function booklog($book, $type, $message) { global $abltype; if (!isset($abltype[$type])) { echo "ERROR: booklog called with bad type:{$type} ({$message})\n"; } else { mq("INSERT INTO booklog SET book='" . intval($book) . "', type='" . intval($type) . "', message='" . addslashes($message) . "';"); } }
<?php chdir('../../../../'); require 'db.php'; $user_id = mysql_real_escape_string($_POST['user_id']); $points = floatval(mysql_result(mq(totalMarks("WHERE user_id = {$user_id}")), 0)); //echo $points; exit; $sql = "select user_code from users where user_id = " . $user_id; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $points += @reset(header_store_points(array("user_code" => $row['user_code']))); echo $points;
<?php require "../system/incl.php"; if (isset($_GET['del'])) { $del = addslashes($_GET['del']); $q = "SELECT * FROM `group2category` WHERE `id_category`='{$del}'"; $res = mq($q); if (mysql_num_rows($res) > 0) { $error = array("Невозможно удалить выбранную категорию, так как существуют группы, связанные с ней."); $smarty->assign("errors", $error); } else { $q = "DELETE FROM `category` WHERE `id`='{$del}'"; mq($q); $smarty->assign("message", "Удалено!"); } } $q = "SELECT * FROM `category` ORDER BY `weight`, `name_ru`"; $res = mq($q); $data = array(); if (mysql_num_rows($res) > 0) { while ($info = mysql_fetch_array($res)) { $data[] = $info; } } if (count($data) > 0) { $smarty->assign("data", $data); } else { $smarty->assign("nodata", true); } $smarty->display("adm_category_list.tpl");
} } // Now we store the attributes : $attr["fnac"] = array("url" => $book[0]); if ($isbn) { $attr["isbn"] = $isbn; } if ($image) { $attr["fnac"]["image"] = $image; $store = md5($image) . ".jpg"; curl_simple_get($image, IMAGE_ROOT . "/" . $store); if (@filesize(IMAGE_ROOT . "/" . $store)) { $attr["fnac"]["imageurl"] = $store; } } if ($isbn) { $attr["isbn"] = $isbn; } if ($already) { $sql = ""; if (!$already["authors"]) { $sql .= " , authors='" . addslashes($author) . "' "; } mq("UPDATE books SET collection=6, title='" . addslashes($book[1]) . "', isbn='{$isbn}', attribs='" . addslashes(json_encode($attr)) . "' {$sql} WHERE id=" . $already["id"] . ";"); echo "Update book " . $already["id"] . "\n"; } else { mq("INSERT INTO books SET datecreated=NOW(), collection=6, title='" . addslashes($book[1]) . "', authors='" . addslashes($author) . "', isbn='{$isbn}', attribs='" . addslashes(json_encode($attr)) . "';"); echo "Created book " . mysql_insert_id() . "\n"; } } // for each book
$attr["formats"][$aformat[$action]] = array("name" => $id, "size" => filesize(UPLOAD_ROOT . "/" . $id), "othercollection" => $oc); mq("UPDATE books SET dateuploaded=NOW(), downloadable=1, attribs='" . addslashes(json_encode($attr)) . "' WHERE id=" . $book["id"] . ";"); $_REQUEST["msg"] = _("The upload has been validated"); break; case 99: mq("UPDATE uploads SET datemoderated=NOW(), status=" . $action . " WHERE id=" . $id . ";"); $_REQUEST["msg"] = _("The upload has been trashed"); break; } } require_once "head.php"; require_once "menu.php"; require "messagebox.php"; $offset = 0; $count = 100; $r = mq("SELECT uploads.*, books.title, books.authors FROM uploads, books WHERE uploads.status=0 AND books.id=uploads.book_id ORDER BY uploads.id LIMIT {$offset},{$count};"); echo mysql_error(); ?> <div class="container-fluid main"> <div class="row"> <div class="span12"> <div style="float: right; padding: 10px;"> <a href="https://fr.wikipedia.org/wiki/Domaine_public_%28propri%C3%A9t%C3%A9_intellectuelle%29"><img src="/assets/img/pd.png"/></a> </div> <h1><?php __("Uploaded files moderation"); ?> </h1>
<?php require_once "lib/ssl.php"; function mq($x) { if (get_magic_quotes_gpc()) { return stripslashes($x); } else { return $x; } } $keysize = mq($_REQUEST['keysize']); $passphrase = mq($_REQUEST['passphrase']); ?> <html> <head> <title>Public Key Forge</title> </head> <body> <?php if ($keysize && is_numeric($keysize)) { $ssl = new ssl(); $privkey = $ssl->make_privkey($keysize, $passphrase); $pubkey = $ssl->privkey_to_pubkey($privkey, $passphrase); $id = $ssl->pubkey_id($pubkey); echo "ID: {$id}<br>\n"; echo "<pre>\n{$pubkey}</pre>\n"; echo "<pre>\n{$privkey}</pre>\n"; } if (!$keysize || !is_numeric($keysize)) { $keysize = 512;
function ChangeDisplayName($uid = 0, $dname = '') { global $handler; $dname = mq($dname); count_mysql_query("UPDATE uo_chat_database SET displayname={$dname} WHERE uid={$uid}", $handler, "helpers.php: ChangeDisplayName() 1/1"); }
$cat2 = rand(0, count($c) - 1); } while (in_array($cat2, $cat)); $cat[] = $cat2; } if (count($c) > 2) { do { $cat2 = rand(0, count($c) - 1); } while (in_array($cat2, $cat)); $cat[] = $cat2; } foreach ($cat as $cc) { $catalog[] = $c[$cc]; } } } $r = mq("SELECT books.*, uploads.id AS uid FROM books LEFT JOIN uploads ON uploads.book_id=books.id AND uploads.status=0 WHERE 1 {$sql} ORDER BY downloadable DESC, title ASC LIMIT {$offset},{$count};"); echo mysql_error(); // TODO : start by a list of (bigger cover) "latest uploaded books" (+ their upload date) ?> <div class="container-fluid main"> <div class="row"> <div class="span12"> <?php if (count($catalog)) { ?> <p><?php __("Among the latest books we received, we recommend:"); ?>
<input type="button" name="cancel" value="<?php __("Cancel"); ?> " onclick="document.location='/accounts.php'" /> </div> </form> <?php break; // ACTION EDIT / CREATE // ACTION EDIT / CREATE case "delete": break; // ACTION DELETE // ACTION DELETE default: $r = mq("SELECT * FROM users ORDER BY login;"); ?> <p> <a class="btn" href="/accounts.php?action=create"><?php __("Create new account"); ?> </a> </p> <table class="matable"> <tr> <th><?php __("Edit"); ?> </th>
function feedback2Action() { global $view, $params; // Check the campaign if (!isset($params[0])) { not_found(); } $slug = addslashes(trim($params[0])); $view["campaign"] = $this->_getCampaign($slug); // Exit in case of error // Check the call : if (!isset($params[1])) { not_found(); } $view["callid"] = $cid = intval($params[1]); $call = mqone("SELECT * FROM calls WHERE id='" . $view["callid"] . "';"); $callee = mqone("SELECT * FROM lists WHERE phone='(" . $call["callee"] . ")';"); if ($call["feedback"]) { $view["error"] = _("A feedback has already been given for that call, sorry"); $this->call2Action(); exit; } mq("UPDATE calls SET feedback='" . addslashes($_REQUEST["feedback"]) . "' WHERE id='" . $view["callid"] . "';"); mq("UPDATE lists SET callcount=callcount+1 WHERE id='" . $callee["id"] . "');"); $view["message"] = _("Your feedback has been sent to us, thanks for your participation! CALLID:"); render("campaigncall2"); }
<input type="button" name="cancel" value="<?php __("Cancel"); ?> " onclick="document.location='/collections.php'" /> </div> </form> <?php break; // ACTION EDIT / CREATE // ACTION EDIT / CREATE case "delete": break; // ACTION DELETE // ACTION DELETE default: $r = mq("SELECT c.id,c.name,count(b.id) AS books FROM collections c LEFT JOIN books b ON b.collection=c.id GROUP BY c.id ORDER BY c.name;"); ?> <p> <a class="btn" href="/collections.php?action=create"><?php __("Create new collection"); ?> </a> </p> <table class="matable"> <tr> <th><?php __("Edit"); ?> </th> <th><?php
function getCategoryInfoById($id) { $q = "SELECT * FROM `category` WHERE id={$id}"; $info = mysql_fetch_array(mq($q)); return localizeObject($info); }
} if (isset($_GET['id'])) { $id = addslashes($_GET['id']); $q = "SELECT * FROM `{$table}` WHERE id={$id}"; $res = mq($q); $data = mysql_fetch_array($res); $data['filesize'] = (int) (filesize("../" . $data['file']) / 1024 + 0.5); if (isset($_GET['delfile'])) { $q = "UPDATE `{$table}` SET `file`='', `filename`='' WHERE `id`='{$id}'"; mq($q); if (is_file("../" . $data['file'])) { unlink("../" . $data['file']); } unset($data['file']); $smarty->assign("message", "Файловое вложение удалено!"); } $smarty->assign("data", $data); $edit = true; } $res = mq("SELECT * FROM `page_type` ORDER BY `name_ru`"); $page_type = array(); while ($info = mysql_fetch_array($res)) { $page_type[] = $info; } $smarty->assign("page_type", $page_type); if ($edit) { $smarty->assign("page_title", "Редактировать материал"); } else { $smarty->assign("page_title", "Новый материал"); } $smarty->display("adm_page_edit.tpl");
<?php chdir('../../../'); require 'db.php'; $file = $_FILES['image']; if (is_uploaded_file($file['tmp_name'])) { $count = 0; do { if ($count++ > 100000) { echo 'Could not get ID.'; exit; } $id = mysql_result(mysql_query('SELECT FLOOR(RAND() * 4294967295)'), 0); } while (mysql_result(mysql_query("SELECT COUNT(*) FROM files WHERE file_id = {$id}"), 0) != 0); mq("INSERT INTO files (file_id, file_name, file_content_type, file_data) VALUES ({$id}, " . ms($file['name']) . ', ' . ms(mime_content_type($file['tmp_name'])) . ', ' . ms(file_get_contents($file['tmp_name'])) . ')'); echo $id; } else { echo 0; }
function ChangePrefs($username, $password, $newpref, $nmail, $chatpath, $icq, $aim, $ym, $msn, $site, $skype = '', $lastfm = '', $flickr = '', $dname = '', $facebook = '', $gplus = '', $steam = '') { global $handler; if (VerifyLogin($username, $password, $chatpath)) { $newpref = mq($newpref); $nmail = mq($nmail); $icq = intval($icq); $aim = mq($aim); $ym = mq($ym); $msn = mq($msn); $site = mq($site); $skype = mq($skype); $lastfm = mq($lastfm); $flickr = mq($flickr); $dname = mq($dname); $facebook = mq($facebook); $gplus = mq($gplus); $steam = mq($steam); @count_mysql_query("UPDATE uo_chat_database SET prefs={$newpref}, email={$nmail}, icq={$icq}, aim={$aim},\n\t\t\tym={$ym}, msn={$msn}, site={$site}, skype={$skype}, lastfm={$lastfm}, flickr={$flickr}, displayname={$dname},\n\t\t\tfacebook={$facebook}, gplus={$gplus}, steam={$steam}\n\t\t\tWHERE chat='{$chatpath}' AND username='******' AND dtime IS NULL", $handler); echo "<p>Preferences for '{$username}' set to {$newpref}, {$nmail}, {$icq}, {$aim}, {$ym}, {$msn}, {$skype}, {$lastfm}, {$flickr}, {$facebook}, {$gplus}, {$steam}, {$dname}.<br>"; return 1; } return 0; }
function mep_step3($mep, $campaign) { global $picdir; // Now we have all information we could have on that MEP, let's download the picture (if needed) and put the metadata in the if ($mep["picture"]) { $pd = md5($mep["picture"]); if (!file_exists($picdir . $pd . ".jpg")) { copy($mep["picture"], $picdir . $pd . ".jpg"); } if (!file_exists($picdir . $pd . ".jpg")) { unset($mep["picture"]); } else { $mep["picurl"] = $pd . ".jpg"; } } // set stb or bxl for the campaign location : $phone = str_replace("+", "00", $mep["bxl"]); echo "\n\n######################################## \nMEP: \n"; print_r($mep); echo "phone: {$phone}\n"; mq("INSERT INTO lists SET \n campaign='{$campaign}', \n name='" . addslashes($mep["name"]) . "', \n meta='" . addslashes(serialize($mep)) . "', \n callcount=0, enabled=1, \n country='" . addslashes($mep["country"]) . "', \n phone='" . addslashes($phone) . "'\n ;"); }
<?php require_once "common.php"; $error = ""; if (isset($_POST["login"]) && isset($_POST["password"])) { $me = false; $me = mqone("SELECT * FROM users WHERE `login`='" . addslashes($_POST["login"]) . "';"); if ($me) { print_r($me); if ($me["pass"] != crypt($_POST["password"], $me["pass"])) { $error = _("Incorrect username or password"); } else { mq("UPDATE users SET lastlogin=NOW() WHERE id=" . $me["id"] . ";"); $_SESSION["id"] = $me["id"]; $_SESSION["me"] = $me; session_write_close(); header("Location: /?msg=" . _("Welcome")); exit; } } else { $error = _("Incorrect username or password"); } } if ($error) { $_REQUEST["error"] = $error; } require_once "head.php"; require_once "menu.php"; require_once "messagebox.php"; ?> <div class="container-fluid main">
function draw_coupon($time = false) { global $client; global $error; global $onload, $body; $t = $client->t; settitle('Coupon'); setmenu('balance'); $outbox = $client->getoutbox(); if (!$time) { $time = mq($_REQUEST['time']); } $items = $outbox[$time]; $timestr = hsc($time); $datestr = datestr($time); if ($items) { foreach ($items as $item) { $request = $item[$t->REQUEST]; if ($request == $t->SPEND) { $assetname = hsc($item[$t->ASSETNAME]); $formattedamount = hsc($item[$t->FORMATTEDAMOUNT]); $note = hsc($item[$t->NOTE]); if ($note) { $note = "<tr><td><b>Note:</b></td><td><span style=\"margin: 5px;\">{$note}</span></td></tr>\n"; } } elseif ($request == $t->COUPONENVELOPE) { $coupon = hsc(trim($item[$t->COUPON])); $body = <<<EOT <br/> <b>Coupon for outbox entry at {$datestr}</b> <table border="1"> <tr><td><b>Amount:</b></td><td><span style="margin: 5px;">{$formattedamount} {$assetname}</span></td></tr> {$note}<tr><td><b>Coupon:</b></td><td><span style="margin: 5px;">{$coupon}</span></td></tr> </table> EOT; return; } } } $error = "Couldn't find coupon: {$timestr}"; draw_balance(); }
<?php // Simple file viewer // Allows viewing of files with word wrap. function mq($x) { if (get_magic_quotes_gpc()) { return stripslashes($x); } else { return $x; } } $file = mq(@$_GET['file']); $title = mq(@$_GET['title']); $numbers = mq(@$_GET['numbers']); $search = mq(@$_GET['search']); $file = trim($file); if ($title == '') { $title = $file; } $files = explode("\n", file_get_contents('viewtext.txt')); foreach ($files as $idx => $line) { if ($line != '') { $parts = explode('|', $line); $name = $parts[0]; $label = ''; if (count($parts) > 1) { $label = " - " . $parts[1]; } if ($file != '') { $files[$idx] = $name;
function mqlist($query) { $q = mq($query); if (!$q) { return false; } $res = array(); while ($c = mysql_fetch_array($q)) { $res[] = $c; } return $res; }
/** Receive a URL to enable a user account */ function enableAction() { global $view, $params; if (!isset($params[0])) { not_found(); } $id = intval($params[0]); $user = mqone("SELECT * FROM user WHERE id={$id};"); if (!$user) { not_found(); } mq("UPDATE user SET enabled=1 WHERE id={$id};"); $view["message"] = "The user has been enabled successfully"; $this->indexAction(); }
/** Receive a URL to enable a campaign */ function enableAction() { global $view, $params; if (!isset($params[0])) { not_found(); } $id = intval($params[0]); $campaign = mqone("SELECT * FROM campaign WHERE id={$id};"); if (!$campaign) { not_found(); } mq("UPDATE campaign SET enabled=1 WHERE id={$id};"); $view["message"] = "The campaign has been enabled successfully"; $this->indexAction(); }
$addok = 0; if (CheckFlags("bXZmM", $client['flags'])) { @count_mysql_query("DELETE FROM uo_chat_gag WHERE chat='{$chatpath}'", $handler, "sendmsg.php: /mugag 1/1"); } } else { if (stristr(mb_substr($message, 0, 4), '/msg') && !CheckBan($ident, $chatpath) && !CheckGag($ident, $chatpath) && !CheckFlags('P', $cpref)) { $ident = $_SESSION[$realpath]['ident']; $recipient = eregi_replace("^/msg[[:space:]]*([^[:space:]]+)[[:space:]]*.*\$", "\\1", $message); $message = eregi_replace("^/msg[[:space:]]*[^[:space:]]+[[:space:]]*(.*)\$", "\\1", $message); $message = FilterWords($message); $xml['private'] = true; $xml['rawpost'] = '[Private Message from "' . $handle . '" to "' . $recipient . '"]'; $recipient = strtolower($recipient); $recipient = trim(str_replace('_', ' ', $recipient)); $recipient = ereg_replace($master_name_filter, '', $recipient); $auth = mq($handle); $auth_uid = 'null'; if (!empty($_SESSION[$realpath]['user']['uid'])) { $auth = 'null'; $auth_uid = $_SESSION[$realpath]['user']['uid']; } $result = @count_mysql_query("SELECT username,displayname,uid FROM uo_chat_database\n\t\t\t\t\tWHERE username='******' AND chat='{$chatpath}' AND dtime IS NULL", $handler, "sendmsg.php: /msg 1/4"); $row = @mysql_fetch_assoc($result); @mysql_free_result($result); if (!empty($row['username'])) { $recipient = ucwords($row['username']); if (!empty($row['displayname'])) { $recipient = $row['displayname']; } $rcpt_uid = $row['uid']; $time = time();
if (isset($_GET['id'])) { $id = addslashes($_GET['id']); $q = "SELECT * FROM `category` ORDER BY `name`"; $res = mq($q); $category_list = array(); while ($info = mysql_fetch_array($res)) { $category_list[$info['id']] = array('id' => $info['id'], 'name' => $info['name'], 'checked' => false); } $q = "SELECT * FROM `group2category` WHERE `id_group`='{$id}'"; $res = mq($q); while ($info = mysql_fetch_array($res)) { $category_list[$info['id_category']]['checked'] = true; } $smarty->assign("cat_list", $category_list); $smarty->assign("id", $id); } else { if (isset($_POST['id'])) { $id = addslashes($_POST['id']); $selected_cats = $_POST['catlist']; $q = "DELETE FROM `group2category` WHERE `id_group`='{$id}'"; mq($q); foreach ($selected_cats as $c_id) { $q = "INSERT INTO `group2category` SET\r\n \t\t\t`id_group`='{$id}',\r\n `id_category`='{$c_id}'"; mq($q); } header('location: group_list.php'); exit; } } $smarty->assign("page_title", "—в¤зи проекта"); $smarty->display("adm_group_rel.tpl");
function mqreq($x) { return mq(@$_REQUEST[$x]); }
function mqonefield($query) { global $er; $r = mq($query); if (mysql_errno()) { echo "ERR: " . mysql_error() . " <br />"; //$er->raise(1,mysql_error()."Q:".$query); return false; } if (list($res) = mysql_fetch_array($r)) { return $res; } else { return false; } }
if (substr($loom_server, -1) != '/') { $loom_server .= '/'; } $buy_loc = mq($_POST['buy_loc']); $buy_usage = mq($_POST['buy_usage']); $issuer_orig = mq($_POST['issuer_orig']); $issuer_dest = mq($_POST['issuer_dest']); $touch_loc = mq($_POST['touch_loc']); $look_hash = mq($_POST['look_hash']); $move_qty = mq($_POST['move_qty']); $move_orig = mq($_POST['move_orig']); $move_dest = mq($_POST['move_dest']); $content = mq($_POST['content']); $id = mq($_POST['id']); $passphrase = mq($_POST['passphrase']); $idhash = mq($_POST['idhash']); function maybe_echo_server($q) { global $loom_server, $default_server; if ($loom_server != $default_server) { echo $q . 'loom_server=' . urlencode($loom_server); } } ?> <html> <head> <title>Loom Grid & Archive Tutorials in PHP</title> <link rel="shortcut icon" href="krugerand.png"/> <style type="text/css"> body { font-family: verdana, arial, sans-serif; font-size: 10pt } div { font-size:10pt }
<?php function mq($query) { $res = mysql_query($query) or die("MySQL error occures during execution of query: <br /><br /><pre>" . $query . "</pre><br /><br />MySQL says: <b>" . mysql_error() . "</b>"); return $res; } function prep($data) { return str_replace("'", "\\'", $data); } function t($obj) { print_r($obj); exit; } $conn = mysql_connect(DB_HOST, DB_USER, DB_PASS); mysql_select_db(DB_NAME, $conn); mq("SET NAMES `cp1251`");
$count = 0; } else { $count = intval($_REQUEST["count"]); } if (!isset($_REQUEST["offset"])) { $offset = 0; } else { $offset = intval($_REQUEST["offset"]); } if ($count <= 0 || $count > 1000) { $count = 100; } if ($offset < 0) { $offset = 0; } $r = mq("SELECT booklog.*, books.title, books.projectname FROM booklog, books WHERE books.id=booklog.book ORDER BY booklog.ts DESC LIMIT {$offset},{$count};"); echo mysql_error(); ?> <div class="container-fluid main"> <div class="container"> <h1><?php __("Last events"); ?> </h1> <table class="matable"> <tr> <th><?php __("Date of event");
$location = mq($_POST['location']); $folderkv = mq($_POST['folderkv']); $valueskv = mq($_POST['valueskv']); $take = mq($_POST['take']); $give = mq($_POST['give']); $page = mq($_POST['page']); $greendot = mq($_POST['greendot']); $contact = mq($_POST['contact']); $showfolder = mq($_POST['showfolder']); $newname = mq($_POST['newname']); $oldname = mq($_POST['oldname']); $newlocation = mq($_POST['newlocation']); $savename = mq($_POST['savename']); $delete = mq($_POST['delete']); $add_location = mq($_POST['add_location']); $commit = mq($_POST['commit']); $client = new LoomClient(); // Redefine $encrypt_key if you want to use one. // It should be a 32-character hex string, as generated // by the grid-tutotial.php "Tools" page. $encrypt_key = ''; @include "ip-config.php"; $cipher = ''; $session_cipher = ''; if ($encrypt_key != '') { makeCiphers(); if ($session_cipher != '') {