'R');
$dbpw = accept('dbpw', 'R');
$tablepre = accept('tablepre', 'R');
$username = accept('username', 'R');
$password = accept('password', 'R');
$password2 = accept('password2', 'R');
$demodb = accept('demodb', 'R');
$setupdbtype = accept('setupdbtype', 'R');
$sitename = accept('sitename', 'R');
$domain = accept('domain', 'R');
$admine_mail = accept('admine_mail', 'R');
$apptype = accept('apptype', 'R');
$setupcreatsql = "DROP TABLE IF EXISTS esp_admin_member,esp_admin_powergroup,esp_album_file,esp_album_images,esp_apply,esp_city,esp_config,esp_document,esp_document_album,esp_document_attr,esp_document_content,esp_document_label,esp_document_message,esp_enquiry,esp_enquiry_info,esp_filename,esp_form_attr,esp_form_group,esp_form_value,esp_keylink,esp_keylink_type,esp_lng,esp_lngpack,esp_logs,esp_mailinvite_list,esp_mailinvite_type,esp_mailsend,esp_mailsend_log,esp_member,esp_member_attr,esp_member_class,esp_member_value,esp_menulink,esp_moblie_list,esp_moblie_type,esp_model,esp_model_att,esp_order,esp_order_info,esp_order_pay,esp_order_payreceipt,esp_order_shipping,esp_order_shipreceipt,esp_site,esp_skin,esp_smssendlist,esp_subjectlist,esp_templates,esp_typelist";
foreach ($func_app as $key => $value) {
if ($value['isdel'] && in_array($value['appcode'], $apptype)) {
$setupcreatsql .= $value['dbsql'];
}
}
$dbarray = explode(',', $setupcreatsql);
$setupcreatsql = str_replace(ORIG_TABLEPRE, $tablepre, $setupcreatsql);
$postlist = $_POST;
if (empty($dbname)) {
message($LAN['dbname_invalid'], $LAN['dbnameempay']);
} else {
if (!@mysql_connect($dbhost, $dbuser, $dbpw)) {
$errno = mysql_errno();
$error = mysql_error();
if ($model->status != "cancelled") {
$html .= CHtml::ajaxLink('Cancel', Yii::app()->createAbsoluteUrl('videoConference/cancel/' . $model->id), array('type' => 'post', 'data' => array('id' => $model->id, 'type' => 'post'), 'update' => 'message', 'success' => 'function(response) {
$(".message").html(response);
location.reload();
}'), array('confirm' => 'Are you sure you want to cancel this conference?', "visible" => $ismoderator, 'role' => "button", "class" => "btn btn-warning"));
}
} else {
$invitation = VCInvitation::model()->findByAttributes(array('videoconference_id' => $model->id, 'invitee_id' => $user->id));
if ($invitation->status == "Unknown") {
$html .= accept($model->id);
$html .= reject($model->id);
} else {
if ($invitation->status == "Accepted") {
$html .= reject($model->id);
} else {
$html .= accept($model->id);
}
}
}
$html .= "</div>";
$html = str_replace("%SUBJECT%", $model->subject, $html);
$html = str_replace("%MSTATUS%", $model->status, $html);
if ($model->status == "cancelled") {
$html = str_replace("%STATUS%", "<p style='font-weight: bold'>Status: Cancelled</p>", $html);
} else {
$html = str_replace("%STATUS%", "", $html);
}
$html = str_replace("%SUBJECT%", $model->subject, $html);
$html = str_replace("%DATE%", $user_friendly_date, $html);
$html = str_replace("%NOTE%", $model->notes, $html);
$html = str_replace("%PARTICIPANTS%", $model->findParticipantsHTMLList(), $html);
function Process($db, $min, $max)
{
/* echo '<br><strong style="color:red">Accept/Reject these papers NOT YET IMPLEMENTED</strong><br>';
return;*/
$papersSQL = "SELECT * FROM " . $GLOBALS["DB_PREFIX"] . "Paper";
$papersSQL .= " WHERE Withdraw = 'false'";
$papers = $db->Execute($papersSQL);
while ($papers && ($paperInfo = $papers->FetchNextObj())) {
if ($paperInfo->OverallRating <= $max) {
reject($paperInfo->PaperID);
}
if ($paperInfo->OverallRating >= $min) {
accept($paperInfo->PaperID);
}
}
}
$ectemplates->assign('domain', admin_URL);
$ectemplates->display('step');
} elseif ($dbclass == 1) {
$dbhost = accept('dbhost', 'R');
$dbname = accept('dbname', 'R');
$dbuser = accept('dbuser', 'R');
$dbpw = accept('dbpw', 'R');
$tablepre = accept('tablepre', 'R');
$username = accept('username', 'R');
$password = accept('password', 'R');
$password2 = accept('password2', 'R');
$demodb = accept('demodb', 'R');
$setupdbtype = accept('setupdbtype', 'R');
$sitename = accept('sitename', 'R');
$domain = accept('domain', 'R');
$admine_mail = accept('admine_mail', 'R');
$setupcreatsql = "DROP TABLE IF EXISTS esp_admin_member,esp_admin_powergroup,esp_advert,esp_advert_type,esp_album_file,esp_album_images,esp_bbs,esp_bbs_typelist,esp_calling,esp_city,esp_config,esp_document,esp_document_album,esp_document_attr,esp_document_content,esp_document_label,esp_document_message,esp_enquiry,esp_enquiry_info,esp_filename,esp_form_attr,esp_form_group,esp_form_value,esp_keylink,esp_keylink_type,esp_lng,esp_lngpack,esp_logs,esp_mailinvite_list,esp_mailinvite_type,esp_mailsend,esp_mailsend_log,esp_member,esp_member_attr,esp_member_class,esp_member_value,esp_menubotton,esp_menulink,esp_model,esp_model_att,esp_order,esp_order_info,esp_order_pay,esp_order_payreceipt,esp_order_shipping,esp_order_shipreceipt,esp_skin,esp_subjectlist,esp_templates,esp_typelist";
$setupcreatsql = str_replace(ORIG_TABLEPRE, $tablepre, $setupcreatsql);
$postlist = $_POST;
if (empty($dbname)) {
message($LAN['dbname_invalid'], $LAN['dbnameempay']);
} else {
if (!@mysql_connect($dbhost, $dbuser, $dbpw)) {
$errno = mysql_errno();
$error = mysql_error();
if ($errno == 1045) {
message($LAN['database_errno_1045'], $error);
} elseif ($errno == 2003) {
message($LAN['database_errno_2003'], $error);
} else {
message($LAN['database_connect_error'], $error);
<?php
require_once "./connect.php";
include "./sendsms.php";
header("Content-Type: text/html; charset=utf-8");
$id = "";
if (isset($_POST["id"])) {
$id = $_POST["id"];
}
echo json_encode(array_values(accept($link, $id)));
function accept($link, $id)
{
$query = "SELECT status, id_trip FROM tickets WHERE id_ticket='{$id}'";
if (!($result = mysqli_query($link, $query))) {
return "false";
}
$row = mysqli_fetch_assoc($result);
$id_trip = $row["id_trip"];
if ($row["status"] != 0) {
return "false";
} else {
$query = "SELECT p.phone, tr.date, ti.place, ti.together FROM passengers p, tickets ti, trip tr\n WHERE ti.id_ticket = '{$id}' AND p.id_pass = ti.id_pass AND tr.id_trip = ti.id_trip;";
if (!($result = mysqli_query($link, $query))) {
return "false";
//die ("Error: " . mysqli_error($link));
}
$row = mysqli_fetch_assoc($result);
$together = $row["together"];
$query2 = "SELECT place, id_ticket FROM tickets WHERE together = '{$together}'\n AND id_trip='{$id_trip}' AND status = '0';";
if (!($result = mysqli_query($link, $query2))) {
return "false";
$clash = requestClash($roomRecords['eventStartDate'], $roomRecords['eventEndDate'], $roomRecords['eventStartTime'], $roomRecords['eventEndTime'], $roomRecords['room']);
while ($req = mysql_fetch_assoc($clash)) {
//print_r($req);
if ($req['reqNo'] != $rID) {
//echo $req['reqNo'];
//echo "<HI><br><br><br><br>\n";
$otherQuery = "update Requests set appStatus = 'Rejected', reqRejectReason = 'A request conflicting with your request was accepted.' where reqNo = {$req['reqNo']}";
//echo $otherQuery."\n";
execute($otherQuery);
reject($req['creator'], $req['creatorEmail'], $req['room'], $req['reqNo'], getCC($rID));
reject($req['concernedPName'], $req['concernedPEmail'], $req['room'], $req['reqNo'], getCC($rID));
}
}
$req = getRequestByID($rID);
accept($req['creator'], $req['creatorEmail'], $req['room'], $req['reqNo'], getCC($rID));
accept($req['concernedPName'], $req['concernedPEmail'], $req['room'], $req['reqNo'], getCC($rID));
} else {
if ($_POST['reqAction'] == $c) {
$sq = "update Requests set concernedAdmin = {$_POST['forwardID']} where reqNo = {$_POST['reqID']}";
$req = getRequestByID($rID);
$emails = getEmails($_POST['forwardID']);
//print_r($emails);
foreach ($emails as $email) {
forward($req['concernedPName'], $email, $req['room'], $req['reqNo'], $req['concernedPEmail'], getCC($rID));
}
}
}
}
//echo $sq;
execute($sq);
//echo "<br />";
