function create_status($req) { $source = source_lookup_auth($req->authenticator); if (!$source) { error("auth failure"); return; } $req->source_id = $source->id; if (!status_insert($req)) { error(db_error()); return; } $reply = success(); $reply->id = insert_id(); echo json_encode($reply); }
require "../../require/function.php"; require "../../require/back_include.php"; set_time_limit(3600); if ($_POST["prix"] != "") { //creation du repertoire tmp //@mkdir ($_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id'], 0775); //deplacement du fichier //move_uploaded_file($_FILES[ext]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$_FILES["ext"]["name"]); $filename = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext"]["name"]); //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $ext = getext($_FILES["ext"]["name"]); $sql = "insert into " . __racinebd__ . "prix (montant,quantite,ref) value('" . addquote($_POST["prix"]) . "','" . addquote($_POST["quantite"]) . "','" . addquote($_POST["ref"]) . "')"; $link = query($sql); $prix_id = insert_id(); $querystring = "select * from " . __racinebd__ . "attribut where supprimer=0 order by libelle"; $link = query($querystring); while ($tbl = fetch($link)) { //print "attr_".$tbl["attribut_id"]."<br>"; //print $_POST["attr_".$tbl["attribut_id"]]; if ($_POST["attr_" . $tbl["attribut_id"]] != "" && $_POST["attr_" . $tbl["attribut_id"]] != -1) { $sql = "insert into " . __racinebd__ . "valeur_prix (valeur_id,prix_id,attribut_id) value('" . addquote($_POST["attr_" . $tbl["attribut_id"]]) . "','" . $prix_id . "','" . $tbl["attribut_id"] . "')"; query($sql); } } ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_prix_<?php echo $prix_id; ?>
<?php require "../../require/function.php"; require "../../require/back_include.php"; set_time_limit(3600); if ($_POST["libelle"] != "") { $sql = "select max(ordre) as maxordre from " . __racinebd__ . "devisline where supprimer=0 and devis_id=" . $_GET["id"]; $link = query($sql); $tbl = fetch($link); $sql = "insert into " . __racinebd__ . "devisline (devis_id,libelle,montant,ordre) \r\n value('" . addquote($_GET["id"]) . "','" . addquote($_POST["libelle"]) . "','" . str_replace(",", ".", addquote($_POST["montant"])) . "','" . ($tbl["maxordre"] + 1) . "')"; $link = query($sql); $mmontant_id = insert_id(); ?> <script> //rafraichissement de la liste //alert(top.listidmontantiframelist.location) if(top.listidmontantiframelist.contentWindow) top.listidmontantiframelist.contentWindow.location.reload(true); else top.listidmontantiframelist.location.reload(true); </script> <?php } ?> <html> <head> <META http-equiv="Content-Type" Content="text/html; charset=UTF-8"> <script> function validateForm(obj){ if(obj.libelle.value==""){ alert('Veuillez indiquer un libelle');
} else { $myext4 = "null"; } } if ($_FILES["ext5"]["tmp_name"] != "") { $myext5 = "'" . getext($_FILES["ext5"]["name"]) . "'"; } else { if ($_POST["ext5"] != "") { $myext5 = "'" . $_POST["ext5"] . "'"; } else { $myext5 = "null"; } } $szQuery = "insert into {$table} (titre1,titre2,titre3,titre4,titre5,abstract,contenu,date_actu,date_fin,ext,version_id,contenu_id,ext2,note,abstratc2,abstract3,abstract4,abstract5,ext3,ext4,twitter,tva_id,fournisseur_id,note1,note2,note3,note4,archive,envoye,titleseo,abstractseo,robotseo,ext5)\r\n values ('" . addquote($_POST["titre1"]) . "','" . addquote($_POST["titre2"]) . "','" . addquote($_POST["titre3"]) . "','" . addquote($_POST["titre4"]) . "','" . addquote($_POST["titre5"]) . "',\r\n '" . addquote($_POST["abstract"]) . "','" . addquote($_POST["contenu"]) . "','" . datetimebdd($_POST["date_actu"]) . "','" . datetimebdd($_POST["date_fin"]) . "',{$myext}," . $_POST["version_id"] . ",\r\n " . $contenu_id . ",{$myext2},'" . $_POST["note"] . "','" . addquote($_POST["abstract2"]) . "','" . addquote($_POST["abstract3"]) . "','" . addquote($_POST["abstract4"]) . "','" . addquote($_POST["abstract5"]) . "',{$myext3},{$myext4},\r\n '" . addquote($_POST["twitter"]) . "','" . addquote($_POST["tva_id"]) . "','" . addquote($_POST["fournisseur_id"]) . "','" . addquote($_POST["note1"]) . "','" . addquote($_POST["note2"]) . "',\r\n '" . addquote($_POST["note3"]) . "','" . addquote($_POST["note4"]) . "','" . addquote($_POST["archive"]) . "','" . addquote($_POST["envoye"]) . "','" . addquote($_POST["titleseo"]) . "','" . addquote($_POST["abstractseo"]) . "','" . addquote($_POST["robotseo"]) . "',{$myext5})"; $link = query($szQuery); $id = insert_id(); $content_id = $id; $_GET['id'] = $id; createdefault("ext", $table, $id); createdefault("ext2", $table . "2_", $id); createdefault("ext3", $table . "3_", $id); createdefault("ext4", $table . "4_", $id); createdefault("ext5", $table . "5_", $id); if ($_FILES["ext2"]["tmp_name"] != "") { $myext2 = savefile("ext2", $table . "2_", $content_id); } if ($_FILES["ext"]["tmp_name"] != "") { $myext = savefile("ext", $table, $content_id); } if ($_FILES["ext3"]["tmp_name"] != "") { $myext3 = savefile("ext3", $table . "3_", $content_id);
<?php require "../../require/function.php"; require "../../require/back_include.php"; set_time_limit(3600); if ($_POST["titre"] != "") { $sql = "insert into " . __racinebd__ . "list_val (titre,val) \r\n value('" . addquote($_POST["titre"]) . "','" . addquote($_POST["val"]) . "')"; $link = query($sql); $val_id = insert_id(); ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_val_<?php echo $val_id; ?> ">'; content+='<input type="hidden" name="listvals[]" value="<?php echo $val_id; ?> "/>'; content+='<input type="hidden" name="listtitre[]" value="<?php echo $_POST["titre1"]; ?> "/>'; content+='<input type="hidden" name="listval[]" value="<?php echo $_POST["val"]; ?> "/>'; content+='<input type="hidden" id="val_<?php echo $val_id; ?> " name="val_<?php
} else { if ($_POST["save"] == "yes") { switch ($_GET["mode"]) { case "suppr": $txtmsg = "L'utilisateurs a été supprimé"; //suppression de l'application sur gpsgate $szQuery = "update {$table} set supprimer=1 where " . $tablekey . "='" . $_GET["id"] . "'"; break; case "ajout": $txtmsg = "L'utilisateurs a été ajouté"; //verification si le username est déjà utilisé //$sql="select * from $table where ".$tablekey."='".$_GET["id"]."'"; //creation d'une liaison phantom_usergps $sql = "insert into " . __racinebd__ . "usergps (tel,name,email,password,username,date_creation,compte_id) values('" . addquote($_POST["tel"]) . "','" . addquote($_POST["name"]) . "','" . addquote($_POST["email"]) . "','" . md5($_POST["password"]) . "','" . addquote($_POST["username"]) . "',now(),'" . $_GET["pere"] . "')"; query($sql); $usergpd_id = insert_id(); //creation des droits par defaut //modules $sql = "select * from " . __racinebd__ . "module"; $link = query($sql); while ($tbl = fetch($link)) { $sql = "insert into " . __racinebd__ . "module_usersgps (module_id,usergps_id) values('" . $tbl["module_id"] . "','" . $usergpd_id . "')"; query($sql); } //jours $sql = "select * from " . __racinebd__ . "jour"; $link = query($sql); while ($tbl = fetch($link)) { $sql = "insert into " . __racinebd__ . "jour_usersgps (jour_id,usergps_id) values('" . $tbl["jour_id"] . "','" . $usergpd_id . "')"; query($sql); }
$filename1 = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext1"]["name"]); $filename2 = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext2"]["name"]); //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $ext1 = getext($_FILES["ext1"]["name"]); $ext2 = getext($_FILES["ext2"]["name"]); /*if(PHANTOM_FULLTEXT==true){ $contenu1=addslashes(extract2tmpfile($ext1,$_FILES["ext1"]["tmp_name"])); $contenu2=addslashes(extract2tmpfile($ext2,$_FILES["ext2"]["tmp_name"])); }else{ $contenu1=addquote($_POST["description_fichier1"]); $contenu2=addquote($_POST["description_fichier2"]); }*/ $sql = "insert into " . __racinebd__ . "list_images (titre1,ext1,nom_fichier1,titre2,ext2,nom_fichier2,lightbox,contenulightbox) \r\n value('" . addquote($_POST["titre_fichier1"]) . "','" . $ext1 . "','" . $filename1 . "','" . addquote($_POST["titre_fichier2"]) . "','" . $ext2 . "','" . $filename2 . "','" . $_POST["lightbox"] . "','" . $_POST["contenu"] . "')"; $link = query($sql); $images_id = insert_id(); savefile("ext1", __racinebd__ . "list_images", $images_id); savefile("ext2", __racinebd__ . "list_images2_", $images_id); ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_images_<?php echo $images_id; ?> ">'; content+='<input type="hidden" name="listimages[]" value="<?php echo $images_id; ?> "/>'; content+='<textarea name="listimagescontenu[]" style="display:none"><?php echo str_replace(array("\r\n", "\n", "\r"), "", str_replace("'", "\\'", $_POST["contenu"])); ?>
function updateContent($content_id, $arbre_id, $langue_id) { //recherche du contenu_id $requete_select_contenu = "select contenu_id,shortlib from " . __racinebd__ . "contenu c inner join " . __racinebd__ . "langue l on c.langue_id=l.langue_id where arbre_id = " . $arbre_id . " and l.langue_id!=" . $langue_id; $link_select_contenu = query($requete_select_contenu); $requete_select_content = "select * from " . __racinebd__ . "content where content_id = " . $content_id; $link_select_content = query($requete_select_content); $ligne_select_content = fetch($link_select_content); //print_r($_POST); //$result = mysql_query("select * from table"); $listfile = array(); while ($ligne_select_contenu = fetch($link_select_contenu)) { //$requete="insert into ".__racinebd__."content "; $listchamps = array(); $listvalue = array(); $listext = array(); //$listchamps[]="contenu_id"; //$listvalue[]=$ligne_select_contenu["contenu_id"]; for ($i = 0; $i < mysql_num_fields($link_select_content); $i++) { if (mysql_field_name($link_select_content, $i) != "content_id" && mysql_field_name($link_select_content, $i) != "contenu_id") { $champs = mysql_field_name($link_select_content, $i); if (strpos($champs, "ext") === false) { if ($_POST[$champs . "___" . $ligne_select_contenu["shortlib"]] != "") { $value = "'" . addslashes($_POST[$champs . "___" . $ligne_select_contenu["shortlib"]]) . "'"; } else { $value = "'" . addslashes($ligne_select_content[$champs]) . "'"; } $listchamps[] = $champs . "=" . $value; } else { //print $champs."___".$ligne_select_contenu["shortlib"]." : ".$_FILES[$champs."___".$ligne_select_contenu["shortlib"]]; //print_r($_FILES); if (isset($_FILES[$champs . "___" . $ligne_select_contenu["shortlib"]])) { //$numext=explode("___",$champs); //sauvegarde du fichier /* if(strlen($numext[0])>3){ $numext=substr($numext[0],-1); */ //print "ici"; if (strlen($champs) > 3) { $numext = substr($champs, -1); //print $numext; $listfile[] = array($champs . "___" . $ligne_select_contenu["shortlib"], __racinebd__ . "content" . $numext . "_"); } else { $listfile[] = array($champs . "___" . $ligne_select_contenu["shortlib"], __racinebd__ . "content"); } //$value=($_POST[$champs."___".$ligne_select_contenu["shortlib"]]=="")?"null":"'".$_POST[$champs."___".$ligne_select_contenu["shortlib"]]."'"; $value = $_FILES[$champs . "___" . $ligne_select_contenu["shortlib"]]["name"] != "" ? "'" . getext($_FILES[$champs . "___" . $ligne_select_contenu["shortlib"]]["name"]) . "'" : "null"; } else { $value = $ligne_select_content[$champs] == "" ? "null" : "'" . $ligne_select_content[$champs] . "'"; $listext[] = $champs; } if ($_POST[$champs . "___" . $ligne_select_contenu["shortlib"] . "_chk"] == 1) { $listchamps[] = $champs . "=null"; } else { if ($value != "null") { $listchamps[] = $champs . "=" . $value; } } } } } $requete_update_content = "update " . __racinebd__ . "content set " . implode(",", $listchamps) . " where contenu_id=" . $ligne_select_contenu["contenu_id"]; //print $requete_insert_content; //echo $requete_insert_content; $link = query($requete_update_content); //verification que la mise ajour a été effectué sinon on crée un enregistrement $sql = "select * from " . __racinebd__ . "content where contenu_id=" . $ligne_select_contenu["contenu_id"]; $link = query($sql); if (num_rows($link) == 0) { copyContent($content_id, $arbre_id, $langue_id, $ligne_select_contenu["langue_id"]); } else { $tbl = fetch($link); /* print_r($listfile); print_r($listext); */ //sauvegarde des fichiers différents for ($j = 0; $j < count($listfile); $j++) { savefile($listfile[$j][0], $listfile[$j][1], $tbl["content_id"]); } $dernier_ajout_content = $tbl["content_id"]; //a faire pour l'update //print_r($listext); for ($listextindice = 0; $listextindice < count($listext); $listextindice++) { $suffixe = strlen($listext[$listextindice]) > 3 ? substr($listext[$listextindice], -1) . "_" : ""; //$suffixe=($listextindice==0)?"":($listextindice+1)."_"; //print $_SERVER["DOCUMENT_ROOT"].__uploaddir__.__racinebd__.'content'.$suffixe.$ligne_select_content['content_id'].'.'.$ligne_select_content[$listext[$listextindice]]."<br>"; @copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'content' . $suffixe . $ligne_select_content['content_id'] . '.' . $ligne_select_content[$listext[$listextindice]], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'content' . $suffixe . $dernier_ajout_content . '.' . $ligne_select_content[$listext[$listextindice]]); @copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . __racinebd__ . 'content' . $suffixe . $ligne_select_content['content_id'] . '.' . $ligne_select_content[$listext[$listextindice]], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . __racinebd__ . 'content' . $suffixe . $dernier_ajout_content . '.' . $ligne_select_content[$listext[$listextindice]]); for ($i = 0; $i < 5; $i++) { @copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . $i . __racinebd__ . 'content' . $suffixe . $ligne_select_content['content_id'] . '.' . $ligne_select_content[$listext[$listextindice]], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . 'tbl_' . $i . __racinebd__ . 'content' . $suffixe . $dernier_ajout_content . '.' . $ligne_select_content[$listext[$listextindice]]); } } $requete_select_fichier = "select * from " . __racinebd__ . "fichiers where content_id = " . $ligne_select_content['content_id'] . " and supprimer=0"; $link_select_fichier = query($requete_select_fichier); while ($ligne_select_fichier = fetch($link_select_fichier)) { $requete_insert_fichier = "insert into " . __racinebd__ . "fichiers (content_id,titre,abstract,ext,nom_fichier,supprimer,contenu) values (\r\n " . $dernier_ajout_content . ",\r\n '" . addslashes($ligne_select_fichier['titre']) . "',\r\n '" . addslashes($ligne_select_fichier['abstract']) . "',\r\n " . ($ligne_select_fichier['ext'] == "" ? "null" : "'" . $ligne_select_fichier['ext'] . "'") . ",\r\n '" . addslashes($ligne_select_fichier['nom_fichier']) . "',\r\n " . $ligne_select_fichier['supprimer'] . ",\r\n '" . addslashes($ligne_select_fichier['contenu']) . "'\r\n )"; $link_insert_fichier = query($requete_insert_fichier); $dernier_ajout_fichier = insert_id(); copy($_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'fichiers' . $ligne_select_fichier['fichiers_id'] . '.' . $ligne_select_fichier['ext'], $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . 'fichiers' . $dernier_ajout_fichier . '.' . $ligne_select_fichier['ext']); } } } }
<?php include "../include/config.php"; $post_get = new GetVarClass(); $email = $post_get->getemail("email"); if (!$email) { die("Отправить сообщение невозможно: введите корректный e-mail. "); } $editorid = loginbycookie(); if (!canEdit($editorid, $email)) { die("У вас недостаточно прав доступа, чтобы отправить сообщение {$email}. "); } $userid = (int) emailToId($email); $message = $post_get->getvar("message"); $sql = "INSERT INTO " . PREF . "messages (userid, authorid)\n\tVALUE ({$userid}, {$editorid})"; query($sql); $message_id = insert_id(); $sql = "UPDATE " . PREF . "messages\n\tSET message='{$message}'\n\tWHERE id={$message_id}\n\tLIMIT 1"; query($sql); $message_out = nl2br(db_unescape($message)); $link = $_SERVER["HTTP_HOST"] . "/edit.php?" . http_build_query(["email" => $email]); if ($editorid == $userid) { markUnread($userid); // send_mail_to_admin("$name написал сообщение", "$message_out <br /><a href=\"$link\">Ответить</a>"); } else { send_mail_by_userid($userid, "Мастер написал сообщение", "{$message_out} <br /><a href=\"{$link}\">Ответить</a>"); }
function importarbre($tab, $arbre_id) { $arbre_id = $arbre_id == "root1" ? "" : $arbre_id; foreach ($tab as $key => $value) { //print $value."<br>"; $tabkey = array(); $tabvalue = array(); foreach ($value as $key2 => $value2) { //print $key2."<br>"; if (!is_array($value2)) { $tabkey[] = $key2; $tabvalue[] = "'" . str_replace("'", "\\'", $value2) . "'"; } } if ($arbre_id != "") { //on regarde le pere et le root $sql = "select root from " . __racinebd__ . "arbre where arbre_id=" . $arbre_id; $link = query($sql); $tbl_result = fetch($link); if ($tbl_result["root"] == "") { $sql = "insert into " . __racinebd__ . "arbre (" . implode(",", $tabkey) . ",pere,root) values (" . implode(",", $tabvalue) . "," . $arbre_id . "," . $arbre_id . ")"; } else { $sql = "insert into " . __racinebd__ . "arbre (" . implode(",", $tabkey) . ",pere,root) values (" . implode(",", $tabvalue) . "," . $arbre_id . "," . $tbl_result["root"] . ")"; } } else { $sql = "insert into " . __racinebd__ . "arbre (" . implode(",", $tabkey) . ") values (" . implode(",", $tabvalue) . ")"; } //print $sql."<br>"; $link = query($sql); $arbre_id = insert_id(); if (is_array($value["contenu"])) { if (is_array($value["contenu"][0])) { for ($i = 0; $i < count($value["contenu"]); $i++) { $contenu_id = contenuarbre($value["contenu"][$j], $arbre_id); if (is_array($value["contenu"]["content"])) { if (is_array($value["contenu"]["content"][0])) { for ($j = 0; $j < count($value["contenu"]["content"]); $j++) { contentarbre($value["contenu"]["content"][$j], $contenu_id); } } else { contentarbre($value["contenu"]["content"], $contenu_id); } } } } else { $contenu_id = contenuarbre($value["contenu"], $arbre_id); if (is_array($value["contenu"]["content"])) { if (is_array($value["contenu"]["content"][0])) { for ($j = 0; $j < count($value["contenu"]["content"]); $j++) { contentarbre($value["contenu"]["content"][$j], $contenu_id); } } else { contentarbre($value["contenu"]["content"], $contenu_id); } } } } if (is_array($value["childs"])) { if ($value["childs"]["arbre"] == "") { for ($i = 0; $i < count($value["childs"]); $i++) { //print $value["childs"][$i]."ici"; if (is_array($value["childs"][$i])) { importarbre($value["childs"][$i], $arbre_id); } } } else { importarbre($value["childs"], $arbre_id); } } } }
$link2 = query($sql); //if(num_rows($link2)==0&&$tablelem[5]!=""){ if (num_rows($link2) == 0) { $compte_id = $tbl["compte_id"]; $sql = "select max(id) as maxid from devices"; $link = query($sql); $tbl = fetch($link); $sql = "insert into devices (name,uniqueId) \r\n values('Device" . ($tbl["maxid"] + 1) . "','" . addslashes($tablelem[4]) . "')"; //print $sql."<br>"; query($sql); $id = insert_id(); $sql = "INSERT INTO users_devices (users_id, devices_id) VALUES ('1', {$id})"; //query($sql); $szQuery = "insert into " . __racinebd__ . "device (devices_id,type_device_id,IMEI,serialnumber,nomvehicule,telboitier,compte_id,date_creation,unitid,immatriculation) \r\n values('" . $id . "',1,'" . addslashes($tablelem[4]) . "','" . addslashes($tablelem[4]) . "','" . addslashes($tablelem[2]) . "','+" . addslashes($tablelem[5]) . "','" . $compte_id . "',now(),'" . addquote($tablelem[4]) . "','" . addquote($tablelem[3]) . "')"; //query($sql); //print $szQuery."<br>"; query($szQuery); $device_id = insert_id(); //device phantom_usergps_device $sql = "select * from " . __racinebd__ . "usergps where compte_id=" . $compte_id; $link_device = query($sql); while ($tbl_device = fetch($link_device)) { $sql = "insert into " . __racinebd__ . "usergps_device (device_id,usergps_id) values('" . $device_id . "','" . $tbl_device["usergps_id"] . "')"; //print $sql."<br>"; query($sql); } } } else { print "erreur compte '" . addslashes($tablelem[0]) . "' non trouvé<br>"; } }
$post_get = new GetVarClass(); $email = $post_get->getemail("email"); $c = $post_get->getint("c"); $chash = $post_get->getvar("chash"); if (!$email) { die("Регистрация невозможна: введите корректный e-mail. "); } if (antispamhash($c) != $chash) { die("Регистрация невозможна: анти-спам тест не пройден. "); } $userid = emailToId($email); if ($userid) { $text = <<<EOT E-mail {$email} уже зарегистрирован. На всякий случай мы отправили вам ваш пароль на почту еще раз. <br /> Воспользуйтесь <a href="/#login">формой входа</a> на главной странице. <br /> По техническим вопросам обращайтесь к Бодигриму (andrew.lelechenko@gmail.com, skype bodigrim). EOT; echo $text; remindPassword($userid); die; } $password = randomPassword(); $hash = bcrypt($password); $sql = "INSERT INTO " . PREF . "users (email, pw, pwhash, active)\n\tVALUE ('{$email}', '{$password}', '{$hash}', 1)"; query($sql); $userid = insert_id(); remindPassword($userid); set_login_cookies($userid, $email, $hash); redirect("/edit.php?" . http_build_query(["email" => $email]));
if ($_FILES["ext"]["tmp_name"] != "") { //creation du repertoire tmp //@mkdir ($_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id'], 0775); //deplacement du fichier //move_uploaded_file($_FILES[ext]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$_FILES["ext"]["name"]); //$filename=preg_replace('/[^a-z0-9_\-\.]/i', '_', $_FILES["ext"]["name"]); $filename = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext"]["name"]); $filename = makename($_FILES["ext"]["name"]); //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $ext = getext($_FILES["ext"]["name"]); //$sql="insert into ".__racinebd__."fichiers (titre,abstract,ext,nom_fichier,contenu) value('".addquote($_POST["titre_fichier"])."','".addquote($_POST["description_fichier"])."','".$ext."','".$filename."','".$contenu."')"; $sql = "insert into " . __racinebd__ . "fichiers (titre,abstract,ext,nom_fichier) value('" . addquote($_POST["titre_fichier"]) . "','" . addquote($_POST["description_fichier"]) . "','" . $ext . "','" . addquote($filename) . "')"; //print $sql; $link = query($sql); $fichiers_id = insert_id(); savefile("ext", __racinebd__ . "fichiers", $fichiers_id); //print $_SERVER["DOCUMENT_ROOT"].__uploaddir__.__racinebd__."fichiers".$fichiers_id.".".$ext; if (PHANTOM_FULLTEXT == true) { $contenu = addslashes(extract2tmpfile($ext, $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . "fichiers" . $fichiers_id . "." . $ext)); } if ($contenu == '') { $contenu = addquote($_POST["description_fichier"]); } $sql = "update " . __racinebd__ . "fichiers set contenu='" . $contenu . "' where fichiers_id=" . $fichiers_id; query($sql); ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_fichier_<?php echo $fichiers_id; ?>