function create_status($req)
{
$source = source_lookup_auth($req->authenticator);
if (!$source) {
error("auth failure");
return;
}
$req->source_id = $source->id;
if (!status_insert($req)) {
error(db_error());
return;
}
$reply = success();
$reply->id = insert_id();
echo json_encode($reply);
}
require "../../require/function.php";
require "../../require/back_include.php";
set_time_limit(3600);
if ($_POST["prix"] != "") {
//creation du repertoire tmp
//@mkdir ($_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id'], 0775);
//deplacement du fichier
//move_uploaded_file($_FILES[ext]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$_FILES["ext"]["name"]);
$filename = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext"]["name"]);
//if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){
//sauvegarde en base
$ext = getext($_FILES["ext"]["name"]);
$sql = "insert into " . __racinebd__ . "prix (montant,quantite,ref) value('" . addquote($_POST["prix"]) . "','" . addquote($_POST["quantite"]) . "','" . addquote($_POST["ref"]) . "')";
$link = query($sql);
$prix_id = insert_id();
$querystring = "select * from " . __racinebd__ . "attribut where supprimer=0 order by libelle";
$link = query($querystring);
while ($tbl = fetch($link)) {
//print "attr_".$tbl["attribut_id"]."<br>";
//print $_POST["attr_".$tbl["attribut_id"]];
if ($_POST["attr_" . $tbl["attribut_id"]] != "" && $_POST["attr_" . $tbl["attribut_id"]] != -1) {
$sql = "insert into " . __racinebd__ . "valeur_prix (valeur_id,prix_id,attribut_id) value('" . addquote($_POST["attr_" . $tbl["attribut_id"]]) . "','" . $prix_id . "','" . $tbl["attribut_id"] . "')";
query($sql);
}
}
?>
<script>
content='<table width="100%" style="border-bottom:1px solid black" id="table_prix_<?php
echo $prix_id;
?>
<?php
require "../../require/function.php";
require "../../require/back_include.php";
set_time_limit(3600);
if ($_POST["libelle"] != "") {
$sql = "select max(ordre) as maxordre from " . __racinebd__ . "devisline where supprimer=0 and devis_id=" . $_GET["id"];
$link = query($sql);
$tbl = fetch($link);
$sql = "insert into " . __racinebd__ . "devisline (devis_id,libelle,montant,ordre) \r\n value('" . addquote($_GET["id"]) . "','" . addquote($_POST["libelle"]) . "','" . str_replace(",", ".", addquote($_POST["montant"])) . "','" . ($tbl["maxordre"] + 1) . "')";
$link = query($sql);
$mmontant_id = insert_id();
?>
<script>
//rafraichissement de la liste
//alert(top.listidmontantiframelist.location)
if(top.listidmontantiframelist.contentWindow)
top.listidmontantiframelist.contentWindow.location.reload(true);
else
top.listidmontantiframelist.location.reload(true);
</script>
<?php
}
?>
<html>
<head>
<META http-equiv="Content-Type" Content="text/html; charset=UTF-8">
<script>
function validateForm(obj){
if(obj.libelle.value==""){
alert('Veuillez indiquer un libelle');
} else {
$myext4 = "null";
}
}
if ($_FILES["ext5"]["tmp_name"] != "") {
$myext5 = "'" . getext($_FILES["ext5"]["name"]) . "'";
} else {
if ($_POST["ext5"] != "") {
$myext5 = "'" . $_POST["ext5"] . "'";
} else {
$myext5 = "null";
}
}
$szQuery = "insert into {$table} (titre1,titre2,titre3,titre4,titre5,abstract,contenu,date_actu,date_fin,ext,version_id,contenu_id,ext2,note,abstratc2,abstract3,abstract4,abstract5,ext3,ext4,twitter,tva_id,fournisseur_id,note1,note2,note3,note4,archive,envoye,titleseo,abstractseo,robotseo,ext5)\r\n values ('" . addquote($_POST["titre1"]) . "','" . addquote($_POST["titre2"]) . "','" . addquote($_POST["titre3"]) . "','" . addquote($_POST["titre4"]) . "','" . addquote($_POST["titre5"]) . "',\r\n '" . addquote($_POST["abstract"]) . "','" . addquote($_POST["contenu"]) . "','" . datetimebdd($_POST["date_actu"]) . "','" . datetimebdd($_POST["date_fin"]) . "',{$myext}," . $_POST["version_id"] . ",\r\n " . $contenu_id . ",{$myext2},'" . $_POST["note"] . "','" . addquote($_POST["abstract2"]) . "','" . addquote($_POST["abstract3"]) . "','" . addquote($_POST["abstract4"]) . "','" . addquote($_POST["abstract5"]) . "',{$myext3},{$myext4},\r\n '" . addquote($_POST["twitter"]) . "','" . addquote($_POST["tva_id"]) . "','" . addquote($_POST["fournisseur_id"]) . "','" . addquote($_POST["note1"]) . "','" . addquote($_POST["note2"]) . "',\r\n '" . addquote($_POST["note3"]) . "','" . addquote($_POST["note4"]) . "','" . addquote($_POST["archive"]) . "','" . addquote($_POST["envoye"]) . "','" . addquote($_POST["titleseo"]) . "','" . addquote($_POST["abstractseo"]) . "','" . addquote($_POST["robotseo"]) . "',{$myext5})";
$link = query($szQuery);
$id = insert_id();
$content_id = $id;
$_GET['id'] = $id;
createdefault("ext", $table, $id);
createdefault("ext2", $table . "2_", $id);
createdefault("ext3", $table . "3_", $id);
createdefault("ext4", $table . "4_", $id);
createdefault("ext5", $table . "5_", $id);
if ($_FILES["ext2"]["tmp_name"] != "") {
$myext2 = savefile("ext2", $table . "2_", $content_id);
}
if ($_FILES["ext"]["tmp_name"] != "") {
$myext = savefile("ext", $table, $content_id);
}
if ($_FILES["ext3"]["tmp_name"] != "") {
$myext3 = savefile("ext3", $table . "3_", $content_id);
<?php
require "../../require/function.php";
require "../../require/back_include.php";
set_time_limit(3600);
if ($_POST["titre"] != "") {
$sql = "insert into " . __racinebd__ . "list_val (titre,val) \r\n value('" . addquote($_POST["titre"]) . "','" . addquote($_POST["val"]) . "')";
$link = query($sql);
$val_id = insert_id();
?>
<script>
content='<table width="100%" style="border-bottom:1px solid black" id="table_val_<?php
echo $val_id;
?>
">';
content+='<input type="hidden" name="listvals[]" value="<?php
echo $val_id;
?>
"/>';
content+='<input type="hidden" name="listtitre[]" value="<?php
echo $_POST["titre1"];
?>
"/>';
content+='<input type="hidden" name="listval[]" value="<?php
echo $_POST["val"];
?>
"/>';
content+='<input type="hidden" id="val_<?php
echo $val_id;
?>
" name="val_<?php
} else {
if ($_POST["save"] == "yes") {
switch ($_GET["mode"]) {
case "suppr":
$txtmsg = "L'utilisateurs a été supprimé";
//suppression de l'application sur gpsgate
$szQuery = "update {$table} set supprimer=1 where " . $tablekey . "='" . $_GET["id"] . "'";
break;
case "ajout":
$txtmsg = "L'utilisateurs a été ajouté";
//verification si le username est déjà utilisé
//$sql="select * from $table where ".$tablekey."='".$_GET["id"]."'";
//creation d'une liaison phantom_usergps
$sql = "insert into " . __racinebd__ . "usergps (tel,name,email,password,username,date_creation,compte_id) values('" . addquote($_POST["tel"]) . "','" . addquote($_POST["name"]) . "','" . addquote($_POST["email"]) . "','" . md5($_POST["password"]) . "','" . addquote($_POST["username"]) . "',now(),'" . $_GET["pere"] . "')";
query($sql);
$usergpd_id = insert_id();
//creation des droits par defaut
//modules
$sql = "select * from " . __racinebd__ . "module";
$link = query($sql);
while ($tbl = fetch($link)) {
$sql = "insert into " . __racinebd__ . "module_usersgps (module_id,usergps_id) values('" . $tbl["module_id"] . "','" . $usergpd_id . "')";
query($sql);
}
//jours
$sql = "select * from " . __racinebd__ . "jour";
$link = query($sql);
while ($tbl = fetch($link)) {
$sql = "insert into " . __racinebd__ . "jour_usersgps (jour_id,usergps_id) values('" . $tbl["jour_id"] . "','" . $usergpd_id . "')";
query($sql);
}
$filename1 = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext1"]["name"]);
$filename2 = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext2"]["name"]);
//if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){
//sauvegarde en base
$ext1 = getext($_FILES["ext1"]["name"]);
$ext2 = getext($_FILES["ext2"]["name"]);
/*if(PHANTOM_FULLTEXT==true){
$contenu1=addslashes(extract2tmpfile($ext1,$_FILES["ext1"]["tmp_name"]));
$contenu2=addslashes(extract2tmpfile($ext2,$_FILES["ext2"]["tmp_name"]));
}else{
$contenu1=addquote($_POST["description_fichier1"]);
$contenu2=addquote($_POST["description_fichier2"]);
}*/
$sql = "insert into " . __racinebd__ . "list_images (titre1,ext1,nom_fichier1,titre2,ext2,nom_fichier2,lightbox,contenulightbox) \r\n value('" . addquote($_POST["titre_fichier1"]) . "','" . $ext1 . "','" . $filename1 . "','" . addquote($_POST["titre_fichier2"]) . "','" . $ext2 . "','" . $filename2 . "','" . $_POST["lightbox"] . "','" . $_POST["contenu"] . "')";
$link = query($sql);
$images_id = insert_id();
savefile("ext1", __racinebd__ . "list_images", $images_id);
savefile("ext2", __racinebd__ . "list_images2_", $images_id);
?>
<script>
content='<table width="100%" style="border-bottom:1px solid black" id="table_images_<?php
echo $images_id;
?>
">';
content+='<input type="hidden" name="listimages[]" value="<?php
echo $images_id;
?>
"/>';
content+='<textarea name="listimagescontenu[]" style="display:none"><?php
echo str_replace(array("\r\n", "\n", "\r"), "", str_replace("'", "\\'", $_POST["contenu"]));
?>
function updateContent($content_id, $arbre_id, $langue_id)
{
//recherche du contenu_id
$requete_select_contenu = "select contenu_id,shortlib from " . __racinebd__ . "contenu c inner join " . __racinebd__ . "langue l on c.langue_id=l.langue_id where arbre_id = " . $arbre_id . " and l.langue_id!=" . $langue_id;
$link_select_contenu = query($requete_select_contenu);
$requete_select_content = "select * from " . __racinebd__ . "content where content_id = " . $content_id;
$link_select_content = query($requete_select_content);
$ligne_select_content = fetch($link_select_content);
//print_r($_POST);
//$result = mysql_query("select * from table");
$listfile = array();
while ($ligne_select_contenu = fetch($link_select_contenu)) {
//$requete="insert into ".__racinebd__."content ";
$listchamps = array();
$listvalue = array();
$listext = array();
//$listchamps[]="contenu_id";
//$listvalue[]=$ligne_select_contenu["contenu_id"];
for ($i = 0; $i < mysql_num_fields($link_select_content); $i++) {
if (mysql_field_name($link_select_content, $i) != "content_id" && mysql_field_name($link_select_content, $i) != "contenu_id") {
$champs = mysql_field_name($link_select_content, $i);
if (strpos($champs, "ext") === false) {
if ($_POST[$champs . "___" . $ligne_select_contenu["shortlib"]] != "") {
$value = "'" . addslashes($_POST[$champs . "___" . $ligne_select_contenu["shortlib"]]) . "'";
} else {
$value = "'" . addslashes($ligne_select_content[$champs]) . "'";
}
$listchamps[] = $champs . "=" . $value;
} else {
//print $champs."___".$ligne_select_contenu["shortlib"]." : ".$_FILES[$champs."___".$ligne_select_contenu["shortlib"]];
//print_r($_FILES);
if (isset($_FILES[$champs . "___" . $ligne_select_contenu["shortlib"]])) {
//$numext=explode("___",$champs);
//sauvegarde du fichier
/*
if(strlen($numext[0])>3){
$numext=substr($numext[0],-1);
*/
//print "ici";
if (strlen($champs) > 3) {
$numext = substr($champs, -1);
//print $numext;
$listfile[] = array($champs . "___" . $ligne_select_contenu["shortlib"], __racinebd__ . "content" . $numext . "_");
} else {
$listfile[] = array($champs . "___" . $ligne_select_contenu["shortlib"], __racinebd__ . "content");
}
//$value=($_POST[$champs."___".$ligne_select_contenu["shortlib"]]=="")?"null":"'".$_POST[$champs."___".$ligne_select_contenu["shortlib"]]."'";
$value = $_FILES[$champs . "___" . $ligne_select_contenu["shortlib"]]["name"] != "" ? "'" . getext($_FILES[$champs . "___" . $ligne_select_contenu["shortlib"]]["name"]) . "'" : "null";
} else {
$value = $ligne_select_content[$champs] == "" ? "null" : "'" . $ligne_select_content[$champs] . "'";
$listext[] = $champs;
}
if ($_POST[$champs . "___" . $ligne_select_contenu["shortlib"] . "_chk"] == 1) {
$listchamps[] = $champs . "=null";
} else {
if ($value != "null") {
$listchamps[] = $champs . "=" . $value;
}
}
}
}
}
$requete_update_content = "update " . __racinebd__ . "content set " . implode(",", $listchamps) . " where contenu_id=" . $ligne_select_contenu["contenu_id"];
//print $requete_insert_content;
//echo $requete_insert_content;
$link = query($requete_update_content);
//verification que la mise ajour a été effectué sinon on crée un enregistrement
$sql = "select * from " . __racinebd__ . "content where contenu_id=" . $ligne_select_contenu["contenu_id"];
$link = query($sql);
if (num_rows($link) == 0) {
copyContent($content_id, $arbre_id, $langue_id, $ligne_select_contenu["langue_id"]);
} else {
$tbl = fetch($link);
/*
print_r($listfile);
print_r($listext);
*/
//sauvegarde des fichiers différents
for ($j = 0; $j < count($listfile); $j++) {
savefile($listfile[$j][0], $listfile[$j][1], $tbl["content_id"]);
}
$dernier_ajout_content = $tbl["content_id"];
//a faire pour l'update
//print_r($listext);
for ($listextindice = 0; $listextindice < count($listext); $listextindice++) {
$suffixe = strlen($listext[$listextindice]) > 3 ? substr($listext[$listextindice], -1) . "_" : "";
//$suffixe=($listextindice==0)?"":($listextindice+1)."_";
//print $_SERVER["DOCUMENT_ROOT"].__uploaddir__.__racinebd__.'content'.$suffixe.$ligne_select_content['content_id'].'.'.$ligne_select_content[$listext[$listextindice]]."<br>";
@copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'content' . $suffixe . $ligne_select_content['content_id'] . '.' . $ligne_select_content[$listext[$listextindice]], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'content' . $suffixe . $dernier_ajout_content . '.' . $ligne_select_content[$listext[$listextindice]]);
@copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . __racinebd__ . 'content' . $suffixe . $ligne_select_content['content_id'] . '.' . $ligne_select_content[$listext[$listextindice]], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . __racinebd__ . 'content' . $suffixe . $dernier_ajout_content . '.' . $ligne_select_content[$listext[$listextindice]]);
for ($i = 0; $i < 5; $i++) {
@copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . $i . __racinebd__ . 'content' . $suffixe . $ligne_select_content['content_id'] . '.' . $ligne_select_content[$listext[$listextindice]], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . $i . __racinebd__ . 'content' . $suffixe . $dernier_ajout_content . '.' . $ligne_select_content[$listext[$listextindice]]);
}
}
$requete_select_fichier = "select * from " . __racinebd__ . "fichiers where content_id = " . $ligne_select_content['content_id'] . " and supprimer=0";
$link_select_fichier = query($requete_select_fichier);
while ($ligne_select_fichier = fetch($link_select_fichier)) {
$requete_insert_fichier = "insert into " . __racinebd__ . "fichiers (content_id,titre,abstract,ext,nom_fichier,supprimer,contenu) values (\r\n " . $dernier_ajout_content . ",\r\n '" . addslashes($ligne_select_fichier['titre']) . "',\r\n '" . addslashes($ligne_select_fichier['abstract']) . "',\r\n " . ($ligne_select_fichier['ext'] == "" ? "null" : "'" . $ligne_select_fichier['ext'] . "'") . ",\r\n '" . addslashes($ligne_select_fichier['nom_fichier']) . "',\r\n " . $ligne_select_fichier['supprimer'] . ",\r\n '" . addslashes($ligne_select_fichier['contenu']) . "'\r\n )";
$link_insert_fichier = query($requete_insert_fichier);
$dernier_ajout_fichier = insert_id();
copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'fichiers' . $ligne_select_fichier['fichiers_id'] . '.' . $ligne_select_fichier['ext'], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'fichiers' . $dernier_ajout_fichier . '.' . $ligne_select_fichier['ext']);
}
}
}
}
<?php
include "../include/config.php";
$post_get = new GetVarClass();
$email = $post_get->getemail("email");
if (!$email) {
die("Отправить сообщение невозможно: введите корректный e-mail. ");
}
$editorid = loginbycookie();
if (!canEdit($editorid, $email)) {
die("У вас недостаточно прав доступа, чтобы отправить сообщение {$email}. ");
}
$userid = (int) emailToId($email);
$message = $post_get->getvar("message");
$sql = "INSERT INTO " . PREF . "messages (userid, authorid)\n\tVALUE ({$userid}, {$editorid})";
query($sql);
$message_id = insert_id();
$sql = "UPDATE " . PREF . "messages\n\tSET message='{$message}'\n\tWHERE id={$message_id}\n\tLIMIT 1";
query($sql);
$message_out = nl2br(db_unescape($message));
$link = $_SERVER["HTTP_HOST"] . "/edit.php?" . http_build_query(["email" => $email]);
if ($editorid == $userid) {
markUnread($userid);
// send_mail_to_admin("$name написал сообщение", "$message_out <br /><a href=\"$link\">Ответить</a>");
} else {
send_mail_by_userid($userid, "Мастер написал сообщение", "{$message_out} <br /><a href=\"{$link}\">Ответить</a>");
}
function importarbre($tab, $arbre_id)
{
$arbre_id = $arbre_id == "root1" ? "" : $arbre_id;
foreach ($tab as $key => $value) {
//print $value."<br>";
$tabkey = array();
$tabvalue = array();
foreach ($value as $key2 => $value2) {
//print $key2."<br>";
if (!is_array($value2)) {
$tabkey[] = $key2;
$tabvalue[] = "'" . str_replace("'", "\\'", $value2) . "'";
}
}
if ($arbre_id != "") {
//on regarde le pere et le root
$sql = "select root from " . __racinebd__ . "arbre where arbre_id=" . $arbre_id;
$link = query($sql);
$tbl_result = fetch($link);
if ($tbl_result["root"] == "") {
$sql = "insert into " . __racinebd__ . "arbre (" . implode(",", $tabkey) . ",pere,root) values (" . implode(",", $tabvalue) . "," . $arbre_id . "," . $arbre_id . ")";
} else {
$sql = "insert into " . __racinebd__ . "arbre (" . implode(",", $tabkey) . ",pere,root) values (" . implode(",", $tabvalue) . "," . $arbre_id . "," . $tbl_result["root"] . ")";
}
} else {
$sql = "insert into " . __racinebd__ . "arbre (" . implode(",", $tabkey) . ") values (" . implode(",", $tabvalue) . ")";
}
//print $sql."<br>";
$link = query($sql);
$arbre_id = insert_id();
if (is_array($value["contenu"])) {
if (is_array($value["contenu"][0])) {
for ($i = 0; $i < count($value["contenu"]); $i++) {
$contenu_id = contenuarbre($value["contenu"][$j], $arbre_id);
if (is_array($value["contenu"]["content"])) {
if (is_array($value["contenu"]["content"][0])) {
for ($j = 0; $j < count($value["contenu"]["content"]); $j++) {
contentarbre($value["contenu"]["content"][$j], $contenu_id);
}
} else {
contentarbre($value["contenu"]["content"], $contenu_id);
}
}
}
} else {
$contenu_id = contenuarbre($value["contenu"], $arbre_id);
if (is_array($value["contenu"]["content"])) {
if (is_array($value["contenu"]["content"][0])) {
for ($j = 0; $j < count($value["contenu"]["content"]); $j++) {
contentarbre($value["contenu"]["content"][$j], $contenu_id);
}
} else {
contentarbre($value["contenu"]["content"], $contenu_id);
}
}
}
}
if (is_array($value["childs"])) {
if ($value["childs"]["arbre"] == "") {
for ($i = 0; $i < count($value["childs"]); $i++) {
//print $value["childs"][$i]."ici";
if (is_array($value["childs"][$i])) {
importarbre($value["childs"][$i], $arbre_id);
}
}
} else {
importarbre($value["childs"], $arbre_id);
}
}
}
}
$link2 = query($sql);
//if(num_rows($link2)==0&&$tablelem[5]!=""){
if (num_rows($link2) == 0) {
$compte_id = $tbl["compte_id"];
$sql = "select max(id) as maxid from devices";
$link = query($sql);
$tbl = fetch($link);
$sql = "insert into devices (name,uniqueId) \r\n values('Device" . ($tbl["maxid"] + 1) . "','" . addslashes($tablelem[4]) . "')";
//print $sql."<br>";
query($sql);
$id = insert_id();
$sql = "INSERT INTO users_devices (users_id, devices_id) VALUES ('1', {$id})";
//query($sql);
$szQuery = "insert into " . __racinebd__ . "device (devices_id,type_device_id,IMEI,serialnumber,nomvehicule,telboitier,compte_id,date_creation,unitid,immatriculation) \r\n values('" . $id . "',1,'" . addslashes($tablelem[4]) . "','" . addslashes($tablelem[4]) . "','" . addslashes($tablelem[2]) . "','+" . addslashes($tablelem[5]) . "','" . $compte_id . "',now(),'" . addquote($tablelem[4]) . "','" . addquote($tablelem[3]) . "')";
//query($sql);
//print $szQuery."<br>";
query($szQuery);
$device_id = insert_id();
//device phantom_usergps_device
$sql = "select * from " . __racinebd__ . "usergps where compte_id=" . $compte_id;
$link_device = query($sql);
while ($tbl_device = fetch($link_device)) {
$sql = "insert into " . __racinebd__ . "usergps_device (device_id,usergps_id) values('" . $device_id . "','" . $tbl_device["usergps_id"] . "')";
//print $sql."<br>";
query($sql);
}
}
} else {
print "erreur compte '" . addslashes($tablelem[0]) . "' non trouvé<br>";
}
}
$post_get = new GetVarClass();
$email = $post_get->getemail("email");
$c = $post_get->getint("c");
$chash = $post_get->getvar("chash");
if (!$email) {
die("Регистрация невозможна: введите корректный e-mail. ");
}
if (antispamhash($c) != $chash) {
die("Регистрация невозможна: анти-спам тест не пройден. ");
}
$userid = emailToId($email);
if ($userid) {
$text = <<<EOT
E-mail {$email} уже зарегистрирован. На всякий случай мы отправили вам ваш пароль на почту еще раз.
<br />
Воспользуйтесь <a href="/#login">формой входа</a> на главной странице.
<br />
По техническим вопросам обращайтесь к Бодигриму (andrew.lelechenko@gmail.com, skype bodigrim).
EOT;
echo $text;
remindPassword($userid);
die;
}
$password = randomPassword();
$hash = bcrypt($password);
$sql = "INSERT INTO " . PREF . "users (email, pw, pwhash, active)\n\tVALUE ('{$email}', '{$password}', '{$hash}', 1)";
query($sql);
$userid = insert_id();
remindPassword($userid);
set_login_cookies($userid, $email, $hash);
redirect("/edit.php?" . http_build_query(["email" => $email]));
if ($_FILES["ext"]["tmp_name"] != "") {
//creation du repertoire tmp
//@mkdir ($_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id'], 0775);
//deplacement du fichier
//move_uploaded_file($_FILES[ext]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$_FILES["ext"]["name"]);
//$filename=preg_replace('/[^a-z0-9_\-\.]/i', '_', $_FILES["ext"]["name"]);
$filename = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext"]["name"]);
$filename = makename($_FILES["ext"]["name"]);
//if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){
//sauvegarde en base
$ext = getext($_FILES["ext"]["name"]);
//$sql="insert into ".__racinebd__."fichiers (titre,abstract,ext,nom_fichier,contenu) value('".addquote($_POST["titre_fichier"])."','".addquote($_POST["description_fichier"])."','".$ext."','".$filename."','".$contenu."')";
$sql = "insert into " . __racinebd__ . "fichiers (titre,abstract,ext,nom_fichier) value('" . addquote($_POST["titre_fichier"]) . "','" . addquote($_POST["description_fichier"]) . "','" . $ext . "','" . addquote($filename) . "')";
//print $sql;
$link = query($sql);
$fichiers_id = insert_id();
savefile("ext", __racinebd__ . "fichiers", $fichiers_id);
//print $_SERVER["DOCUMENT_ROOT"].__uploaddir__.__racinebd__."fichiers".$fichiers_id.".".$ext;
if (PHANTOM_FULLTEXT == true) {
$contenu = addslashes(extract2tmpfile($ext, $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . "fichiers" . $fichiers_id . "." . $ext));
}
if ($contenu == '') {
$contenu = addquote($_POST["description_fichier"]);
}
$sql = "update " . __racinebd__ . "fichiers set contenu='" . $contenu . "' where fichiers_id=" . $fichiers_id;
query($sql);
?>
<script>
content='<table width="100%" style="border-bottom:1px solid black" id="table_fichier_<?php
echo $fichiers_id;
?>