public function render($module, $model)
{
$rtn = "\n[[[\r\n \$prepopulate = (\$object->isNew() ? (isset(\$_POST['" . $this->name . "']) ? strip_tags(\$_POST['" . $this->name . "']) : '') : \$object->get" . DBObject::tableNameToClassName($this->name) . "() * 1000);\r\n \$alt_prepopulate = \$prepopulate;\r\n if (preg_match('/^\\d+\$/', \$prepopulate)) {\r\n \$alt_prepopulate = date('Y-m-d', \$prepopulate/1000);\r\n }\r\n]]]\n";
$id = get_random_string(5);
$rtn .= "\n<div id='{$id}' class='form-group'>\r\n <label class='col-sm-2 control-label' for='{$this->name}'>{$this->name} " . ($this->required ? $this->mandatory_field : '') . "</label>\r\n <div class='col-sm-10'>\r\n <div class='input-group'>\r\n <span class='input-group-addon'><i class='fa fa-calendar'></i></span>\r\n <input disabled='disabled' value='[[[ echo htmlentities(str_replace('\\'', '\"', \$alt_prepopulate)) ]]]' type='text' class='form-control altFormat' " . ($this->required ? ' required' : '') . " />\r\n <input value='[[[ echo htmlentities(str_replace('\\'', '\"', \$prepopulate)) ]]]' type='text' id='{$this->name}' name='{$this->name}' class='datepicker form-control' " . ($this->required ? ' required' : '') . " style='position: absolute; top:0; left: 0; z-index: -1' />\r\n </div>\r\n </div>\r\n</div>\r\n<div class='hr-line-dashed'></div>\r\n";
$rtn .= "\r\n <script type='text/javascript'>\r\n \$('#{$id} .datepicker').datepicker({\r\n " . (isset($this->options['dateFormat']) ? 'dateFormat: ' . "'" . $this->options['dateFormat'] . "'" : '') . "\r\n " . (isset($this->options['altFormat']) ? ',altField: "#' . $id . ' .altFormat", altFormat: "' . $this->options['altFormat'] . '"' : '') . "\r\n " . (isset($this->options['changeMonth']) ? ',changeMonth: ' . $this->options['changeMonth'] : '') . "\r\n " . (isset($this->options['changeYear']) ? ',changeYear: ' . $this->options['changeYear'] : '') . "\r\n " . (isset($this->options['yearRange']) ? ',yearRange: ' . "'" . $this->options['yearRange'] . "'" : '') . "\r\n });\r\n \$('#{$id} .input-group-addon').css('cursor', 'pointer').on('click', function(){\r\n \$('#{$id} .datepicker').datepicker('show');\r\n });\r\n </script>\r\n";
return $rtn;
}
/**
* Generate a spam token and store in session
*/
static function generateSpamToken($unique_id)
{
$token_key = get_random_string(8);
$token_value = get_random_string(12);
if (!isset($_SESSION['spam_tokens'])) {
$_SESSION['spam_tokens'] = array();
}
// store the generated token in session
$_SESSION['spam_tokens'][$unique_id] = array();
$_SESSION['spam_tokens'][$unique_id]['key'] = $token_key;
$_SESSION['spam_tokens'][$unique_id]['value'] = $token_value;
return array('key' => $token_key, 'value' => $token_value);
}
function new_lease_for_video($id, $expiry = -1)
{
global $db;
delete_expired_leases();
$id = (int) $id;
$ip = addslashes($_SERVER['REMOTE_ADDR']);
if ($lease = lease_for_video($id)) {
return $lease;
}
if ($expiry == -1) {
$expiry = EXPIRY;
}
$now = new DateTime();
$now->modify("+{$expiry} seconds");
$expiry = $now->format('Y-m-d H:i:s');
$url = get_random_string("abcdefghijklmnopqrstuvwxyz0123456789", 3);
$query = "INSERT INTO leases(video, url, ip, expiry) VALUES({$id}, \"{$url}\", \"{$ip}\", \"{$expiry}\")";
if ($result = $db->query($query)) {
return $url;
}
return false;
}
public function render($module, $model)
{
$rtn = "";
$prepopulate = '($object->isNew() ? ' . "(isset(\$_POST['{$this->name}']) ? strip_tags(\$_POST['{$this->name}']) : '')" . ' : $object->get' . format_as_class_name($this->name) . '())';
$id = get_random_string(5);
$rtn .= "\n<div id='{$id}' class='form-group'>\r\n <label class='col-sm-2 control-label' for='{$this->name}'>{$this->name} " . ($this->required ? $this->mandatory_field : '') . "</label>\r\n <div class='col-sm-10'>\r\n <div class='input-group'>\r\n <span class='input-group-addon'><i class='fa fa-calendar'></i></span><input value='[[[ echo htmlentities(str_replace('\\'', '\"', {$prepopulate})) ]]]' type='text' class='form-control' id='{$this->name}' name='{$this->name}'" . ($this->required ? ' required' : '') . " />\r\n </div>\r\n </div>\r\n</div>\r\n<div class='hr-line-dashed'></div>\r\n";
$rtn .= '
[[[ // include jquery-ui library if not
$already_included_at_frontend = Asset::checkAssetAdded(\'jquery-ui\', \'js\', \'frontend\') || Asset::checkAssetAdded(\'jquery_ui\', \'js\', \'frontend\');
if (!$already_included_at_frontend) {
echo( "\\n".\'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\'."\\n" );
echo( "\\n".\'<script type="text/javascript">loadCSS("\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'")</script>\'."\\n" );
Asset::addDynamicAsset(\'jquery_ui\', \'js\', \'frontend\', \'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\');
}
$already_included_at_backend = Asset::checkAssetAdded(\'jquery-ui\', \'js\', \'backend\') || Asset::checkAssetAdded(\'jquery_ui\', \'js\', \'backend\');
if (!$already_included_at_backend) {
echo( "\\n".\'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\'."\\n" );
echo( "\\n".\'<script type="text/javascript">loadCSS("\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'")</script>\'."\\n" );
Asset::addDynamicAsset(\'jquery_ui\', \'js\', \'backend\', \'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\');
}
]]]
';
// $already_included_at_frontend = Asset::checkAssetAdded('jquery-ui', 'js', 'frontend') || Asset::checkAssetAdded('jquery_ui', 'js', 'frontend');
// if (!$already_included_at_frontend) {
// $rtn .= "\n".'<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>'."\n";
// $rtn .= "\n".'<script type="text/javascript">loadCSS('.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').')</script>'."\n";
// Asset::addDynamicAsset('jquery_ui', 'js', 'frontend', '<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>');
// }
// $already_included_at_backend = Asset::checkAssetAdded('jquery-ui', 'js', 'backend') || Asset::checkAssetAdded('jquery_ui', 'js', 'backend');
// if (!$already_included_at_backend) {
// $rtn .= "\n".'<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>'."\n";
// $rtn .= "\n".'<script type="text/javascript">loadCSS('.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').')</script>'."\n";
// Asset::addDynamicAsset('jquery_ui', 'js', 'backend', '<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>');
// }
return $rtn;
}
function nulluhr()
{
global $db;
update_all_ranks();
$db->query('DELETE FROM ' . DB_PRE . 'ecp_messages WHERE fromdel = 1 AND del = 1');
$result = $db->query('SELECT ID FROM ' . DB_PRE . 'ecp_user WHERE (ondelete < ' . time() . ' AND ondelete != 0) OR (status = 0 AND registerdate < ' . (time() - DELETE_UNAKTIV * 86400) . ')');
while ($row = mysql_fetch_assoc($result)) {
delete_user($row['ID']);
}
$result = $db->query('SELECT ID, money FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_ranks ON (rID = rankID)');
while ($row = mysql_fetch_assoc($result)) {
if ($row['money'] != '') {
$db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET money = money + ' . $row['money'] . ' WHERE userID = ' . $row['ID']);
}
}
if (BACKUP_AKTIV) {
$last = $db->result(DB_PRE . 'ecp_stats', 'lastdbbackup', '1');
if (BACKUP_CYCLE == 'day' or $last + (BACKUP_CYCLE == 'month' ? 2592000 : 604800) < time()) {
$backup_obj = new MySQL_Backup();
$backup_obj->server = MYSQL_HOST;
$backup_obj->username = MYSQL_USER;
$backup_obj->password = MYSQL_PASS;
$backup_obj->database = MYSQL_DATABASE;
$backup_obj->tables = array();
$backup_obj->drop_tables = true;
$backup_obj->struct_only = false;
$backup_obj->comments = true;
$backup_obj->fname_format = 'd_m_y__H_i_s';
$string = get_random_string(8, 2);
if ($backup_obj->Execute(MSB_SAVE, 'uploads/forum/' . $string . '.sql.gz', true)) {
$m = new XMail();
// set from address and name
$m->From(SITE_EMAIL);
// add to address and name
$m->AddTo(BACKUP_EMAIL);
// set subject
$m->Subject(BACKUP_AUTO);
// set text/plain version of message
$m->Text(DATE . ': ' . date('d.m.Y H:i:s'));
// add attachment ('text/plain' file)
$m->Attach(date('Y_m_d') . '.sql.gz', 'application/x-gzip');
$f = 'uploads/forum/' . $string . '.sql.gz';
$id = MIME::unique();
// add inline attachment '$f' file with ID '$id'
$m->Attach(file_get_contents($f), FUNC::mime_type($f), null, null, null, 'attachment', $id);
if (SMTP_AKTIV) {
$c = $m->Connect(SMTP_HOST, (int) SMTP_PORT, SMTP_USER, SMTP_PASS, 'tls', 10, 'localhost', null, 'plain');
//or die(print_r($m->Result));
}
if ($m->Send(SMTP_AKTIV ? $c : null)) {
$db->query('UPDATE ' . DB_PRE . 'ecp_stats SET lastdbbackup = ' . strtotime('today 00:00:00'));
}
unlink('uploads/forum/' . $string . '.sql.gz');
}
}
}
$result = $db->query('SELECT attachID, strname FROM ' . DB_PRE . 'ecp_forum_attachments WHERE (tID = 0 OR bID = 0) AND uploadzeit < ' . (time() - 1000));
while ($row = $db->fetch_assoc()) {
@unlink('upload/forum/' . $row['attachID'] . '_' . $row['strname']);
}
$db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_attachments WHERE (tID = 0 OR bID = 0) AND uploadzeit < ' . (time() - 1000));
// Buchungen durchf�hren
$buchresult = $db->query('SELECT `ID`, `verwendung`, `intervall`, `betrag`, `nextbuch`, `tagmonat` FROM ' . DB_PRE . 'ecp_clankasse_auto WHERE nextbuch <= \'' . time() . '\'');
while ($row = mysql_fetch_assoc($buchresult)) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_clankasse_transaktion (`geld`, `verwendung`, `datum`, `userID`) VALUES
(-' . $row['betrag'] . ', \'' . mysql_real_escape_string($row['verwendung']) . '\', ' . time() . ', 0)');
$db->query('UPDATE ' . DB_PRE . 'ecp_clankasse SET kontostand = kontostand - ' . $row['betrag']);
switch ($row['tagmonat']) {
case 1:
$nextdate = strtotime('+ ' . (int) $row['intervall'] . ' month');
break;
case 15:
$nextdate = strtotime('+ ' . (int) $row['intervall'] . ' month');
break;
case 28:
$nextdate = strtotime('+ ' . (int) $row['intervall'] . ' month');
}
$db->query('UPDATE ' . DB_PRE . 'ecp_clankasse_auto SET `nextbuch` = \'' . $nextdate . '\'');
}
$db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_search WHERE datum < ' . (time() - 86400));
$result = $db->query('SELECT COUNT(sID) as anzahl, sID FROM ' . DB_PRE . 'ecp_server_stats GROUP BY sID');
while ($row = mysql_fetch_assoc($result)) {
if ($row['anzahl'] > SERVER_MAX_LOG) {
$db->query('DELETE FROM ' . DB_PRE . 'ecp_server_stats WHERE sID = ' . $row['sID'] . ' ORDER BY datum ASC LIMIT ' . ($row['anzahl'] - SERVER_MAX_LOG));
}
}
}
$auto_enroll_id = $_REQUEST['auto_enroll_id'];
} else {
$auto_enroll_id = 0;
}
if (isset($_POST['save']) || isset($_POST['add'])) {
/* insert or update a category */
// $cat_parent_id = intval($_POST['cat_parent_id']);
$name = trim($_POST['name']);
$name = $addslashes($name);
$name = validate_length($name, 50);
if (isset($_POST['add']) && !$_POST['add_ids']) {
$msg->addError('NO_ITEM_SELECTED');
}
if (!$msg->containsErrors()) {
if ($auto_enroll_id == 0) {
$sql = "INSERT INTO " . TABLE_PREFIX . "auto_enroll(associate_string, name) \n\t\t\t VALUES ('" . get_random_string(6, 10) . "', '" . $name . "')";
$result = mysql_query($sql, $db) or die(mysql_error());
$auto_enroll_id = mysql_insert_id($db);
write_to_log(AT_ADMIN_LOG_INSERT, 'auto_enroll', mysql_affected_rows($db), $sql);
} else {
$sql = "UPDATE " . TABLE_PREFIX . "auto_enroll\n\t\t\t SET name = '" . $name . "'\n\t\t\t WHERE auto_enroll_id = " . $auto_enroll_id;
$result = mysql_query($sql, $db);
write_to_log(AT_ADMIN_LOG_UPDATE, 'auto_enroll', mysql_affected_rows($db), $sql);
}
if (isset($_POST['add'])) {
foreach ($_POST['add_ids'] as $elem) {
$sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "auto_enroll_courses\n\t\t\t\t WHERE auto_enroll_id = " . $auto_enroll_id . "\n\t\t\t\t AND course_id = " . $elem;
$result = mysql_query($sql, $db) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row["cnt"] == 0) {
$sql = "INSERT INTO " . TABLE_PREFIX . "auto_enroll_courses (auto_enroll_id, course_id)\n\t\t\t\t\t VALUES (" . $auto_enroll_id . ", " . $elem . ")";
function __construct()
{
parent::__construct();
global $objLogin;
$this->params = array();
if (isset($_POST['album_code'])) {
$this->params['album_code'] = prepare_input($_POST['album_code']);
}
if (isset($_POST['album_type'])) {
$this->params['album_type'] = prepare_input($_POST['album_type']);
}
if (isset($_POST['priority_order'])) {
$this->params['priority_order'] = prepare_input($_POST['priority_order']);
}
if (isset($_POST['is_active'])) {
$this->params['is_active'] = prepare_input($_POST['is_active']);
} else {
$this->params['is_active'] = '0';
}
$this->primaryKey = 'id';
$this->tableName = TABLE_GALLERY_ALBUMS;
$this->dataSet = array();
$this->error = '';
$this->formActionURL = 'index.php?admin=mod_gallery_management';
$this->actions = array('add' => true, 'edit' => true, 'details' => true, 'delete' => true);
$this->actionIcons = true;
$this->allowRefresh = true;
$this->allowTopButtons = true;
$this->allowLanguages = false;
$this->languageId = $objLogin->GetPreferredLang();
$this->WHERE_CLAUSE = '';
// WHERE...
$this->ORDER_CLAUSE = 'ORDER BY priority_order ASC';
// ORDER BY date_created DESC
$this->isAlterColorsAllowed = true;
$this->isPagingAllowed = true;
$this->pageSize = 20;
$this->isSortingAllowed = true;
$this->isFilteringAllowed = false;
// define filtering fields
$this->arrFilteringFields = array();
///////////////////////////////////////////////////////////////////////////////
// 1. prepare translation fields array
$this->arrTranslations = $this->PrepareTranslateFields(array('name', 'description'));
///////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
// 2. prepare translations array for edit/detail modes
$sql_translation_description = $this->PrepareTranslateSql(TABLE_GALLERY_ALBUMS_DESCRIPTION, 'gallery_album_id', array('name', 'description'));
///////////////////////////////////////////////////////////////////////////////
// prepare album types array
$arr_album_types = array('images' => _IMAGES, 'video' => _VIDEO);
$arr_is_active = array('0' => '<span class=no>' . _NO . '</span>', '1' => '<span class=yes>' . _YES . '</span>');
//----------------------------------------------------------------------
// VIEW MODE
//----------------------------------------------------------------------
$this->VIEW_MODE_SQL = 'SELECT
ga.' . $this->primaryKey . ',
ga.album_code,
ga.album_type,
UCASE(ga.album_code) as mod_album_code,
CONCAT(UCASE(SUBSTRING(ga.album_type, 1, 1)),LCASE(SUBSTRING(ga.album_type, 2))) as mod_album_type,
gad.name,
gad.description,
ga.priority_order,
ga.is_active,
CONCAT("<a href=index.php?admin=mod_gallery_upload_items&album=", album_code, ">' . _UPLOAD . '</a> (", (SELECT COUNT(*) as cnt FROM ' . TABLE_GALLERY_ALBUM_ITEMS . ' gi WHERE gi.album_code = ga.album_code) , ")") as link_upload_items
FROM (' . $this->tableName . ' ga
LEFT OUTER JOIN ' . TABLE_GALLERY_ALBUMS_DESCRIPTION . ' gad ON ga.id = gad.gallery_album_id AND gad.language_id = \'' . $this->languageId . '\')';
// define view mode fields
$this->arrViewModeFields = array('name' => array('title' => _ALBUM_NAME, 'type' => 'label', 'align' => 'left', 'width' => '15%', 'maxlength' => '30'), 'description' => array('title' => _DESCRIPTION, 'type' => 'label', 'align' => 'left', 'width' => '', 'maxlength' => '50'), 'mod_album_code' => array('title' => _ALBUM_CODE, 'type' => 'label', 'align' => 'center', 'width' => '12%'), 'mod_album_type' => array('title' => _TYPE, 'type' => 'label', 'align' => 'center', 'width' => '8%'), 'is_active' => array('title' => _ACTIVE, 'type' => 'enum', 'align' => 'center', 'width' => '8%', 'sortable' => true, 'nowrap' => '', 'visible' => true, 'source' => $arr_is_active), 'priority_order' => array('title' => _ORDER, 'type' => 'label', 'align' => 'center', 'width' => '8%', 'movable' => true), 'link_upload_items' => array('title' => _ITEMS, 'type' => 'label', 'align' => 'center', 'width' => '12%'));
//----------------------------------------------------------------------
// ADD MODE
//----------------------------------------------------------------------
// define add mode fields
$max_order = self::GetParameter('action') == 'add' ? $this->GetMaxOrder('priority_order', 999) : 0;
$this->arrAddModeFields = array('separator_general' => array('separator_info' => array('legend' => _GENERAL), 'album_code' => array('title' => '', 'type' => 'hidden', 'required' => true, 'readonly' => false, 'default' => get_random_string(8)), 'album_type' => array('title' => _TYPE, 'type' => 'enum', 'required' => true, 'readonly' => false, 'source' => $arr_album_types), 'priority_order' => array('title' => _ORDER, 'type' => 'textbox', 'width' => '50px', 'maxlength' => '3', 'default' => $max_order, 'required' => true, 'readonly' => false, 'validation_type' => 'numeric'), 'is_active' => array('title' => _ACTIVE, 'type' => 'checkbox', 'readonly' => false, 'true_value' => '1', 'false_value' => '0', 'default' => '1')));
//----------------------------------------------------------------------
// EDIT MODE
//----------------------------------------------------------------------
// define edit mode fields
$this->EDIT_MODE_SQL = 'SELECT
' . $this->tableName . '.' . $this->primaryKey . ',
UCASE(' . $this->tableName . '.album_code) as album_code,
' . $this->tableName . '.album_type,
CONCAT(UCASE(SUBSTRING(' . $this->tableName . '.album_type, 1, 1)),LCASE(SUBSTRING(' . $this->tableName . '.album_type, 2))) as mod_album_type,
' . $sql_translation_description . '
' . $this->tableName . '.priority_order,
' . $this->tableName . '.is_active
FROM ' . $this->tableName . '
WHERE ' . $this->tableName . '.' . $this->primaryKey . ' = _RID_';
// define edit mode fields
$this->arrEditModeFields = array('separator_general' => array('separator_info' => array('legend' => _GENERAL), 'album_code' => array('title' => _CODE, 'type' => 'label'), 'album_type' => array('title' => _TYPE, 'type' => 'enum', 'required' => true, 'readonly' => false, 'source' => $arr_album_types), 'priority_order' => array('title' => _ORDER, 'type' => 'textbox', 'width' => '50px', 'maxlength' => '3', 'required' => true, 'readonly' => false, 'validation_type' => 'numeric'), 'is_active' => array('title' => _ACTIVE, 'type' => 'checkbox', 'readonly' => false, 'true_value' => '1', 'false_value' => '0')));
//----------------------------------------------------------------------
// DETAILS MODE
//----------------------------------------------------------------------
$this->DETAILS_MODE_SQL = $this->EDIT_MODE_SQL;
$this->arrDetailsModeFields = array('separator_general' => array('separator_info' => array('legend' => _GENERAL), 'album_code' => array('title' => _CODE, 'type' => 'label'), 'mod_album_type' => array('title' => _TYPE, 'type' => 'label'), 'priority_order' => array('title' => _ORDER, 'type' => 'label'), 'is_active' => array('title' => _ACTIVE, 'type' => 'enum', 'source' => $arr_is_active)));
///////////////////////////////////////////////////////////////////////////////
// 3. add translation fields to all modes
$this->AddTranslateToModes($this->arrTranslations, array('name' => array('title' => _NAME, 'type' => 'textbox', 'width' => '410px', 'required' => true, 'maxlength' => '125', 'readonly' => false), 'description' => array('title' => _DESCRIPTION, 'type' => 'textarea', 'width' => '410px', 'height' => '90px', 'required' => false, 'maxlength' => '255', 'validation_maxlength' => '255', 'readonly' => false)));
///////////////////////////////////////////////////////////////////////////////
}
<?php
function get_random_string($valid_chars, $length)
{
// start with an empty random string
$random_string = "";
// count the number of chars in the valid chars string so we know how many choices we have
$num_valid_chars = strlen($valid_chars);
// repeat the steps until we've created a string of the right length
for ($i = 0; $i < $length; $i++) {
// pick a random number from 1 up to the number of valid chars
$random_pick = mt_rand(1, $num_valid_chars);
// take the random character out of the string of valid chars
// subtract 1 from $random_pick because strings are indexed starting at 0, and we started picking at 1
$random_char = $valid_chars[$random_pick - 1];
// add the randomly-chosen char onto the end of our string so far
$random_string .= $random_char;
}
// return our finished random string
return $random_string;
}
$valid_chars = 'abcdefghijklmnopqurstuvwxvz09865135462!@#$$%^&*(()_{}:LABCDEFGHJHIKLMNOPEQREURSTYUWXYZ';
for ($i = 0; $i < 1000; $i++) {
echo "INSERT INTO `spreadit`.`posts` (`id`, `user_id`, `created_at`, `type`, `data`, `updated_at`, `section_id`, `title`, `upvotes`, `downvotes`, `url`, `comment_count`, `markdown`) VALUES (NULL, " . rand(0, 40) . ", " . time() . ", 1, '" . get_random_string($valid_chars, rand(0, 2000)) . "', " . time() . ", " . rand(0, 10) . ", '" . get_random_string($valid_chars, rand(6, 128)) . "', " . rand(0, 100) . ", " . rand(0, 100) . ", '" . get_random_string($valid_chars, rand(10, 128)) . "', " . rand(0, 100) . ", '" . get_random_string($valid_chars, rand(0, 4000)) . "');";
}
echo '<script>window.location.replace("' . curPageURL() . '?e=token");</script>';
}
exit;
}
//Functions
if ($_POST[$_SESSION['token']['act']] == 'admin_user_add') {
if (trim(preg_replace('/\\s+/', '', $_POST['name'])) != '' && preg_match('/^[A-Za-z0-9À-ÿ\\/\\s\'-]+$/', $_POST['name'])) {
$_POST['name'] = trim(preg_replace('/\\s+/', ' ', $_POST['name']));
} else {
header('Content-Type: application/json; charset=utf-8');
echo json_encode(array(0 => 'Invalid Name: only alphanumeric and single quote allowed'));
exit;
}
$_POST['mail'] = trim(preg_replace('/\\s+/', '', $_POST['mail']));
$_POST['mail'] = $_POST['mail'] != '' && filter_var($_POST['mail'], FILTER_VALIDATE_EMAIL) ? $_POST['mail'] : exit;
$pass = get_random_string(5);
$dpass = hash('whirlpool', crypt($pass, '$#%H4!df84a$%#RZ@£'));
$_POST['role'] = is_numeric($_POST['role']) ? $_POST['role'] : exit;
try {
$DBH = new PDO("mysql:host={$Hostname};dbname={$DatabaseName}", $Username, $Password);
$DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = "INSERT INTO " . $SupportUserTable . " (`name`,`mail`,`password`,`status`,`ip_address`) VALUES (?,?,?,?,?) ";
$STH = $DBH->prepare($query);
$ip = '127.0.0.1';
$STH->bindParam(1, $_POST['name'], PDO::PARAM_STR);
$STH->bindParam(2, $_POST['mail'], PDO::PARAM_STR);
$STH->bindParam(3, $dpass, PDO::PARAM_STR);
$STH->bindParam(4, $_POST['role'], PDO::PARAM_STR);
$STH->bindParam(5, $ip, PDO::PARAM_STR);
$STH->execute();
$uid = $DBH->lastInsertId();
function invite_member($email, $userid, $group = '', $groupname = '')
{
$regcode = get_random_string();
if (empty($group)) {
$group = 'NULL';
}
$sql = "INSERT INTO `goingdutch`.`register` (`email` ,`userid`, `code` , `group`, `timestamp`)\n VALUES ('" . mysql_real_escape_string(email) . "', {$userid}, '" . mysql_real_escape_string($regcode) . "', {$group}, CURRENT_TIMESTAMP )";
if (!($result = mysql_query($sql))) {
return false;
}
// send email
$regcodes = space_code($regcode);
$from = '*****@*****.**';
$from_name = 'Going Dutch';
if (!empty($groupname)) {
$groupname = 'group "' . $groupname . '"';
}
$subject = "Invitation to join Going Dutch {$groupname}";
//$website = 'http://inthere.nl/dutch';
$website = LOGIN_URL;
$link = "<a href=\"{$website}?code={$regcode}\">this link</a>";
$html = "Please register using {$link}<br /><br>";
$html .= "Or register on {$website} with this code<br />{$regcodes}";
if (!smtpmailer($email, $from, $from_name, $subject, $html, array('*****@*****.**', 'Do not reply to this address'), 'to')) {
echo " something went wrong <br />";
echo $smtpmailer_error;
}
}
/**
* Send forgotten password
* @param $email
*/
public function SendPassword($email)
{
global $objSettings;
$lang = Application::Get('lang');
// deny all operations in demo version
if (strtolower(SITE_MODE) == 'demo') {
$this->error = _OPERATION_BLOCKED;
return false;
}
if (!empty($email)) {
if (check_email_address($email)) {
if (!PASSWORDS_ENCRYPTION) {
$sql = 'SELECT id, first_name, last_name, user_name, password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1';
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') {
$sql = 'SELECT id, first_name, last_name, user_name, AES_DECRYPT(password, ' . quote_text(PASSWORDS_ENCRYPT_KEY) . ') as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1';
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') {
$sql = 'SELECT id, first_name, last_name, user_name, \'\' as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text($email) . ' AND is_active = 1';
}
}
}
$temp = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY);
if (is_array($temp) && count($temp) > 0) {
//////////////////////////////////////////////////////////////////
if (!PASSWORDS_ENCRYPTION) {
$password = $temp['password'];
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') {
$password = $temp['password'];
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') {
$password = get_random_string(8);
$sql = 'UPDATE ' . TABLE_ACCOUNTS . ' SET password = '******' WHERE id = ' . (int) $temp['id'];
database_void_query($sql);
}
}
}
send_email($email, $objSettings->GetParameter('admin_email'), 'password_forgotten', array('{FIRST NAME}' => $temp['first_name'], '{LAST NAME}' => $temp['last_name'], '{USER NAME}' => $temp['user_name'], '{USER PASSWORD}' => $password, '{BASE URL}' => APPHP_BASE, '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{YEAR}' => date('Y')), $temp['preferred_language']);
//////////////////////////////////////////////////////////////////
return true;
} else {
$this->error = _EMAIL_NOT_EXISTS;
return false;
}
} else {
$this->error = _EMAIL_IS_WRONG;
return false;
}
} else {
$this->error = _EMAIL_EMPTY_ALERT;
return false;
}
return true;
}
function forum_edit_replay($id, $bid, $tid)
{
global $db;
$thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed,userID, comment, attachs,postname, adatum,
a.editcom,a.editmocom,a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID,
a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead
FROM ' . DB_PRE . 'ecp_forum_threads
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_comments ON (comID = ' . $id . ')
WHERE threadID = ' . $tid . ' AND bID = ' . $bid);
if (@$_SESSION['userID'] and find_access($thread['rightsread']) and find_access($thread['parentRead']) and (find_access($thread['editcom']) and $_SESSION['userID'] == $thread['userID'] or find_access($thread['editmocom'])) and $db->errorNum() == 0) {
if (isset($_POST['comment'])) {
if ($_POST['comment'] == '' or isset($_POST['username']) and $_POST['username'] == '' or isset($_POST['title']) and $_POST['title'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
$tpl->assign('func', 'edit');
$tpl->assign('func2', '&comID=' . $id);
$tpl->assign('comment', $_POST['comment']);
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$tpl->assign('title', $thread['threadname']);
}
if ($thread['userID'] == 0) {
$tpl->assign('username', $thread['postname']);
}
ob_start();
if ($thread['attachments'] and $thread['attachmaxsize']) {
$attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
if ($thread['attachments'] > $attachs) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments'] - $attachs);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_EDIT, $content, '', 1);
} else {
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'%s\', comment = \'%s\', edits =edits +1, editdatum = %d, edituserID = %d WHERE comID = %d', strsave(htmlspecialchars(@$_POST['username'])), strsave(comment_save($_POST['comment'])), time(), @(int) $_SESSION['userID'], $id))) {
if (find_access($thread['attachfiles'])) {
if (UPLOAD_METHOD == 'old') {
$maxattach = $thread['attachments'] - $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'bID = ' . $bid . ' AND mID = ' . $id);
foreach ($_FILES as $key => $value) {
if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) {
continue;
}
$mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']);
if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') {
$sha1 = sha1_file($_FILES[$key]['tmp_name']);
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $tid, $id))) {
move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1);
umask(0);
chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $tid);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $id);
}
$maxattach--;
}
}
} else {
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid));
if ($db->affekt_rows()) {
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid);
}
}
}
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET threadname = \'' . strsave(htmlspecialchars($_POST['title'])) . '\', vonname = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $tid);
}
$last = $db->fetch_assoc('SELECT userID,postname,adatum, tID FROM ' . DB_PRE . 'ecp_forum_comments WHERE boardID = ' . $bid . ' ORDER BY adatum DESC LIMIT 1');
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `lastpostuserID` = ' . (int) $last['userID'] . ', `lastpostuser` = \'' . $last['postname'] . '\', `lastpost` = ' . (int) $last['adatum'] . ', lastthreadID = ' . (int) $last['tID'] . ' WHERE (boardID = ' . $bid . ' OR boardID = ' . $thread['boardparentID'] . ')');
$last = $db->fetch_assoc('SELECT userID,postname,adatum FROM ' . DB_PRE . 'ecp_forum_comments WHERE tID = ' . $tid . ' ORDER BY adatum DESC LIMIT 1');
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET `lastuserID` = ' . $last['userID'] . ', `lastusername` = \'' . $last['postname'] . '\', `lastreplay` = ' . $last['adatum'] . ' WHERE threadID = ' . $tid);
unset($_SESSION['forum']['attach'][$bid]);
$anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND boardID =' . $bid . ' AND adatum < ' . $thread['adatum']);
header1('?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $tid . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $id);
}
}
} else {
$tpl = new smarty();
$tpl->assign('comment', htmlspecialchars($thread['comment']));
$tpl->assign('func', 'edit');
$tpl->assign('func2', '&comID=' . $id);
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$tpl->assign('title', $thread['threadname']);
}
if ($thread['userID'] == 0) {
$tpl->assign('username', $thread['postname']);
}
ob_start();
if ($thread['attachments'] and $thread['attachmaxsize']) {
$attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
if ($thread['attachments'] > $attachs) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments'] - $attachs);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_EDIT, $content, '', 1);
}
} else {
table(ERROR, ACCESS_DENIED);
}
}
/**
* Russell, 2012-11-10: Shared functionality useed in index.php and
* codetester.php.
* Side-affect, can't use browser's back button to get old results as
* a re-post will have a different nonce so will block
*/
function get_nonce()
{
$nonce = isset($_SESSION['nonce']) ? $_SESSION['nonce'] : hash('sha512', get_random_string());
$_SESSION['nonce'] = $nonce;
return $nonce;
}
/**
* Send activation email
* @param $email
*/
public static function Reactivate($email)
{
global $objSettings;
// deny all operations in demo version
if (strtolower(SITE_MODE) == 'demo') {
self::$static_error = _OPERATION_BLOCKED;
return false;
}
if (!empty($email)) {
if (check_email_address($email)) {
$sql = 'SELECT id, first_name, last_name, user_name, registration_code, preferred_language, is_active ';
if (!PASSWORDS_ENCRYPTION) {
$sql .= ', user_password ';
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') {
$sql .= ', AES_DECRYPT(user_password, \'' . PASSWORDS_ENCRYPT_KEY . '\') as user_password ';
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') {
$sql .= ', \'\' as user_password ';
}
}
}
$sql .= 'FROM ' . TABLE_CUSTOMERS . ' WHERE email = \'' . $email . '\'';
$temp = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY);
if (is_array($temp) && count($temp) > 0) {
if ($temp['registration_code'] != '' && $temp['is_active'] == '0') {
////////////////////////////////////////////////////////
if (!PASSWORDS_ENCRYPTION) {
$user_password = $temp['user_password'];
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') {
$user_password = $temp['user_password'];
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') {
$user_password = get_random_string(8);
$sql = 'UPDATE ' . TABLE_CUSTOMERS . ' SET user_password = \'' . md5($user_password) . '\' WHERE id = ' . $temp['id'];
database_void_query($sql);
}
}
}
send_email($email, $objSettings->GetParameter('admin_email'), 'new_account_created_confirm_by_email', array('{FIRST NAME}' => $temp['first_name'], '{LAST NAME}' => $temp['last_name'], '{USER NAME}' => $temp['user_name'], '{USER PASSWORD}' => $user_password, '{REGISTRATION CODE}' => $temp['registration_code'], '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{BASE URL}' => APPHP_BASE, '{YEAR}' => date('Y')), $temp['preferred_language']);
////////////////////////////////////////////////////////
return true;
} else {
self::$static_error = _EMAILS_SENT_ERROR;
return false;
}
} else {
self::$static_error = _EMAIL_NOT_EXISTS;
return false;
}
} else {
self::$static_error = _EMAIL_IS_WRONG;
return false;
}
} else {
self::$static_error = _EMAIL_EMPTY_ALERT;
return false;
}
return true;
}
public function putPassword($password)
{
$this->setSalt(get_random_string(16));
$this->setPassword(md5($this->getSalt() . $password));
}
/**
* Set auto-login token
* @since Version 3.2
* @version 3.2
* @return boolean
*
* @param int $cookieExpire
*/
public function setAutoLogin($cookieExpire)
{
if (empty($cookieExpire)) {
$cookieExpire = RP_AUTOLOGIN_EXPIRE;
}
if (!is_null(filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR", FILTER_SANITIZE_STRING))) {
#!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$clientAddr = filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR", FILTER_SANITIZE_STRING);
#$_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$clientAddr = filter_input(INPUT_SERVER, "REMOTE_ADDR", FILTER_SANITIZE_URL);
#$_SERVER['REMOTE_ADDR'];
}
$data = array("user_id" => $this->id, "autologin_token" => get_random_string("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 16), "autologin_expire" => $cookieExpire, "autologin_ip" => $clientAddr, "autologin_hostname" => filter_input(INPUT_SERVER, "REMOTE_HOST", FILTER_SANITIZE_STRING), "autologin_last" => time(), "autologin_time" => time());
if (is_null($data['autologin_hostname'])) {
$data['autologin_hostname'] = $clientAddr;
}
$autologin = array("user_id" => $this->id, "token" => $data['autologin_token']);
if ($this->db->insert("nuke_users_autologin", $data)) {
setcookie("rp_autologin", base64_encode(implode(":", $autologin)), $cookieExpire, RP_AUTOLOGIN_PATH, RP_AUTOLOGIN_DOMAIN, RP_SSL_ENABLED, true);
$this->addNote("Autologin token set");
return true;
}
return false;
}
<?php
require_once 'config.php';
require_once 'functions.php';
$soluciones = array();
$result = (require_once './preguntas.php');
shuffle($result);
$body = '';
for ($ex = 0; $ex < TOTAL_EXAMENES_A_GENERAR; $ex++) {
$num_pregunta = 1;
$referencia_examen = mb_strtoupper(get_random_string(4, 4, true, false, false));
if ($ex > 0) {
$body .= '<div class="newpage"></div>' . PHP_EOL;
}
$body .= '<p>Nombre: <span class="referenciaexamen"> COD: ' . $referencia_examen . '</span></p>';
$soluciones[$referencia_examen] = array();
foreach ($result as $a => $b) {
$body .= '<div id="pregunta' . $num_pregunta . '" class="pregunta">';
$body .= '<h2 class="titulopregunta">' . $num_pregunta . ') ' . $b['titulo'] . '</h2>' . PHP_EOL;
if ($b['tipo'] == 'TEST') {
$body .= '<ul class="listarespuestastest">' . PHP_EOL;
$respuestas_rnd = shuffle_assoc($b['respuestas']);
$i = 'a';
foreach ($respuestas_rnd as $c => $d) {
$body .= '<li class="resupestatest">' . $i . ') ' . $c . '</li>' . PHP_EOL;
if ($d) {
$soluciones[$referencia_examen][$num_pregunta] = $i;
}
$i++;
}
$body .= '</ul>' . PHP_EOL;
function forgot_password($con)
{
if (isset($_POST['Submit'])) {
$user = strtolower(mysqli_real_escape_string($con, $_POST['username']));
$email = strtolower(mysqli_real_escape_string($con, $_POST['email']));
$check_email_user = mysqli_query($con, "SELECT password, salt FROM user WHERE username= '******' AND email = '{$email}'") or die(mysqli_error($con));
if (mysqli_num_rows($check_email_user) == 1) {
$pw1 = get_random_string("abcdefghijklmnopqrstuwxyz1234567890_!#\$%&=", 7);
//create new salt, generate crypt and store new PW and salt
$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
$password_final = crypt($pw1, $salt);
$mail = smtpmailer($email, "*****@*****.**", "ETM Automated mail", "Eve Trade Master - login details", "You have recently requested a new password at www.evetrademaster.com. Your new password is '{$pw1}'");
$update_pw_salt = mysqli_query($con, "UPDATE user SET password = '******', salt = '{$salt}' WHERE username = '******' ") or die(mysqli_error($con));
if ($update_pw_salt) {
} else {
echo "Error establishing database connection. Try again later";
}
} else {
echo "Data doesn't match our records";
}
} else {
?>
Forgot your password? Type your email and username and we'll send you a new one.
<form method="POST" action="forgot_password.php" ><fieldset>
<div class="form-group">
Email <input class="form-control" type = "text" size="30" name="email">
</div>
<div class="form-group">
Username<input class="form-control" type = "text" size="20" name="username">
</div>
<p align='center'><input type ="Submit" name="Submit" value="Submit" class="btn btn-lg btn-success"></p>
</fieldset></form>
<?php
}
}
function account_del_account()
{
global $db;
if ($db->result(DB_PRE . 'ecp_user', 'ondelete', 'ID = ' . $_SESSION['userID'])) {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET ondelete = 0 WHERE ID = ' . $_SESSION['userID'])) {
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_codes WHERE userID = ' . $_SESSION['userID'] . ' AND art = \'account_del\'');
table(INFO, ACCOUNT_DELETE_REMOVE);
}
} else {
if (isset($_GET['agree'])) {
$str = get_random_string(10, 2);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_codes WHERE userID = ' . $_SESSION['userID'] . ' AND art = \'account_del\'');
if (send_email($_SESSION['email'], ACCOUNT_DELETE, CONFIRM_LINK . ': ' . SITE_URL . '?section=account&action=confirmdel&code=' . $str . '&id=' . $_SESSION['userID'])) {
if ($db->query('INSERT INTO ' . DB_PRE . 'ecp_user_codes (`userID`, `code`, `art`) VALUES (\'' . $_SESSION['userID'] . '\', \'' . strsave($str) . '\', \'account_del\')')) {
table(INFO, EMAIL_SEND_SUCCESS);
}
} else {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET ondelete = ' . strtotime('tomorrow 23:59') . ' WHERE ID = ' . $_SESSION['userID'])) {
table(INFO, str_replace('{zeit}', date('d.m.Y H:i', strtotime('tomorrow 23:59')), ACCOUNT_DELETE_ON));
}
}
} else {
table(INFO, ACCOUNT_DEL_QUEST);
}
}
}
if ($length < 1 || preg_match('/^.*(?=.*[a-z|A-Z]).*$/', $length)) {
$length = 20;
}
if ($lc) {
$validcharacters .= 'abcdefghijklmnopqrstuvwxyz';
}
if ($uc) {
$validcharacters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
}
if ($sym) {
$validcharacters .= '!@#$%^&*()_+=-[{]};:\'",<.>/?`~';
}
if ($num) {
$validcharacters .= '0123456789';
}
$password = get_random_string($validcharacters, (int) $length);
}
if (isset($_POST['length'])) {
$temp = $_POST['length'];
} else {
$temp = 20;
}
?>
<html>
<body>
<?php
if ($password != '') {
echo 'Password is: <div class="password"><strong>' . $password . '</strong></div><br />';
}
echo '<form action="generatepassword.php" method="POST">';
$q = 'SELECT username, email FROM users WHERE email="' . $email . '" LIMIT 1';
if ($r = mysql_query($q, $dbConn)) {
$row = mysql_fetch_array($r);
if (is_array($row)) {
//found an account with a matching email.
$username = $row['username'];
$email = $row['email'];
} else {
$error['nouser'] = '******'t belong to a registered user.';
}
} else {
$error['mysql'] = 'Bad database connection.';
}
if (empty($error)) {
// mysql fields to complete are id, time, email, resetcode
$code = get_random_string() . time() . get_random_string();
$q = "INSERT INTO pass_reset values (NULL, CURRENT_TIMESTAMP, '{$email}', '{$code}')";
if ($r = mysql_query($q, $dbConn)) {
$to = strip_tags($email);
$subject = "No Clan: Password reset request";
$link = rurl() . htmlentities($_SERVER['PHP_SELF']) . '?resetCode=' . $code;
$nc = rurl();
$body = trim("Hi {$username}!<br/>\n\n\t\t\t\t\t\tYou seem to have forgotten your account's details.\n\t\t\t\t\t\tYour registered username is: {$username}<br />\n\n\t\t\t\t\t\tTo select a new password, you have to follow this link:<br />\n\n\t\t\t\t\t\t<a href='{$link}'>{$link}</a><br />\n\n\t\t\t\t\t\t<br />\n\n\t\t\t\t\t\t(or copy&paste the url on your browser)<br />\n\n\t\t\t\t\t\tPlease take note that this code is temporary and\n\t\t\t\t\t\tonly lasts for 3 hours. After this period, you will\n\t\t\t\t\t\thave to request a new password reset.<br />\n\n\t\t\t\t\t\t<br />\n\n\t\t\t\t\t\tIf you didn't request a password reset and you\n\t\t\t\t\t\twant to keep your current password, you may ignore\n\t\t\t\t\t\tthis email.<br />\n\n\t\t\t\t\t\t<br />\n\n\t\t\t\t\t\tSee you soon.<br/>\n\n\t\t\t\t\t\tNo Clan - <a href='{$nc}'>{$nc}</a><br/>\n<br/>\n");
if (send_mail($to, $subject, $body)) {
// Finish all
$request = 'sent';
} else {
$error['bademail'] = 'We are sorry, we couldn\'t send the email. Please contact the administration.';
}
} else {
$error['mysql'] = 'Request failed. Have you already requested a password reset?';
$STH->bindParam(3, $_POST['title'], PDO::PARAM_STR);
$STH->bindParam(4, $_POST['priority'], PDO::PARAM_INT);
$STH->bindParam(5, $_POST['wsurl'], PDO::PARAM_STR);
$STH->bindParam(6, $_POST['contype'], PDO::PARAM_STR);
$STH->bindParam(7, $_POST['ftpus'], PDO::PARAM_STR);
$STH->bindParam(8, $_POST['ftppass'], PDO::PARAM_STR);
$STH->bindParam(9, $key, PDO::PARAM_STR);
$STH->bindParam(10, $date, PDO::PARAM_STR);
$STH->bindParam(11, $date, PDO::PARAM_STR);
$STH->bindParam(12, $ena, PDO::PARAM_STR);
$STH->execute();
echo '<script>parent.$(".main").nimbleLoader("show", {position : "fixed",loaderClass : "loading_bar_body",hasBackground : true,zIndex : 999,backgroundColor : "#fff",backgroundOpacity : 0.9});</script>';
//Assign Reference Number
$tkid = $DBH->lastInsertId();
$ip = retrive_ip();
$randomref = get_random_string(6);
$spadd = str_split(strrev($_SESSION['id'] . ''));
$lll = count($spadd);
for ($i = 0; $i < $lll; $i++) {
$spadd[$i] = $letarr[$spadd[$i]];
}
$randomref = implode('', $spadd) . $randomref;
$query = "UPDATE " . $SupportTicketsTable . " SET ref_id=? WHERE id=? ";
$STH = $DBH->prepare($query);
$STH->bindParam(1, $randomref, PDO::PARAM_STR);
$STH->bindParam(2, $tkid, PDO::PARAM_INT);
$STH->execute();
//Insert Message
$query = "INSERT INTO " . $SupportMessagesTable . "(`user_id`,`message`,`ticket_id`,`ip_address`,`created_time`) VALUES (?,?,?,?,?);";
$STH = $DBH->prepare($query);
$STH->bindParam(1, $_SESSION['id'], PDO::PARAM_INT);
/**
* Draws mass mail form
* $param $draw
*/
public function DrawMassMailForm($draw = true)
{
global $objSettings;
$template_subject = '';
$template_content = '';
$result = database_query('SELECT COUNT(*) as cnt FROM ' . $this->TABLE_NAME . ' WHERE is_active = 1 AND email_notifications = 1 AND email != \'\'', DATA_ONLY, FIRST_ROW_ONLY);
$members_emails_count = isset($result['cnt']) ? $result['cnt'] : 0;
$result = database_query('SELECT COUNT(*) as cnt FROM ' . TABLE_ACCOUNTS . ' WHERE is_active = 1 AND email != \'\'', DATA_ONLY, FIRST_ROW_ONLY);
$admins_emails_count = isset($result['cnt']) ? $result['cnt'] : 0;
$emails_count = $members_emails_count + $admins_emails_count;
$result = database_query('SELECT COUNT(*) as cnt FROM ' . TABLE_NEWS_SUBSCRIBED . ' WHERE email != \'\'', DATA_ONLY, FIRST_ROW_ONLY);
$newsletter_subscribers_count = isset($result['cnt']) ? $result['cnt'] : 0;
$send_copy_to_admin = '1';
$email_from = $objSettings->GetParameter('admin_email');
$template_code = isset($_GET['template_code']) ? prepare_input($_GET['template_code']) : '';
$duration = isset($_POST['duration']) ? (int) $_POST['duration'] : '5';
$members_module_installed = Modules::IsModuleInstalled($this->MODULE_NAME);
// load appropriate email template
if ($template_code != '') {
$template = $this->GetTemplate($template_code, Application::Get('lang'));
$template_subject = $template['template_subject'];
$template_content = $template['template_content'];
}
if ($this->error == true) {
$template_code = isset($_POST['template_name']) ? prepare_input($_POST['template_name']) : '';
$template_subject = isset($_POST['subject']) ? prepare_input($_POST['subject']) : '';
$template_content = isset($_POST['message']) ? prepare_input($_POST['message']) : '';
}
$output = '<script type="text/javascript">
function duration_OnChange(val){
var el_package_size = (document.getElementById(\'package_size\')) ? document.getElementById(\'package_size\') : null;
if(val == \'\' && el_package_size){
el_package_size.selectedIndex = 0;
el_package_size.disabled = \'disabled\';
}else{
el_package_size.disabled = \'\';
}
}
function email_to_OnChange(val){
var el_send_copy_to_admin = (document.getElementById(\'send_copy_to_admin\')) ? document.getElementById(\'send_copy_to_admin\') : null;
if(val == \'admins\' && el_send_copy_to_admin){
el_send_copy_to_admin.disabled = \'disabled\';
}else{
el_send_copy_to_admin.disabled = \'\';
}
}
function OnSubmit_Check(){
var email_to = (document.getElementById(\'email_to\')) ? document.getElementById(\'email_to\').value : \'\';
var email_from = (document.getElementById(\'email_from\')) ? document.getElementById(\'email_from\').value : \'\';
var subject = (document.getElementById(\'subject\')) ? document.getElementById(\'subject\').value : \'\';
var message = (document.getElementById(\'message\')) ? document.getElementById(\'message\').value : \'\';
if(email_to == \'\'){
alert(\'' . str_replace('_FIELD_', _EMAIL_TO, _FIELD_CANNOT_BE_EMPTY) . '\');
document.getElementById(\'email_to\').focus();
return false;
}else if(email_from == \'\'){
alert(\'' . str_replace('_FIELD_', _EMAIL_FROM, _FIELD_CANNOT_BE_EMPTY) . '\');
document.getElementById(\'email_from\').focus();
return false;
}else if(email_from != \'\' && !appIsEmail(email_from)){
alert(\'' . str_replace('_FIELD_', _EMAIL_FROM, _FIELD_MUST_BE_EMAIL) . '\');
document.getElementById(\'email_from\').focus();
return false;
}else if(subject == \'\'){
alert(\'' . str_replace('_FIELD_', _SUBJECT, _FIELD_CANNOT_BE_EMPTY) . '\');
document.getElementById(\'subject\').focus();
return false;
}else if(message == \'\'){
alert(\'' . str_replace('_FIELD_', _MESSAGE, _FIELD_CANNOT_BE_EMPTY) . '\');
document.getElementById(\'message\').focus();
return false;
}else if(email_to == \'all\'){
if(!confirm(\'' . _PERFORM_OPERATION_COMMON_ALERT . '\')){
return false;
}
}
return true;
}
</script>';
$output .= '<form action="index.php?admin=mass_mail" method="post" style="margin:0px;">
' . draw_hidden_field('task', 'send', false) . '
' . draw_hidden_field('email_random_code', get_random_string(10), false) . '
' . draw_token_field(false) . '
<table border="0" cellspacing="10">
<tr>
<td align="left" valign="top">
<fieldset style="height:410px;">
<legend><b>' . _FORM . ':</b></legend>
<table width="97%" align="center" border="0" cellspacing="5">
<tr>
<td align="right" nowrap="nowrap">
<label>' . _EMAIL_TEMPLATES . ':</label><br>
' . prepare_permanent_link('index.php?admin=email_templates', '[ ' . _MANAGE_TEMPLATES . ' ]', '', '') . '
</td>
<td></td>
<td>
<table cellpadding="0" cellspacing="0">
<tr valign="middle">
<td>
<select name="template_name" id="template_name" style="margin-bottom:3px;" onchange="javascript:appGoTo(\'admin=mass_mail&template_code=\'+this.value)">
<option value="">-- ' . _NO_TEMPLATE . ' --</option>';
$templates = $this->GetAllTemplates('is_system_template=0');
for ($i = 0; $i < $templates[1]; $i++) {
$output .= '<option';
$output .= $templates[0][$i]['is_system_template'] == '1' ? ' style="background-color:#ffffcc;color:#000055"' : '';
$output .= $template_code == $templates[0][$i]['template_code'] ? ' selected="selected"' : '';
$output .= ' value="' . encode_text($templates[0][$i]['template_code']) . '">' . $templates[0][$i]['template_name'] . '</option>';
}
$output .= '
</select>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right" nowrap="nowrap"><label>' . _EMAIL_TO . ':</label></td>
<td><span class="mandatory_star">*</span></td>
<td>
<select name="email_to" id="email_to" style="margin-bottom:3px;" onchange="email_to_OnChange(this.value)">
<option value="">-- ' . _SELECT . ' --</option>
<option value="test" style="background-color:#ffffcc;color:#000055">' . _TEST_EMAIL . ' (' . $email_from . ')</option>';
if (Modules::IsModuleInstalled('news')) {
$output .= '<option value="newsletter_subscribers" style="background-color:#ffccff;color:#000055">' . _NEWSLETTER_SUBSCRIBERS . ' (' . $newsletter_subscribers_count . ')</option>';
}
if ($members_module_installed) {
$output .= '<optgroup label="' . $this->MEMBERS_NAME . '">';
$output .= '<option value="members|all">' . _ALL . ' (' . $members_emails_count . ')</option>';
if (self::$PROJECT == 'ShoppingCart' || self::$PROJECT == 'BusinessDirectory' || self::$PROJECT == 'HotelSite') {
$arrMembersGroups = CustomerGroups::GetAllGroupsByCustomers();
} else {
if (self::$PROJECT == 'MedicalAppointment') {
$arrMembersGroups = PatientGroups::GetAllGroupsByPatiens();
} else {
$arrMembersGroups = UserGroups::GetAllGroupsByUsers();
}
}
$member_groups_emails_count = 0;
if ($arrMembersGroups[1] > 0) {
foreach ($arrMembersGroups[0] as $key => $val) {
if ($val[$this->MODULE_NAME . '_count']) {
$output .= '<option value="members|' . $val['id'] . '">' . $val['name'] . ' (' . $val[$this->MODULE_NAME . '_count'] . ')</option>';
$member_groups_emails_count += $val[$this->MODULE_NAME . '_count'];
}
}
}
$member_non_groups_emails = $members_emails_count - $member_groups_emails_count;
$output .= '<option value="members|uncategorized">' . _UNCATEGORIZED . ' (' . $member_non_groups_emails . ')</option>';
$output .= '</optgroup>';
}
$output .= '<option value="admins">' . _ADMINS . ' (' . $admins_emails_count . ')</option>';
if ($members_module_installed) {
$output .= '<option value="all">' . $this->ADMINS_MEMBERS_NAME . ' (' . $emails_count . ')</option>';
}
$output .= '</select>
</td>
</tr>
<tr>
<td align="right" nowrap="nowrap"><label for="email">' . _EMAIL_FROM . ':</label></td>
<td><span class="mandatory_star">*</span></td>
<td>
<input type="text" name="email_from" style="width:210px" id="email_from" value="' . decode_text($email_from) . '" maxlength="70" />
</td>
</tr>
<tr valign="top">
<td align="right" nowrap="nowrap"><label>' . _SUBJECT . ':</label></td>
<td><span class="mandatory_star">*</span></td>
<td>
<input type="text" style="width:410px" name="subject" id="subject" value="' . decode_text($template_subject) . '" maxlength="255" />
</td>
</tr>
<tr valign="top">
<td align="right" nowrap="nowrap"><label>' . _MESSAGE . ':</label></td>
<td><span class="mandatory_star">*</span></td>
<td>
<textarea style="width:465px;margin-right:10px;" rows="10" name="message" id="message">' . $template_content . '</textarea>
</td>
</tr>';
$output .= '<tr valign="middle">
<td colspan="2"></td>
<td><img src="images/question_mark.png" alt="">' . _MASS_MAIL_ALERT . '</td>
</tr>';
$output .= '<tr><td colspan="3" nowrap style="height:6px;"></td></tr>
<tr>
<td align="right" nowrap="nowrap"><a href="javascript:void(0);" onclick="appPopupWindow(\'mail_preview.html\',\'message\')">[ ' . _PREVIEW . ' ]</a></td>
<td></td>
<td>
<div style="float:left"><input type="checkbox" class="form_checkbox" name="send_copy_to_admin" id="send_copy_to_admin" ' . ($send_copy_to_admin == '1' ? 'checked="checked"' : '') . ' value="1"> <label for="send_copy_to_admin">' . _SEND_COPY_TO_ADMIN . '</label></div>
<div style="float:right"><input class="form_button" type="submit" name="btnSubmit" value="' . _SEND . '" onclick="return OnSubmit_Check();"> </div>
</td>
</tr>
</table>
</fieldset>
</td>
<td align="left" valign="top">
<fieldset style="padding-' . Application::Get('defined_right') . ':10px;">
<legend>' . _PREDEFINED_CONSTANTS . ':</legend>
<ul>
<li>{FIRST NAME} <br><span style="color:a0a0a0">' . _PC_FIRST_NAME_TEXT . '</span></li>
<li>{LAST NAME} <br><span style="color:a0a0a0">' . _PC_LAST_NAME_TEXT . '</span></li>
<li>{USER NAME} <br><span style="color:a0a0a0">' . _PC_USER_NAME_TEXT . '</span></li>
<li>{USER EMAIL} <br><span style="color:a0a0a0">' . _PC_USER_EMAIL_TEXT . '</span></li>
<li>{BASE URL} <br><span style="color:a0a0a0">' . _PC_WEB_SITE_BASED_URL_TEXT . '</span></li>
<li>{WEB SITE} <br><span style="color:a0a0a0">' . _PC_WEB_SITE_URL_TEXT . '</span></li>
<li>{YEAR} <br><span style="color:a0a0a0">' . _PC_YEAR_TEXT . '</span></li>
</ul>
</fieldset>
</td>
</tr>
</table>
</form>';
if ($draw) {
echo $output;
} else {
return $output;
}
}
/**
* Do (prepare) order
* @param $payment_type
*/
public static function DoOrder($payment_type = '')
{
//global $objSettings;
global $objLogin;
if (SITE_MODE == 'demo') {
self::$message = draw_important_message(_OPERATION_BLOCKED, false);
return false;
}
// check if customer has reached the maximum number of allowed 'open' orders
$max_orders = ModulesSettings::Get('payments', 'maximum_allowed_orders');
$sql = 'SELECT COUNT(*) as cnt
FROM ' . TABLE_ORDERS . '
WHERE customer_id = ' . (int) $objLogin->GetLoggedID() . ' AND
(status = 0 OR status = 1)';
$result = database_query($sql, DATA_ONLY);
$cnt = isset($result[0]['cnt']) ? (int) $result[0]['cnt'] : 0;
if ($cnt >= $max_orders) {
self::$message = _MAX_ORDERS_ERROR;
return false;
}
$return = false;
$currency = MicroGrid::GetParameter('currency', false);
$plan_id = MicroGrid::GetParameter('plan_id', false);
$payment_type = MicroGrid::GetParameter('payment_type', false);
$additionalInfo = '';
$payed_by = 0;
$listings_amount = 0;
$order_price = 0;
$vat_percent = ModulesSettings::Get('payments', 'vat_value');
$vat_cost = 0;
$total_price = 0;
// add order to database
if (in_array($payment_type, array('online', 'paypal', '2co', 'authorize'))) {
if ($payment_type == 'paypal') {
$payed_by = '1';
$status = '0';
} else {
if ($payment_type == '2co') {
$payed_by = '2';
$status = '0';
} else {
if ($payment_type == 'authorize') {
$payed_by = '3';
$status = '0';
} else {
$payed_by = '0';
$status = '0';
}
}
}
$sql = 'SELECT ap.id, ap.listings_count, ap.price, ap.duration
FROM ' . TABLE_ADVERTISE_PLANS . ' ap
WHERE ap.id = ' . (int) $plan_id;
$result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY);
if ($result[1] > 0) {
$listings_amount = $result[0]['listings_count'];
$order_price = $result[0]['price'] * Application::Get('currency_rate');
$vat_cost = $order_price * ($vat_percent / 100);
$total_price = $order_price + $vat_cost;
/////////////////////////////////////////////////////////////////
$sql = 'SELECT id, order_number FROM ' . TABLE_ORDERS . ' WHERE customer_id = ' . (int) $objLogin->GetLoggedID() . ' AND status = 0 ORDER BY id DESC';
$result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY);
if ($result[1] > 0) {
$sql_start = 'UPDATE ' . TABLE_ORDERS . ' SET ';
$order_number = $result[0]['order_number'];
$sql_end = ' WHERE order_number = \'' . $order_number . '\'';
} else {
$sql_start = 'INSERT INTO ' . TABLE_ORDERS . ' SET ';
$order_number = strtoupper(get_random_string(10));
$sql_end = '';
}
$sql_middle = 'order_number = \'' . $order_number . '\',
order_description = \'' . _LISTINGS_PURCHASING . '\',
order_price = ' . number_format((double) $order_price, (int) Application::Get('currency_decimals'), '.', '') . ',
vat_percent = ' . $vat_percent . ',
vat_fee = ' . number_format((double) $vat_cost, (int) Application::Get('currency_decimals'), '.', '') . ',
total_price = ' . number_format((double) $total_price, (int) Application::Get('currency_decimals'), '.', '') . ',
currency = \'' . $currency . '\',
advertise_plan_id = ' . $plan_id . ',
listings_amount = ' . (int) $listings_amount . ',
customer_id = ' . (int) @$objLogin->GetLoggedID() . ',
transaction_number = \'\',
created_date = \'' . date('Y-m-d H:i:s') . '\',
payment_date = \'0000-00-00 00:00:00\',
payment_type = ' . $payed_by . ',
payment_method = 0,
coupon_number = \'\',
discount_campaign_id = 0,
additional_info = \'' . $additionalInfo . '\',
cc_type = \'\',
cc_holder_name = \'\',
cc_number = \'\',
cc_expires_month = \'\',
cc_expires_year = \'\',
cc_cvv_code = \'\',
status = ' . (int) $status . ',
status_changed = \'0000-00-00 00:00:00\',
email_sent = 0';
$sql = $sql_start . $sql_middle . $sql_end;
if (database_void_query($sql)) {
$return = true;
} else {
self::$message = _ORDER_PEPARING_ERROR;
$return = false;
}
} else {
self::$message = _ORDER_PEPARING_ERROR;
$return = false;
}
} else {
self::$message = _ORDER_PEPARING_ERROR;
$return = false;
}
if (SITE_MODE == 'development' && !empty(self::$message)) {
self::$message .= '<br>' . $sql . '<br>' . mysql_error();
}
return $return;
}
function project_pg()
{
function get_random_string($valid_chars, $length)
{
// start with an empty random string
$random_string = "";
// count the number of chars in the valid chars string so we know how many choices we have
$num_valid_chars = strlen($valid_chars);
// repeat the steps until we've created a string of the right length
for ($i = 0; $i < $length; $i++) {
// pick a random number from 1 up to the number of valid chars
$random_pick = mt_rand(1, $num_valid_chars);
// take the random character out of the string of valid chars
// subtract 1 from $random_pick because strings are indexed starting at 0, and we started picking at 1
$random_char = $valid_chars[$random_pick - 1];
// add the randomly-chosen char onto the end of our string so far
$random_string .= $random_char;
}
// return our finished random string
return $random_string;
}
$password = '';
$lc = 0;
$uc = 0;
$sym = 0;
$num = 0;
if (isset($_REQUEST['generate'])) {
$validcharacters = '';
if (isset($_POST['lc'])) {
$lc = $_POST['lc'];
} else {
$lc = 0;
}
if (isset($_POST['uc'])) {
$uc = $_POST['uc'];
} else {
$uc = 0;
}
if (isset($_POST['sym'])) {
$sym = $_POST['sym'];
} else {
$sym = 0;
}
if (isset($_POST['num'])) {
$num = $_POST['num'];
} else {
$num = 0;
}
$length = $_POST['length'];
if ($length < 1 || preg_match('/^.*(?=.*[a-z|A-Z]).*$/', $length)) {
$length = 20;
}
if ($lc) {
$validcharacters .= 'abcdefghijklmnopqrstuvwxyz';
}
if ($uc) {
$validcharacters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
}
if ($sym) {
$validcharacters .= '!@#$%^&*()_+=-[{]};:\'",<.>/?`~';
}
if ($num) {
$validcharacters .= '0123456789';
}
if ($lc || $uc || $sym || $num) {
$password = get_random_string($validcharacters, (int) $length);
} else {
$password = '******';
}
}
if (isset($_POST['length'])) {
$temp = $_POST['length'];
} else {
$temp = 20;
}
// More
if ($password != '') {
echo 'Password is: <div class="password"><strong>' . htmlspecialchars($password) . '</strong></div><br />';
}
echo '<form action="index.php" method="POST">';
echo 'Types:<br />';
if (isset($lc) && $lc) {
$l[0] = 'checked';
} else {
$l[0] = '';
}
if (isset($uc) && $uc) {
$l[1] = 'checked';
} else {
$l[1] = '';
}
if (isset($sym) && $sym) {
$l[2] = 'checked';
} else {
$l[2] = '';
}
if (isset($num) && $num) {
$l[3] = 'checked';
} else {
$l[3] = '';
}
echo '<input type="checkbox" name="lc" value="1" ' . $l[0] . '>Lowercase letters<br />';
echo '<input type="checkbox" name="uc" value="1" ' . $l[1] . '>Uppercase letters<br />';
echo '<input type="checkbox" name="sym" value="1" ' . $l[2] . '>Symbols<br />';
echo '<input type="checkbox" name="num" value="1" ' . $l[3] . '>Numbers<br />';
echo 'Length: <input type="text" name="length" value="' . $temp . '" size="5" /><br />';
echo '<input type="submit" name="generate" value="Generate Password" /><br />';
echo '</form>';
}
?>
videos/player/mediaelement-and-player.min.js"></script>
<script src="<?php
echo $siteRoot;
?>
js/plugins.js"></script>
<script src="<?php
echo $siteRoot;
?>
js/script.js?<?php
echo get_random_string();
?>
"></script>
<?php
if ($admin == true && $page != "all_pics") {
echo '<script src="' . $siteRoot . 'js/editable.js?' . get_random_string() . '" type="text/javascript"></script>';
}
?>
<script type="text/javascript">
/* Update _setAccount value to user's Google Analytic account and uncomment this script
var _gaq = _gaq || [];
_gaq.push(['_setAccount', '//////']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();*/
</script>
</body>
$auto_enroll_id = $_REQUEST['auto_enroll_id'];
} else {
$auto_enroll_id = 0;
}
if (isset($_POST['save']) || isset($_POST['add'])) {
/* insert or update a category */
$name = trim($_POST['name']);
$name = $addslashes($name);
$name = validate_length($name, 50);
if (isset($_POST['add']) && !$_POST['add_ids']) {
$msg->addError('NO_ITEM_SELECTED');
}
if (!$msg->containsErrors()) {
if ($auto_enroll_id == 0) {
$sql = "INSERT INTO %sauto_enroll(associate_string, name) VALUES ('%s', '%s')";
$rows_inserted = queryDB($sql, array(TABLE_PREFIX, get_random_string(6, 10), $name));
$auto_enroll_id = at_insert_id();
write_to_log(AT_ADMIN_LOG_INSERT, 'auto_enroll', $rows_inserted, $sqlout);
} else {
$sql = "UPDATE %sauto_enroll SET name = '%s' WHERE auto_enroll_id = %d";
$rows_updated = queryDB($sql, array(TABLE_PREFIX, $name, $auto_enroll_id));
write_to_log(AT_ADMIN_LOG_UPDATE, 'auto_enroll', $rows_updated, $sqlout);
}
if (isset($_POST['add'])) {
foreach ($_POST['add_ids'] as $elem) {
// unable to determine the purpose of this query
// which always returns $row['cnt'] == 0, during queryDB() testing.
$sql = "SELECT count(*) cnt FROM %sauto_enroll_courses\n\t\t\t\t WHERE auto_enroll_id = %d\n\t\t\t\t AND course_id = %d";
$row = queryDB($sql, array(TABLE_PREFIX, $auto_enroll_id, $elem), TRUE);
if ($row["cnt"] == 0) {
$sql = "INSERT INTO %sauto_enroll_courses (auto_enroll_id, course_id) VALUES (%d, %d)";
/**
* Creates new menu
* @param $param - array of parameters
*/
public function MenuCreate($params = array())
{
// Block operation in demo mode
if (strtolower(SITE_MODE) == 'demo') {
$this->error = _OPERATION_BLOCKED;
return false;
}
// Get input parameters
if (isset($params['name'])) {
$this->menu['menu_name'] = $params['name'];
}
if (isset($params['menu_placement'])) {
$this->menu['menu_placement'] = $params['menu_placement'];
}
if (isset($params['order'])) {
$this->menu['menu_order'] = $params['order'];
}
if (isset($params['language_id'])) {
$this->menu['language_id'] = $params['language_id'];
}
if (isset($params['access_level'])) {
$this->menu['access_level'] = $params['access_level'];
}
// Prevent creating of empty records in our 'menus' table
if ($this->menu['menu_name'] != '') {
$menu_code = strtoupper(get_random_string(10));
$total_languages = Languages::GetAllActive();
for ($i = 0; $i < $total_languages[1]; $i++) {
$m = self::GetAll(' menu_order ASC', TABLE_MENUS, '', $total_languages[0][$i]['abbreviation']);
$max_order = (int) ($m[1] + 1);
$sql = 'INSERT INTO ' . TABLE_MENUS . ' (language_id, menu_code, menu_name, menu_placement, menu_order, access_level)
VALUES(\'' . $total_languages[0][$i]['abbreviation'] . '\', \'' . $menu_code . '\', \'' . encode_text($this->menu['menu_name']) . '\', \'' . $this->menu['menu_placement'] . '\', ' . $max_order . ', \'' . $this->menu['access_level'] . '\')';
if (!database_void_query($sql)) {
$this->error = _TRY_LATER;
return false;
}
}
return true;
} else {
$this->error = _MENU_NAME_EMPTY;
return false;
}
}
function get_file_name_hash($length = 8)
{
return time() . get_random_string($length);
}
function encrypt($content)
{
// add random char at both ends
$content = get_random_string(4) . $content . get_random_string(4);
// base64_encode
$content = base64_encode($content);
// swap at position 4
$content = substr($content, 4, strlen($content) - 4) . substr($content, 0, 4);
// reverse it
$content = strrev($content);
return $content;
}
