Ejemplo n.º 1
0
function check_time($string)
{
    $time = array('0', '1', '2', '3');
    if (!in_array($string, $time)) {
        exit('出错');
    }
    return mysql_escape($string);
}
Ejemplo n.º 2
0
/**
* TestGuestVersion1.0
* ================================================
* Copy 2010-2012yc60
* Web: http://www.yc60.com
* ================================================
* Author: Lee
* Date: 2012-9-17
*/
function check_content($string)
{
    $string = htmlspecialchars(mysql_escape(trim($string)));
    if (mb_strlen($string, 'utf-8') < 10 || mb_strlen($string, 'utf-8') > 200) {
        //判断输入的用户名长度是否合格
        alert('信心内容不得少于10个字符,请重新输入');
    }
    return $string;
}
Ejemplo n.º 3
0
function check_post_contenr($string, $min)
{
    $string = trim($string);
    if (mb_strlen($string, 'utf-8') < $min) {
        //判断输入的用户名长度是否合格
        alert('发帖内容长度不得小于' . $min . '位');
        exit;
    }
    return mysql_escape($string);
}
    function editFormHtml($record)
    {
        global $TABLE_PREFIX, $tableName;
        $calendarTable = $TABLE_PREFIX . "_datecalendar";
        // get dates
        $dates = array();
        $date = getdate();
        $monthNum = $date['mon'];
        $year = $date['year'];
        $firstMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01');
        for ($i = 1; $i <= 12; $i++) {
            $dates[] = array('year' => $year, 'monthNum' => $monthNum);
            if (++$monthNum > 12) {
                $year++;
                $monthNum = 1;
            }
        }
        $lastMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01');
        // load dates from database
        $selectedDates = array();
        $query = "SELECT DATE_FORMAT(date, '%Y%m%d') as date FROM `{$calendarTable}` ";
        $query .= "WHERE `tablename` = '{$tableName}' ";
        $query .= "  AND `fieldname` = '{$this->name}' ";
        $query .= "  AND `recordNum` = '" . mysql_escape($_REQUEST['num']) . "' ";
        $query .= "  AND '{$firstMonth}' <= `date` AND `date` <= '{$lastMonth}'";
        $result = mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
        while ($row = mysql_fetch_assoc($result)) {
            $selectedDates[$row['date']] = 1;
        }
        if (is_resource($result)) {
            mysql_free_result($result);
        }
        // get calendar HTML
        $calendarHtml = '';
        foreach ($dates as $date) {
            $calendarHtml .= _createEditCalendar($date['monthNum'], $date['year'], $selectedDates);
        }
        // display field
        print <<<__HTML__
   <tr>
    <td valign="top">{$this->label}</td>
    <td>{$calendarHtml}</td>
   </tr>
__HTML__;
    }
function saveUploadDetails()
{
    global $TABLE_PREFIX;
    security_dieUnlessPostForm();
    security_dieUnlessInternalReferer();
    security_dieOnInvalidCsrfToken();
    // update uploads
    if (is_array(@$_REQUEST['uploadNums'])) {
        foreach ($_REQUEST['uploadNums'] as $uploadNum) {
            if (!$uploadNum) {
                die(__FUNCTION__ . ": No upload num specified!");
            }
            $query = "UPDATE `{$TABLE_PREFIX}uploads`\n";
            $query .= "   SET info1 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info1"]) . "',\n";
            $query .= "       info2 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info2"]) . "',\n";
            $query .= "       info3 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info3"]) . "',\n";
            $query .= "       info4 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info4"]) . "',\n";
            $query .= "       info5 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info5"]) . "'\n";
            $query .= " WHERE num = '" . mysql_escape($uploadNum) . "' AND ";
            if ($_REQUEST['num']) {
                $query .= "recordNum     = '" . mysql_escape($_REQUEST['num']) . "'";
            } else {
                if ($_REQUEST['preSaveTempId']) {
                    $query .= "preSaveTempId = '" . mysql_escape($_REQUEST['preSaveTempId']) . "'";
                } else {
                    die("No value specified for 'num' or 'preSaveTempId'!");
                }
            }
            mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
        }
    }
    //
    print "<script type='text/javascript'>self.parent.reloadIframe('{$_REQUEST['fieldName']}_iframe')</script>";
    // reload uploadlist
    print "<script type='text/javascript'>self.parent.tb_remove();</script>\n";
    // close thickbox
    exit;
}
Ejemplo n.º 6
0
 public function activation()
 {
     if (!empty($_GET['activation']) && isset($_GET['activation'])) {
         $code = mysql_escape($_GET['activation']);
         $user_count = User::where('activation', $code)->count();
         $User = User::where('activation', '=', $code)->firstOrFail();
         if ($user_count > 0) {
             $count = DB::table('users')->where('activation', $code)->where('status', '0')->count();
             if ($count == 1) {
                 $db_res = DB::table('users')->where('activation', $code)->update(array('status' => 1));
                 if ($db_res == 1) {
                     Auth::login($User);
                     return View::make('register/activation_to_resumes');
                     //return Redirect::to('/')->with('message','您的账号已经激活');
                 }
             } else {
                 return Redirect::to('ow_login')->with('message', '您的账号已经激活无需再次激活!');
             }
         } else {
             return Redirect::to('ow_register')->with('message', '您的账号存在');
         }
     }
 }
<?php

require "globals.php";
$search = mysql_escape($_POST['search']);
$page = mysql_escape($_POST['page']);
if ($search == "") {
    echo "<h1>Search Games</h1><center>Please type in the most accurate game title description to find your favourite games.<br>\n<form action=flashsearchdos.php?page=search method=post>Game Title: <input type=text name=search> <input type=submit value='Search'></form></center>";
} else {
    // Strip HTML tags
    $search = strip_tags($search);
    // Find games
    $sql = "SELECT game FROM flash2 WHERE game LIKE '%{$search}%' ORDER BY game DESC LIMIT 10";
    $countmatches = mysql_num_rows(mysql_query("{$sql}"));
    $findgames = mysql_query("SELECT imagename,game,id FROM flash2 WHERE game LIKE '%{$search}%' ORDER BY game DESC LIMIT 10");
    echo "<center><h1>Search Results</h1>\nWe have found {$countmatches} matches for your search results. The more specific the search phrase, the better your results will be.<br><br>\n\n<table border=0 cellspacing=10 cellpadding=0 border=0><tr>";
    $counter = 0;
    while ($game = mysql_fetch_array($findgames)) {
        // Next row
        if ($counter == 3) {
            echo "</tr><tr>";
            // Reset counter
            $counter = 0;
        }
        echo "<td><table>\n<tr>\n<td>\n<font size=1><a href=game.php?id={$game['id']} title=\"{$game['game']}\"><center>\n<img src=/arcadefiles/{$game['imagename']} height=60 width=60></a><br />\n<li><a href=game.php?id={$game['id']} title=\"{$game['game']}\">{$game['game']}</center></a>\n<li><a href=highscores.php?id={$game['id']}>View High Scores</a></center>\n</font></td>\n</tr>\t\t\t\t\t\t\n</table></td>";
        $counter++;
    }
    echo "</tr></table>";
}
print "<br /><br />";
$h->endpage();
Ejemplo n.º 8
0
<link rel="shortcut icon" href="images/favicon.ico" />
</head>
<body>
<?php 
define('IN_TG', true);
require dirname(__FILE__) . '/includes/global.fun.php';
//引进数据库连接文件
require dirname(__FILE__) . '/includes/conn.inc.php';
require dirname(__FILE__) . '/includes/common.inc.php';
require dirname(__FILE__) . '/includes/header.inc.php';
if (!isset($_GET['active'])) {
    //防止直接调用“active页面”
    location('非法操作', 'index.php');
}
if (isset($_GET['action']) && isset($_GET['active']) && $_GET['action'] == 'ok') {
    $active = mysql_escape($_GET['active']);
    //首先进行转义
    mysql_query("UPDATE user SET active=NULL WHERE active='{$active}' LIMIT 1");
    //将active字段设置为空
    if (mysql_affected_rows() == 1) {
        location('激活成功', 'index.php');
    } else {
        location('激活失败', 'register.php');
    }
}
?>
<div id="active">
<h2>激活页面</h2>
<p>点击一下链接进行激活</p>
<p><a href="active.php?action=ok&amp;active=<?php 
echo $_GET['active'];
Ejemplo n.º 9
0
    if (!isset($_POST['url'])) {
        if ($bgfixed == 1) {
            $bgfixedcheck = "checked";
        } else {
            $bgfixedcheck = "";
        }
        if ($bgcenter == "center") {
            $bgcentercheck = "checked";
        } else {
            $bgcentercheck = "";
        }
        if ($bgcover == 1) {
            $bgcovercheck = "checked";
        } else {
            $bgcovercheck = "";
        }
        echo "<h2 class=\"text-left\">Site Background</h2><hr/>\n\t\t<p>Many sites have a background to make the website more personalized. There is not a default image size, but you may want to play around with some sizes to see what you like.</p>\n\t\t<p>To upload an image, please go to <a href=\"http://www.imgur.com\">imgur.com</a>, and then enter in the image url below. The URL will look like this: i.imgur.com/abcdefghi.jpg. Of course, you may use any other website to host your image.</p><hr/>\n\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Background URL</label>\n\t\t\t\t<input type=\"text\" class=\"form-control\" name=\"url\" id=\"inputURL\" placeholder=\"Enter image URL\" value=\"" . $background . "\">\n\t\t\t</div>\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Background Color (Hex)</label>\n\t\t\t\t<input type=\"text\" class=\"form-control color\" name=\"bgcolor\" id=\"inputURL\" placeholder=\"Enter Background Color\" value=\"" . $bgcolor . "\">\n\t\t\t\t<span class=\"help-block\">Your background color must look like this: 000000<br/>To look up hex colors, click the input box above.</span>\n\t\t\t</div>\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"repeatStyle\">Background Repeat</label>\n\t\t\t\t<select class=\"form-control\" name=\"bgrepeat\" id=\"repeatStyle\">\n\t\t\t\t\t<option value=\"no-repeat\">No Repeat</option>\n\t\t\t\t\t<option value=\"repeat\">Repeat Both Directions</option>\n\t\t\t\t\t<option value=\"repeat-x\">Repeat Horizontally</option>\n\t\t\t\t\t<option value=\"repeat-y\">Repeat Vertically</option>\n\t\t\t\t</select>\n\t\t\t\t<span class=\"help-block\">Background images can repeat horizontally, vertically, both, or none.</span>\n\t\t\t</div>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgcenter\" value=\"1\" {$bgcentercheck}>Center Background (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\n\t\t\t<span class=\"help-block\">Background images can be centered.</span>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgfixed\" value=\"1\" {$bgfixedcheck}>Fixed Background (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\t\t\t\t\n\t\t\t<span class=\"help-block\">Background images can be fixed (won&#39;t scroll).</span>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgcover\" value=\"1\" {$bgcovercheck}>Fit Background to Screen (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\t\t\t\t\n\t\t\t<span class=\"help-block\">Background images can be resized to fit the browser window.</span>\n\t\t\t<hr/>\n\t\t\t<button type=\"submit\" class=\"btn btn-primary\" required>Submit &raquo;</button>\n\t\t</form>\n\t\t";
    } else {
        $url = mysql_escape($_POST["url"]);
        $bgcolor = mysql_escape($_POST["bgcolor"]);
        $bgrepeat = mysql_escape($_POST["bgrepeat"]);
        $bgcenter = mysql_escape(isset($_POST["bgcenter"]));
        $bgfixed = mysql_escape(isset($_POST["bgfixed"]));
        $bgcover = mysql_escape(isset($_POST["bgcover"]));
        $mysqli->query("UPDATE " . $prefix . "properties SET background = '{$url}', bgcolor = '{$bgcolor}', bgrepeat = '{$bgrepeat}', bgcenter = '{$bgcenter}', bgfixed = '{$bgfixed}', bgcover = '{$bgcover}'");
        echo "<div class=\"alert alert-success\">Successfully updated background.</div>";
        redirect_wait5("?base=admin&page=background");
    }
} else {
    redirect("?base");
}
function incrementCounterField($tablename, $fieldname, $recordNumber)
{
    global $VIEWER_NAME;
    // error checking
    if (!$tablename) {
        die(__FUNCTION__ . ": No 'tablename' value specified!");
    }
    if (!$fieldname) {
        die(__FUNCTION__ . ": No 'fieldname' value specified!");
    }
    if (!$recordNumber) {
        die(__FUNCTION__ . ": No 'recordNumber' value specified!");
    }
    // update counter
    $escapedTableName = mysql_escape(getTableNameWithPrefix($tablename));
    $query = "UPDATE `{$escapedTableName}` SET `{$fieldname}` = IFNULL(`{$fieldname}`,0) + 1";
    $query .= " WHERE `num` = '" . mysql_escape($recordNumber) . "'";
    $result = @mysql_query($query);
    if (!$result) {
        die(__FUNCTION__ . " MySQL Error: " . htmlencode(mysql_error()) . "\n");
    }
    if (!mysql_affected_rows()) {
        die(__FUNCTION__ . ": Couldn't find record '" . htmlencode($recordNumber) . "'!");
    }
}
Ejemplo n.º 11
0
    die("403 - Access Forbidden");
}
if ($_SESSION['id']) {
    echo "\n\t\t<h2 class=\"text-left\">Account Settings</h2><hr/>";
    if (!isset($_POST['modify'])) {
        $query = $mysqli->query("SELECT * FROM `accounts` WHERE `id`='" . $_SESSION['id'] . "'") or die(mysql_error());
        $row = $query->fetch_assoc();
        echo "\n\t\t<div class=\"alert alert-warning\">If you want to keep your current password, leave the password fields blank! <a class=\"close\" data-dismiss=\"alert\" href=\"#\" aria-hidden=\"true\">&times;</a></div>\n\t\t<form method=\"post\" role=\"form\">\n\t\t\t<b><abbr title=\"You can't change this!\">Username</abbr></b>\n\t\t\t\t" . $row['name'] . "\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"cPassword\">Current Password</label>\n\t\t\t<input type=\"password\" class=\"form-control\" id=\"cPassword\" placeholder=\"Current Password\" name=\"current\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"nPassword\">New Password</label>\n\t\t\t<input type=\"password\" class=\"form-control\" id=\"nPassword\" placeholder=\"New Password\" name=\"password\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"coPassword\">Confirm Password</label>\n\t\t\t<input type=\"password\" class=\"form-control\" id=\"coPassword\" placeholder=\"Confirm Password\" name=\"copassword\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"Email\">Email</label>\n\t\t\t<input type=\"email\" class=\"form-control\" id=\"Email\" placeholder=\"email@dot.com\" maxlength=\"50\" name=\"email\" value=\"" . $row['email'] . "\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"Birthday\">Birthday</label>\n\t\t\t<input type=\"text\" class=\"form-control\" id=\"Birthday\" placeholder=\"1990-01-01\" name=\"birth\" value=\"" . $row['birthday'] . "\" />\n\t\t</div>\n\t\t\t<input type=\"submit\" name=\"modify\" class=\"btn btn-primary\" value=\"Modify &raquo;\" />\n\t\t</form><br/>";
    } else {
        $u = $mysqli->query("SELECT * FROM `accounts` WHERE `id`='" . $_SESSION['id'] . "'") or die;
        $userz = $u->fetch_assoc();
        $current = mysql_escape($_POST['current']);
        $pass = mysql_escape($_POST['password']);
        $cpass = mysql_escape($_POST['copassword']);
        $email = mysql_escape($_POST['email']);
        $birth = mysql_escape($_POST['birth']);
        if ($current) {
            if ($userz['password'] == hash('sha512', $current . $userz['salt']) || sha1($current) == $userz['password']) {
                if ($pass != $cpass) {
                    echo "<div class=\"alert alert-danger\">Passwords do not match.</div>";
                } else {
                    if (strlen($pass) < 6) {
                        echo "<div class=\"alert alert-danger\">Your password must be between 6 and 12 characters.</div>";
                    } elseif (strlen($pass) > 12) {
                        echo "<div class=\"alert alert-danger\">Your password must be between 6 and 12 characters.</div>";
                    } else {
                        $u = $mysqli->query("UPDATE `accounts` SET `password`='" . sha1($pass) . "',`salt`=NULL WHERE `name`='" . $userz['name'] . "'") or die;
                        echo "<div class=\"alert alert-success\">Your changes have successfully been saved.</div>";
                    }
                }
            } else {
Ejemplo n.º 12
0
function recache_forum($forum)
{
    global $ir, $c, $userid, $h, $db;
    global $db;
    $q = $db->query("SELECT p.*,t.* FROM forum_posts p LEFT JOIN forum_topics t ON p.fp_topic_id=t.ft_id WHERE p.fp_forum_id={$forum} ORDER BY p.fp_time DESC LIMIT 1");
    if (!$db->num_rows($q)) {
        $db->query("update forum_forums set ff_lp_time=0, ff_lp_poster_id=0, ff_lp_poster_name='N/A', ff_lp_t_id=0, ff_lp_t_name='N/A',ff_posts=0, ff_topics=0 where ff_id={$forum}");
    } else {
        $r = $db->fetch_row($q);
        $tn = mysql_escape($r['ft_name']);
        $pn = mysql_escape($r['fp_poster_name']);
        $posts = $db->num_rows($db->query("SELECT fp_id FROM forum_posts WHERE fp_forum_id={$forum}"));
        $topics = $db->num_rows($db->query("SELECT ft_id FROM forum_topics WHERE ft_forum_id={$forum}"));
        $db->query("update forum_forums set ff_lp_time={$r['fp_time']}, ff_lp_poster_id={$r['fp_poster_id']}, ff_lp_poster_name='{$pn}', ff_lp_t_id={$r['ft_id']}, ff_lp_t_name='{$tn}',ff_posts={$posts}, ff_topics={$topics} where ff_id={$forum}");
    }
}
Ejemplo n.º 13
0
function categoryMoveDrag()
{
    global $tableName, $escapedTableName, $isMyAccountMenu;
    if ($isMyAccountMenu) {
        die("Access not permitted for My Account menu!");
    }
    if (!isset($_REQUEST['sourceNum'])) {
        die('sourceNum not set.');
    }
    if (!isset($_REQUEST['targetNum'])) {
        die('targetNum not set.');
    }
    if (!isset($_REQUEST['position'])) {
        die('position not set.');
    }
    $sourceNum = $_REQUEST['sourceNum'];
    $targetNum = $_REQUEST['targetNum'];
    $position = $_REQUEST['position'];
    if (!is_numeric($sourceNum) || !is_numeric($targetNum)) {
        redirectBrowserToURL("?menu={$tableName}", true);
        exit;
    }
    security_dieUnlessPostForm();
    security_dieUnlessInternalReferer();
    security_dieOnInvalidCsrfToken();
    // load categoriesByNum
    $categoriesByNum = array();
    $query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder";
    $result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
    while ($row = mysql_fetch_assoc($result)) {
        $categoriesByNum[$row['num']] = $row;
        $categoriesByNum[$row['num']]['oldSiblingOrder'] = $row['siblingOrder'];
    }
    if (is_resource($result)) {
        mysql_free_result($result);
    }
    // update order
    $parentNum = $position == 'child' ? $targetNum : $categoriesByNum[$targetNum]['parentNum'];
    // Source cannot be made a child of its decendent.
    $currParentNum = $categoriesByNum[$targetNum]['parentNum'];
    while ($currParentNum) {
        if ($currParentNum == $sourceNum) {
            redirectBrowserToURL("?menu={$tableName}", true);
            exit;
        }
        $currParentNum = $categoriesByNum[$currParentNum]['parentNum'];
    }
    $categoriesByNum[$sourceNum]['parentNum'] = $parentNum;
    foreach (array_keys($categoriesByNum) as $num) {
        $category =& $categoriesByNum[$num];
        if ($category['parentNum'] != $parentNum) {
            continue;
        }
        // only modify siblings on branch
        $category['siblingOrder'] = 2 + $category['siblingOrder'] * 2;
        // double space entries
        unset($category);
    }
    //showme($categoriesByNum[$sourceNum]);
    //showme($categoriesByNum[$targetNum]);
    if ($position == 'child') {
        $categoriesByNum[$sourceNum]['siblingOrder'] = 1;
        // if adding as child, default to first sibling
    } else {
        if ($position == 'above') {
            $categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] - 1;
        } else {
            if ($position == 'below') {
                $categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] + 1;
            }
        }
    }
    //showme($categoriesByNum[$sourceNum]);
    //showme($categoriesByNum[$targetNum]);
    // save new sibling order
    foreach ($categoriesByNum as $num => $category) {
        if ($category['oldSiblingOrder'] == $category['siblingOrder']) {
            continue;
        }
        // skip if order didn't change
        $query = "UPDATE `{$escapedTableName}` SET ";
        $query .= "`siblingOrder` = '" . mysql_escape($category['siblingOrder']) . "' ";
        $query .= "WHERE num = '{$category['num']}'";
        //showme($query);
        mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n");
    }
    //exit;
    // save new parent
    $query = "UPDATE `{$escapedTableName}` SET ";
    $query .= "`parentNum` = '" . mysql_escape($parentNum) . "' ";
    $query .= "WHERE num = '{$sourceNum}'";
    mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n");
    // update global order, etc
    updateCategoryMetadataDrag();
    // refresh page
    redirectBrowserToURL("?menu={$tableName}", true);
    exit;
}
Ejemplo n.º 14
0
<?php

if (basename($_SERVER["PHP_SELF"]) == "banner.php") {
    die("403 - Access Forbidden");
}
if ($_SESSION['admin']) {
    if (!isset($_POST['url'])) {
        echo "<h2 class=\"text-left\">Site Banner</h2><hr/>\n\t\t<p>Many sites have a banner at the top of the page to make the website more personalized. There is not a default image size, but you may want to play around with some sizes to see what you like.</p>\n\t\t<p>To upload an image, please go to <a href=\"http://www.imgur.com\">imgur.com</a>, and then enter in the image url below. The URL will look like this: i.imgur.com/abcdefghi.jpg. Of course, you may use any other website to host your image.</p><hr/>\n\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Banner URL</label>\n\t\t\t\t<input type=\"text\" class=\"form-control\" name=\"url\" id=\"inputURL\" placeholder=\"Enter image URL\" value=\"" . $banner . "\">\n\t\t\t</div>\n\t\t\t<hr/>\n\t\t\t<button type=\"submit\" class=\"btn btn-primary\" required>Submit &raquo;</button>\n\t\t</form>\n\t\t";
    } else {
        $url = mysql_escape($_POST["url"]);
        $mysqli->query("UPDATE " . $prefix . "properties SET banner='{$url}'");
        echo "<div class=\"alert alert-success\">Successfully updated banner.</div>";
        redirect_wait5("?base=admin");
    }
} else {
    redirect("?base");
}
Ejemplo n.º 15
0
    if (mysql_affected_rows() == 1) {
        close('恭喜你,添加成功,请等待对方同意');
    } else {
        location('很遗憾请求发送失败,请重新发送', '');
    }
    session_destroy();
    mysql_close();
    exit;
    //必须退出,因为此时的id已经不存在,继续往下执行会会错
}
//开始接收数据
if (isset($_GET['id'])) {
    //如果接收到id,那么开始获取收件人!
    $row = mysql_fetch_array(mysql_query("select username from user where id='{$_GET['id']}'")) or die(mysql_error());
    if (isset($row)) {
        $clean_username = mysql_escape($row['username']);
    } else {
        close('用户名不存在');
    }
} else {
    close('非法操作');
}
?>
<div id="head">
	<h3>添加好友</h3>
</div>
<div id="message">
	<form action="friend.php?action=add" method="post">
	<input  type="hidden" name="touser" value="<?php 
echo $clean_username;
?>
Ejemplo n.º 16
0
function cron_dispatcher()
{
    // runs due or overdue jobs
    // get last cron.php run time
    $cronLastRunTime = $GLOBALS['SETTINGS']['bgtasks_lastRun'];
    $thisCronRunTime = time();
    // call log function if cron jobs exit or die
    register_shutdown_function('cron_logErrorsOnDieOrExit');
    // run cron tasks
    $dispatchedTaskCounter = 0;
    foreach (getCronList() as $cron) {
        //print "DEBUG: Checking... " .$cron['function']. " => " .$cron['expression']. "\n";
        // get last job run time and oldest time to check
        $jobLastLogRecord = mysql_get('_cron_log', null, ' function = "' . mysql_escape($cron['function']) . '" ORDER BY num DESC');
        $jobLastRunTime = strtotime($jobLastLogRecord['createdDate']);
        $oldestTimeToCheck = max($cronLastRunTime, $jobLastRunTime);
        // get most recent valid run time (from now to the last time cron.php ran)
        $lastScheduleRunTime = cronExpression_getLastScheduledTime($cron['expression'], $oldestTimeToCheck, $cronExprParseErrors);
        $skipTask = false;
        if (!$lastScheduleRunTime && !$cronExprParseErrors) {
            $skipTask = true;
        }
        // skip if no scheduled runtime found since last cronrun (and no errors which might have caused that)
        if ($lastScheduleRunTime && $lastScheduleRunTime <= $cronLastRunTime) {
            $skipTask = true;
        }
        // skip if scheduled to run, but not quite yet (if scheduled time is blank then there was an error)
        if ($thisCronRunTime - 60 < $jobLastRunTime) {
            $skipTask = true;
        }
        // don't run jobs more than once a minute
        if ($skipTask) {
            if (!inCLI()) {
                print "Skipping {$cron['activity']}, function: {$cron['function']} (not scheduled to run again yet)\n";
            }
            continue;
        }
        // Add log entry for job
        $hasLock = mysql_get_lock($cron['function']);
        // get a lock for this specific function
        if ($cronExprParseErrors) {
            $summary = $cronExprParseErrors;
        } elseif (!$hasLock) {
            $summary = t('Aborting, task still running from last time.');
        } else {
            $summary = t('Running...');
        }
        $jobLogNum = mysql_insert('_cron_log', array('createdDate=' => 'NOW()', 'function' => $cron['function'], 'activity' => $cron['activity'], 'summary' => $summary, 'completed' => 0));
        // skip if errors parsing cronExpression or getting lock
        if ($cronExprParseErrors || !$hasLock) {
            continue;
        }
        // execute function
        $dispatchedTaskCounter++;
        if (!inCLI()) {
            print "Running {$cron['activity']}, function: {$cron['function']}\n";
        }
        ob_start();
        $startTime = microtime(true);
        $GLOBALS['CRON_JOB_START'] = $startTime;
        // store job num in a global so we can update it after die/exit with cron_logErrorsOnDieOrExit
        $GLOBALS['CRON_JOB_LOG_NUM'] = $jobLogNum;
        // store job num in a global so we can update it after die/exit with cron_logErrorsOnDieOrExit
        $summary = call_user_func($cron['function'], array('note' => 'this $info array is for future use'));
        $GLOBALS['CRON_JOB_LOG_NUM'] = '';
        $endTime = microtime(true);
        $output = ob_get_clean();
        // update job log entry
        mysql_update('_cron_log', $jobLogNum, null, array('completed' => 1, 'summary' => $summary, 'output' => $output, 'runtime' => sprintf("%0.2f", $endTime - $startTime)));
        mysql_release_lock($cron['function']);
    }
    // update lastrun time
    $GLOBALS['SETTINGS']['bgtasks_lastRun'] = time();
    saveSettings();
}
Ejemplo n.º 17
0
<?php 
            echo "\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"Motto\">Motto:</label>\n\t\t\t<input type=\"text\" class=\"form-control\" name=\"motto\" value=\"" . $p['motto'] . "\" id=\"Motto\"/>\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"favJob\">Favorite Job:</label>\n\t\t\t\t<select name=\"favjob\" class=\"form-control\" id=\"favJob\">";
            if (isset($p['favjob'])) {
                echo "<option value=\"" . $p['favjob'] . "\">" . $p['favjob'] . "</option>";
            }
            echo "\t\n\t\t\t\t\t\t\t\t<optgroup label=\"Beginner\">\n\t\t\t\t\t\t\t\t<option value=\"Beginner\">Beginner</option>\n\t\t\t\t\t\t\t\t<option value=\"PermaNoob\">PermaNoob</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Warrior\">\n\t\t\t\t\t\t\t\t<option value=\"Swordman\">Swordman</option>\n\t\t\t\t\t\t\t\t<option value=\"Fighter\">Fighter</option>\n\t\t\t\t\t\t\t\t<option value=\"Spearman\">Spearman</option>\n\t\t\t\t\t\t\t\t<option value=\"Page\">Page</option>\n\t\t\t\t\t\t\t\t<option value=\"Crusader\">Crusader</option>\n\t\t\t\t\t\t\t\t<option value=\"Dragon Knight\">Dragon Knight</option>\n\t\t\t\t\t\t\t\t<option value=\"White Knight\">White Knight</option>\n\t\t\t\t\t\t\t\t<option value=\"Hero\">Hero</option>\n\t\t\t\t\t\t\t\t<option value=\"Dark Knight\">Dark Knight</option>\n\t\t\t\t\t\t\t\t<option value=\"Paladin\">Paladin</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Bowman\">\n\t\t\t\t\t\t\t\t<option value=\"Archer\">Archer</option>\n\t\t\t\t\t\t\t\t<option value=\"Hunter\">Hunter</option>\n\t\t\t\t\t\t\t\t<option value=\"Crossbowman\">Crossbowman</option>\n\t\t\t\t\t\t\t\t<option value=\"Ranger\">Ranger</option>\n\t\t\t\t\t\t\t\t<option value=\"Sniper\">Sniper</option>\n\t\t\t\t\t\t\t\t<option value=\"Bowmaster\">Bowmaster</option>\n\t\t\t\t\t\t\t\t<option value=\"Marksman\">Marksman</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Magician\">\n\t\t\t\t\t\t\t\t<option value=\"Magician\">Magician</option>\n\t\t\t\t\t\t\t\t<option value=\"I/L Wizard\">I/L Wizard</option>\n\t\t\t\t\t\t\t\t<option value=\"F/P Wizard\">F/P Wizard</option>\n\t\t\t\t\t\t\t\t<option value=\"Cleric\">Cleric</option>\n\t\t\t\t\t\t\t\t<option value=\"I/L Mage\">I/L Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"F/P Mage\">F/P Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"Priest\">Priest</option>\n\t\t\t\t\t\t\t\t<option value=\"I/L Arch Mage\">I/L Arch Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"F/P Arch Mage\">F/P Arch Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"Bishop\">Bishop</option>\n\t\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Theif\">\n\t\t\t\t\t\t\t\t<option value=\"Rogue\">Rogue</option>\n\t\t\t\t\t\t\t\t<option value=\"Assassin\">Assassin</option>\n\t\t\t\t\t\t\t\t<option value=\"Bandit\">Bandit</option>\n\t\t\t\t\t\t\t\t<option value=\"Hermit\">Hermit</option>\n\t\t\t\t\t\t\t\t<option value=\"Chief Bandit\">Chief Bandit</option>\n\t\t\t\t\t\t\t\t<option value=\"Night Lord\">Night Lord</option>\n\t\t\t\t\t\t\t\t<option value=\"Shadower\">Shadower</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Pirate\">\n\t\t\t\t\t\t\t\t<option value=\"Pirate\">Pirate</option>\n\t\t\t\t\t\t\t\t<option value=\"Infighter\">Infighter</option>\n\t\t\t\t\t\t\t\t<option value=\"Gunslinger\">Gunslinger</option>\n\t\t\t\t\t\t\t\t<option value=\"Valkyrie\">Valkyrie</option>\n\t\t\t\t\t\t\t\t<option value=\"Buccaneer\">Buccaneer</option>\n\t\t\t\t\t\t\t\t<option value=\"Viper\">Viper</option>\n\t\t\t\t\t\t\t\t<option value=\"Captain\">Captain</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t</select>\n\t\t\t\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label>About Me:</label>\n\t\t\t\t<textarea name=\"text\" style=\"height:200px\" maxlength=\"200\" class=\"form-control\" id=\"textCount\">" . stripslashes($p['text']) . "</textarea>\n\t\t</div>\n\t\t\t<p id=\"counter\"></p>\n\t\t\t<div class=\"alert alert-info\">Please keep in mind that all of this information will be public.</div>\n\t\t\t<input type=\"submit\" name=\"edit\" value=\"Update &raquo;\" class=\"btn btn-primary\"/>\n\t\t\t</form>\n\t\t\t<script type=\"text/javascript\">\n\t\t\t\$('#textCount').keyup(function () {\n\t\t\tvar left = 200 - \$(this).val().length;\n\t\t\t\tif (left < 0) {\n\t\t\t\t\tleft = 0;\n\t\t\t\t}\n\t\t\t\t\$('#counter').text('Characters left: ' + left);\n\t\t\t});\n\t\t\t</script>";
        } else {
            $pname = mysql_escape(isset($_POST['pname']));
            if (isset($_POST['mainchar'])) {
                $mainchar = mysql_escape($_POST['mainchar']);
            } else {
                $mainchar = "";
            }
            $realname = mysql_escape($_POST['realname']);
            $age = mysql_escape($_POST['age']);
            $country = mysql_escape($_POST['country']);
            $motto = mysql_escape($_POST['motto']);
            $favjob = $_POST['favjob'];
            $text = mysql_escape($_POST['text']);
            $u = $mysqli->query("UPDATE `" . $prefix . "profile` SET `mainchar`='" . $mainchar . "',`realname`='" . $realname . "',`age`='" . $age . "',`country`='" . $country . "',`motto`='" . $motto . "',`favjob`='" . $favjob . "',`text`='" . $text . "' WHERE `accountid`='" . $_SESSION['id'] . "'") or die(mysql_error());
            echo "<div class=\"alert alert-success\">Your public profile has been updated<br />";
            echo "Click <a href=\"?base=main&amp;page=members&name=" . $_SESSION['pname'] . "\" class=\"alert-link\">here</a> to go to your profile.</div>";
        }
    }
} else {
    redirect("?base=main");
}
?>
<script>
	CKEDITOR.replace( 'textCount' );
</script>
<?php

if ($_GET['action'] == 'arcade' || $_GET['act'] == 'Arcade' || $_GET['act'] == 'arcade' || $_POST['act'] == 'arcade' || $_POST['act'] == 'acrade' || $_POST['gname']) {
    include "globals.php";
    if ($_POST['game_name']) {
        $_POST['game'] = $_POST['game_name'];
    }
    $_POST['game'] = mysql_escape($_POST['game']);
    $_POST['score'] = abs($_POST['score'] + 0);
    if (!$_POST['score']) {
        $_POST['score'] = 0;
    }
    if ($_POST['gname'] && $_POST['gscore']) {
        $_POST['game'] = mysql_escape($_POST['gname']);
        $_POST['score'] = abs($_POST['gscore'] + 0);
    }
    if ($_POST['game'] && $_POST['score']) {
        $_POST['score'] = abs($_POST['score']);
        $q = $db->query("SELECT * FROM flash2 WHERE file='{$_POST['game']}' LIMIT 1");
        $r = $db->fetch_row($q);
        $q2 = $db->query("SELECT id,startTime FROM flashscores WHERE userid='{$userid}' && gameid={$r['id']} && score=0 ORDER BY id DESC LIMIT 1");
        $r2 = $db->fetch_row($q2);
        $rn = $db->num_rows($q2);
        if (!$rn) {
            $bad = "<center><font color=red>Game session error. <br />This may be caused by having multiple tabs opened on this game, logging into the site halfway through the game, or refreshing the page after your score was submitted.</font></center><br /><br />";
        }
        if (!$bad) {
            $db->query("UPDATE flash2 SET plays=plays+1 WHERE id={$r['id']}");
            if ($dontsendscore != 1) {
                $db->query("UPDATE flashscores SET endTime=unix_timestamp(),score={$_POST['score']},scoreStatus=1 WHERE id={$r2['id']}");
                //update personal bests
function _updateMySQL()
{
    global $TABLE_PREFIX, $schema;
    $escapedTableName = mysql_escape($_REQUEST['tableName']);
    // get current column name and type
    $oldColumnName = $_REQUEST['fieldname'];
    $newColumnName = $_REQUEST['newFieldname'];
    $oldColumnType = getMysqlColumnType($_REQUEST['tableName'], $oldColumnName);
    $newColumnType = getColumnTypeFor($newColumnName, $_REQUEST['type'], @$_REQUEST['customColumnType']);
    // create/alter/remove MySQL columns
    $isOldColumn = $oldColumnType;
    $isNewColumn = $newColumnType != 'none' && $newColumnType != '';
    $doEraseColumn = $isOldColumn && !$isNewColumn;
    $doCreateColumn = !$oldColumnType && $isNewColumn;
    $doAlterColumn = $isOldColumn && $isNewColumn;
    // remove existing index (if any) - always dropping/recreating indexes ensure they match renamed fields, etc
    list($oldIndexName, $oldIndexColList) = getIndexNameAndColumnListForField($oldColumnName, $oldColumnType);
    $indexExists = (bool) mysql_get_query("SHOW INDEX FROM `{$escapedTableName}` WHERE Key_name = '{$oldIndexName}'");
    if ($indexExists) {
        mysql_query("DROP INDEX `{$oldIndexName}` ON `{$escapedTableName}`") or die("Error dropping index `{$newIndexName}`:" . htmlencode(mysql_error()));
    }
    // update table: create, alter, or erase field
    if ($doCreateColumn) {
        // create field
        $query = "ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n                              ADD COLUMN  `" . mysql_escape($newColumnName) . "` {$newColumnType}";
        $result = mysql_query($query) or die("There was an error creating the MySQL Column, the error was:\n\n" . mysql_error());
    } else {
        if ($doAlterColumn) {
            // change field type
            $result = mysql_query("ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n                         CHANGE COLUMN `" . mysql_escape($oldColumnName) . "`\n                                       `" . mysql_escape($newColumnName) . "` {$newColumnType}") or die("There was an error changing the MySQL Column, the error was:\n\n" . mysql_error() . "\n");
        } else {
            if ($doEraseColumn) {
                // erase mysql field
                $query = "ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n               DROP COLUMN `" . mysql_escape($oldColumnName) . "`";
                $result = mysql_query($query) or die("There was an error removing the MySQL Column, the error was:\n\n" . mysql_error() . "\n");
            }
        }
    }
    // add/re-create index if required
    if (@$_REQUEST['indexed']) {
        list($newIndexName, $newIndexColList) = getIndexNameAndColumnListForField($newColumnName, $newColumnType);
        $result = mysql_query("CREATE INDEX `{$newIndexName}` ON `{$escapedTableName}` {$newIndexColList}") or die("Error creating index `{$newIndexName}`:" . htmlencode(mysql_error()));
    }
    // update uploads table (rename upload field if it was changed)
    $uploadFieldRenamed = $_REQUEST['type'] == 'upload' && $oldColumnName && $oldColumnName != $newColumnName;
    if ($uploadFieldRenamed) {
        $tableNameWithoutPrefix = getTableNameWithoutPrefix($_REQUEST['tableName']);
        $query = "UPDATE `{$TABLE_PREFIX}uploads`";
        $query .= "   SET fieldName='" . mysql_escape($newColumnName) . "'";
        $query .= " WHERE fieldName='" . mysql_escape($oldColumnName) . "' AND";
        $query .= "       tableName='" . mysql_escape($tableNameWithoutPrefix) . "'";
        mysql_query($query) or die("There was an error updating the uploads database:\n\n" . htmlencode(mysql_error()) . "\n");
    }
}
function forgotPassword()
{
    global $SETTINGS, $TABLE_PREFIX, $PROGRAM_DIR;
    $GLOBALS['sentEmail'] = false;
    // Lookup username or email
    if (@$_REQUEST['usernameOrEmail']) {
        security_dieUnlessPostForm();
        security_dieUnlessInternalReferer();
        security_dieOnInvalidCsrfToken();
        disableInDemoMode('', 'forgotPassword.php', false);
        // send emails
        $escapedNameOrEmail = mysql_escape($_REQUEST['usernameOrEmail']);
        $matchingUsers = mysql_select('accounts', "'{$escapedNameOrEmail}' IN(`username`,`email`)");
        foreach ($matchingUsers as $user) {
            // get reset url
            $resetBaseUrl = array_value(explode('?', thisPageUrl()), 0);
            $resetCode = _generatePasswordResetCode($user['num']);
            $resetUrl = "{$resetBaseUrl}?menu=resetPassword&userNum=" . $user['num'] . "&resetCode={$resetCode}";
            // send message - v2.50 switched to emailTemplate_loadFromDB()
            $emailHeaders = emailTemplate_loadFromDB(array('template_id' => 'CMS-PASSWORD-RESET', 'placeholders' => array('user.num' => $user['num'], 'user.email' => $user['email'], 'resetUrl' => $resetUrl)));
            $errors = sendMessage($emailHeaders);
            if ($errors) {
                alert("Mail Error: " . nl2br($errors));
            }
            //
            $GLOBALS['sentEmail'] = true;
        }
    }
    // display errors
    if (array_key_exists('usernameOrEmail', $_REQUEST) && @$_REQUEST['usernameOrEmail'] == '') {
        alert(t("No username or email specified!"));
    }
    if (@$_REQUEST['usernameOrEmail'] && !$GLOBALS['sentEmail']) {
        alert(t("No matching username or email was found!"));
    }
    //
    showInterface('forgotPassword.php', false);
    exit;
}
     print "Answer Editted.<br /><br /><a href=questions.php>&gt;Back</a>";
 } else {
     if ($_GET['act'] == 'delete') {
         $w = $db->query("SELECT * FROM questions WHERE Qid={$_GET['id']} LIMIT 1");
         $a = $db->fetch_row($w);
         $a['Qquest'] = stripslashes($a['Qquest']);
         print "<form action='' method='post'>\n\t\t<b>Are you sure you want to delete this question?</b><br />{$a['Qquest']}<br /><br />\n\t\t<a href=questions.php?id={$a['Qid']}&act=delete2>Yes</a> | <a href=questions.php>No</a>";
     } else {
         if ($_GET['act'] == 'delete2') {
             $db->query("DELETE FROM questions WHERE Qid={$_GET['id']}");
             print "Question Deleted.<br /><br /><a href=questions.php>&gt;Back</a>";
         } else {
             if ($_GET['act'] == '') {
                 print "<a href=questions.php?t=wait>Waiting for answer</a> | <a href=questions.php?t=redir>Redirected</a> | <a href=questions.php?t=answer>Answered</a><br /><br />";
             }
             $_GET['t'] = mysql_escape($_GET['t']);
             if ($_GET['t'] == "redir") {
                 print "<b>Questions redirected...</b><br /><table border=1>\n\t\t\t<tr><th>#</th><th>Question</th><th>Redirect #</th><th>Redirect Question</th><th>ACTIONS</th></tr>";
                 $w = $db->query("SELECT * FROM questions WHERE Qredirect>0 ORDER BY Qid ASC");
                 while ($a = $db->fetch_row($w)) {
                     $w2 = $db->query("SELECT * FROM questions WHERE Qid={$a['Qredirect']} LIMIT 1");
                     $a2 = $db->fetch_row($w2);
                     $a['Qquest'] = stripslashes($a['Qquest']);
                     print "<tr><td><center>{$a['Qid']}</center></td><td>{$a['Qquest']}</td><td><center>{$a2['Qid']}</center></td>\n\t\t\t\t<td>{$a2['Qquest']}</td><td>&gt;<a href=questions.php?id={$a['Qid']}&act=answer>Answer</a><br />&gt;<a href=questions.php?id={$a['Qid']}&act=redirect>Edit Redir</a><br />&gt;<a href=questions.php?id={$a['Qid']}&act=edit>Edit Q</a><br />&gt;<a href=questions.php?id={$a['Qid']}&act=delete>Delete</a><br /></td></tr>";
                 }
             } else {
                 if ($_GET['t'] == "answer") {
                     print "<b>Questions waiting for an answer...</b><br /><table border=1>\n\t\t\t<tr><th>#</th><th>Question</th><th>Answer</th><th>From User</th><th>ACTIONS</th></tr>";
                     $w = $db->query("SELECT * FROM questions WHERE Qanswer!='' ORDER BY Qid ASC");
                     while ($a = $db->fetch_row($w)) {
                         if (!$a['Qanswer']) {
function _upgradeToVersion1_10_accessLevels()
{
    global $TABLE_PREFIX;
    // error checking (check upgrade files were uploaded)
    $errors = '';
    $accessListSchema = loadSchema("_accesslist");
    $accountsSchema = loadSchema("accounts");
    if (empty($accessListSchema)) {
        $errors .= "Error: You must upload the latest /data/schema/_accesslist.ini.php before upgrading!<br/>\n";
    }
    if ($errors) {
        die($errors);
    }
    // check if already upraded
    $result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts` LIMIT 0,1") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
    $record = mysql_fetch_assoc($result);
    if (!$record || !array_key_exists('tableAccessList', $record)) {
        return;
    }
    // create new access table
    $query = "CREATE TABLE IF NOT EXISTS `{$TABLE_PREFIX}_accesslist` (\n    `userNum`      int(10) unsigned NOT NULL,\n    `tableName`    varchar(255) NOT NULL,\n    `accessLevel`  tinyint(3) unsigned NOT NULL,\n    `maxRecords`   int(10) unsigned default NULL,\n    `randomSaveId` varchar(255) NOT NULL\n  ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
    mysql_query($query) || die("Error creating new access table.<br/>\n MySQL error was: " . htmlencode(mysql_error()) . "\n");
    // create accessList field
    if (!@$accountsSchema['accessList']) {
        $accountsSchema['accessList'] = array('type' => 'accessList', 'label' => "Section Access", 'isSystemField' => '1', 'order' => 20);
        createMissingSchemaTablesAndFields();
        // create missing fields
        clearAlertsAndNotices();
        // don't show "created table/field" alerts
    }
    // drop tableAccessList
    if (@$accountsSchema['tableAccessList']) {
        unset($accountsSchema['tableAccessList']);
        saveSchema('accounts', $accountsSchema);
    }
    ### upgrade access levels
    $schemaTables = getSchemaTables();
    $schemaTables[] = "all";
    $result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts`") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
    while ($record = mysql_fetch_assoc($result)) {
        if (!array_key_exists('tableAccessList', $record)) {
            die(__FUNCTION__ . ": Couldn't load field 'tableAccessList'!");
        }
        // convert section access to new format
        $tableNames = array();
        $tableNames['all'] = 1;
        // default all to "By Section" access
        foreach ($schemaTables as $tableName) {
            $adminAccess = preg_match("/\\b{$tableName}\\b/i", $record['tableAccessList']);
            if ($adminAccess) {
                $tableNames[$tableName] = '9';
            }
        }
        // foreach table - add to insert query
        $insertRows = '';
        $fieldNames = "userNum, tableName, accessLevel, maxRecords, randomSaveId";
        $foundAll = false;
        foreach ($tableNames as $tableName => $accessLevel) {
            if ($insertRows) {
                $insertRows .= ",\n";
            }
            $escapedUserNum = mysql_escape($record['num']);
            $escapedTableName = mysql_escape($tableName);
            $maxRecords = "NULL";
            $escapedSaveId = mysql_escape(uniqid('', true));
            $insertRows .= "('{$escapedUserNum}', '{$escapedTableName}', '{$accessLevel}', {$maxRecords}, '{$escapedSaveId}')";
        }
        // add all
        $insertQuery = "INSERT INTO `{$TABLE_PREFIX}_accesslist` ({$fieldNames}) VALUES {$insertRows};";
        // insert new access rights
        if ($insertRows) {
            mysql_query($insertQuery) or die("MySQL Error Inserting New Access Rights: " . htmlencode(mysql_error()) . "\n");
        }
    }
    // drop tableAccessList
    $query = "ALTER TABLE `{$TABLE_PREFIX}accounts` DROP COLUMN `tableAccessList`;";
    mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
}
Ejemplo n.º 23
0
<?php

// MySQL settings
$c['mysql_address'] = 'localhost';
$c['mysql_port'] = '3306';
$c['mysql_username'] = '******';
$c['mysql_password'] = '';
$c['mysql_db'] = 'releases';
$c['mysql_conn'] = mysql_conn($c['mysql_address'], $c['mysql_username'], $c['mysql_password'], $c['mysql_db']);
$sql = "SELECT nfo FROM nfos WHERE releaseid = '" . mysql_escape($_GET['id']) . "' AND timeout >= " . time() . "";
$nfo = sql_single($sql);
if ($nfo == null) {
    die;
}
print_nfo(base64_decode($nfo));
function mysql_conn($host, $user, $pass, $db)
{
    $conn = mysql_connect($host, $user, $pass);
    if (!$conn) {
        die('Unable to connect mysql server: ' . mysql_error());
    }
    if (!mysql_select_db($db, $conn)) {
        die('Unable to select database: ' . mysql_error());
    }
    return $conn;
}
function sql_single($sql)
{
    $results = mysql_query($sql);
    $x = 0;
    while ($row = mysql_fetch_array($results)) {
Ejemplo n.º 24
0
function _updateDateCalendar($fieldname)
{
    global $TABLE_PREFIX, $tableName;
    $calendarTable = $TABLE_PREFIX . "_datecalendar";
    // call ONCE per field
    static $calledFor = array();
    if (@$calledFor[$fieldname]++) {
        return;
    }
    // check if table exists
    static $tableExists = false;
    if (!$tableExists) {
        $result = mysql_query("SHOW TABLES LIKE '{$calendarTable}'") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
        $tableExists = @mysql_result($result, 0);
        if (is_resource($result)) {
            mysql_free_result($result);
        }
    }
    // create table if it doesn't exists
    if (!$tableExists) {
        $createSql = "CREATE TABLE  `{$calendarTable}` (\n                  `num` int(10) unsigned NOT NULL auto_increment,\n                  `tableName` varchar(255) NOT NULL,\n                  `fieldName` varchar(255) NOT NULL,\n                  `recordNum` varchar(255) NOT NULL,\n                  `date`      date,\n                  PRIMARY KEY  (`num`)\n                ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
        mysql_query($createSql) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
    }
    // build queries
    $eraseDatesAsCSV = "0";
    $insertValues = '';
    $recordNum = (int) $_REQUEST['num'];
    foreach (array_keys($_REQUEST) as $formFieldname) {
        if (!preg_match("/^{$fieldname}:/", $formFieldname)) {
            continue;
        }
        list(, $dateString) = explode(":", $formFieldname);
        if (!$dateString) {
            continue;
        }
        if ($_REQUEST[$formFieldname]) {
            if ($insertValues) {
                $insertValues .= ",\n";
            }
            $insertValues .= "('{$tableName}','{$fieldname}','{$recordNum}','{$dateString}')";
        } else {
            $eraseDatesAsCSV .= ",'" . (int) $dateString . "'";
        }
    }
    // remove dates
    $deleteQuery = "DELETE FROM `{$calendarTable}` ";
    $deleteQuery .= "WHERE `tablename` = '{$tableName}' ";
    $deleteQuery .= "  AND `fieldname` = '{$fieldname}' ";
    $deleteQuery .= "  AND `recordNum` = '" . mysql_escape($_REQUEST['num']) . "' ";
    $deleteQuery .= "  AND `date` IN ({$eraseDatesAsCSV})";
    mysql_query($deleteQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
    // add dates
    if ($insertValues) {
        $insertQuery = "INSERT INTO `{$calendarTable}` (`tableName`,`fieldName`,`recordNum`,`date`) VALUES {$insertValues}";
        mysql_query($insertQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
    }
}
Ejemplo n.º 25
0
    }
}
//开始获取system表的数据,如果存在数据
if (!!($row = mysql_fetch_array(mysql_query("select * from system where id=1"), MYSQL_ASSOC))) {
    $_html = array();
    $_html['webname'] = $row['web_name'];
    $_html['article'] = $row['article_page'];
    $_html['blog'] = $row['blog_page'];
    $_html['photo'] = $row['photo_page'];
    $_html['skin'] = $row['skin'];
    $_html['string'] = $row['no_string'];
    $_html['post'] = $row['post_time'];
    $_html['re'] = $row['re_time'];
    $_html['code'] = $row['code'];
    $_html['register'] = $row['register'];
    $_html = mysql_escape($_html);
    //文章
    if ($_html['article'] == 10) {
        $_html['article_html'] = '<select name="article"><option value="10" selected="selected">每页10篇</option><option value="12">每页12篇</option></select>';
    } elseif ($_html['article'] == 12) {
        $_html['article_html'] = '<select name="article"><option value="10">每页10篇</option><option value="12" selected="selected">每页12篇</option></select>';
    }
    //博友
    if ($_html['blog'] == 15) {
        $_html['blog_html'] = '<select name="blog"><option value="15" selected="selected">每页15人</option><option value="20">每页20人</option></select>';
    } elseif ($_html['blog'] == 20) {
        $_html['blog_html'] = '<select name="blog"><option value="15">每页15人</option><option value="20" selected="selected">每页20人</option></select>';
    }
    //相册
    if ($_html['photo'] == 6) {
        $_html['photo_html'] = '<select name="photo"><option value="6" selected="selected">每页6张</option><option value="9">每页9张</option></select>';
Ejemplo n.º 26
0
             }
         }
     }
     echo "\n\t\t";
 } elseif ($_GET['action'] == "edit") {
     echo "\n\t\t\t<h2 class=\"text-left\">Edit a News Article</h2><hr/>";
     if (isset($_GET['id'])) {
         $id = $mysqli->real_escape_string($_GET['id']);
         $gn = $mysqli->query("SELECT * FROM " . $prefix . "news WHERE id='" . $id . "'") or die;
         $n = $gn->fetch_assoc();
         if (!isset($_POST['edit'])) {
             echo "\n\t\t\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"title\">Title</label>\n\t\t\t\t<input type=\"text\" name=\"title\" class=\"form-control\" id=\"title\" placeholder=\"Title\" value=\"" . $n['title'] . "\" required/>\n\t\t\t</div>\n\t\t\t\t<b>Author:</b> " . $n['author'] . "<br/>\n\t\t\t\t<div class=\"form-group\">\n\t\t\t\t\t<label for=\"category\">Category</label>\n\t\t\t\t\t<select name=\"cat\" class=\"form-control\">\n\t\t\t\t\t\t<option value=\"ct_news_notice_notice\">Notice</option>\n\t\t\t\t\t\t<option value=\"ct_news_gameup\">Game Up</option>\n\t\t\t\t\t</select>\n\t\t\t\t</div>\n\t\t\t\t<textarea name=\"content\" style=\"height:300px;\" class=\"form-control\" id=\"content\">" . stripslashes($n['content']) . "</textarea><br/>\n\t\t\t\t<input type=\"submit\" name=\"edit\" class=\"btn btn-primary\" value=\"Edit News Article &raquo;\" />\t\t\n\t\t\t</form>";
         } else {
             $title = mysql_escape($_POST['title']);
             $cat = mysql_escape($_POST['cat']);
             $content = mysql_escape($_POST['content']);
             if ($title == "") {
                 echo "<div class=\"alert alert-danger\">You must enter a title.</div><hr/><button onclick=\"goBack()\" class=\"btn btn-primary\">&laquo; Go Back</button>";
             } elseif (empty($cat)) {
                 echo "<div class=\"alert alert-danger\">You must select a category.</div><hr/><button onclick=\"goBack()\" class=\"btn btn-primary\">&laquo; Go Back</button>";
             } elseif (strlen($content) < 10) {
                 echo "<div class=\"alert alert-danger\">You must enter some content.</div><hr/><button onclick=\"goBack()\" class=\"btn btn-primary\">&laquo; Go Back</button>";
             } else {
                 $u = $mysqli->query("UPDATE " . $prefix . "news SET title='" . $title . "', type='" . $cat . "', content='" . $content . "' WHERE id='" . $id . "'") or die;
                 echo "<div class=\"alert alert-success\"><b>" . stripslashes($n['title']) . "</b> has been updated.</div>";
             }
         }
     } else {
         $gn = $mysqli->query("SELECT * FROM " . $prefix . "news ORDER BY id DESC") or die;
         $cgn = $gn->num_rows;
         if ($cgn > 0) {
function mysql_getMysqlSetValues($columnsToValues)
{
    $mysqlSet = '';
    if (is_array($columnsToValues)) {
        foreach ($columnsToValues as $column => $value) {
            list($column, $dontEscapeValue) = extractSuffixChar($column, '=');
            if (!preg_match('/^([\\w\\-]+)$/i', $column)) {
                die(__FUNCTION__ . ": Invalid column name '" . htmlencode($column) . "', contains disallowed chars!");
            }
            // error checking: whitelist column chars to prevent sql injection
            if ($dontEscapeValue) {
                $mysqlSet .= "`{$column}` = {$value}, ";
            } else {
                $mysqlSet .= "`{$column}` = '" . mysql_escape($value) . "', ";
            }
        }
    }
    //
    $mysqlSet = chop($mysqlSet, ', ');
    return $mysqlSet;
}
Ejemplo n.º 28
0
function delepost()
{
    global $ir, $c, $userid, $h, $bbc, $db;
    global $db;
    if ($ir['user_level'] < 2) {
        die("");
    }
    $q3 = $db->query("SELECT * FROM forum_posts WHERE fp_id={$_GET['post']}");
    $post = $db->fetch_row($q3);
    $q = $db->query("SELECT * FROM forum_topics WHERE ft_id={$post['fp_topic_id']}");
    $topic = $db->fetch_row($q);
    $u = mysql_escape($post['fp_poster_name']);
    $db->query("DELETE FROM forum_posts WHERE fp_id={$post['fp_id']}");
    print "Post deleted...<br />";
    recache_topic($post['fp_topic_id']);
    recache_forum($post['fp_forum_id']);
    stafflog_add("Deleted post ({$post['fp_subject']}) in {$topic['ft_name']}");
}
Ejemplo n.º 29
0
 /**
  * 活动列表
  */
 function action_list()
 {
     $table = self::$table;
     $table_alias = 'a';
     $join = ' inner join et_user as u on u.id = a.uid ';
     if (empty($table_alias)) {
         throw new ErrorException("table is not defined");
     }
     //$request = http_request("rows","page","sidx","sord");
     $request = PtLib\http_request("verify", "production_status", "ship_status", "uid", "rows", "page", "sidx", "sord", "activity_id", "activity_name", "username", "mobile", 'startDate', 'endDate', 'pass', 'status', 'success');
     $limit = $request['rows'];
     $page = $request['page'];
     $sort = $request['sidx'];
     $sort_type = $request['sord'];
     $username = $request['username'];
     //fields
     $select_fields = " a.production_status,a.ship_status,a.status,a.verify,a.id,a.name,a.uid,a.sale_count,a.sale_target,a.sale_total,a.start_time,a.sale_profit,a.end_time,a.period,a.thumb_svg_url,a.thumb_img_url";
     //where
     $args = array();
     if (empty($limit)) {
         $limit = 20;
     }
     if (empty($page)) {
         $page = 1;
     }
     if (empty($sort)) {
         $sort = "id";
         $sort_type = "desc";
     } else {
         if (empty($sort_type)) {
             $sort_type = "desc";
         }
     }
     $where = " where 1=1 ";
     $args = array();
     if ($request['uid']) {
         $where .= 'and a.uid = ? ';
         $args[] = $request['uid'];
     }
     if ($request['verify'] === "0" || $request['verify'] > 0) {
         $where .= 'and a.verify = ? ';
         $args[] = $request['verify'];
     }
     if ($request['status'] === "0" || $request['status'] > 0) {
         if ($request['status'] == 1) {
             //进行中
             $where .= 'and a.start_time < now() and now() < a.end_time and a.status = 1';
         }
         if ($request['status'] == 10) {
             //结束
             $where .= 'and now() > a.end_time and a.status > 0';
         }
         if ($request['status'] == 0) {
             //草稿
             $where = 'and a.status = 0 ';
         }
         if ($request['status'] == 2) {
             //失败的
             $where = 'and a.status = 2 ';
         }
         if ($request['status'] == 3) {
             //成功的
             $where = 'and a.status = 3 ';
         }
     }
     if ($request['activity_id']) {
         $where .= " and a.id = ? ";
         $args[] = $request['activity_id'];
     }
     if ($request['activity_name']) {
         $where .= " and a.name like '%" . mysql_escape($request['activity_name']) . "%' ";
     }
     //order
     $order = "";
     if ($sort) {
         $order = "order by a." . addslashes($sort) . " " . $sort_type;
     }
     $sql = "select count(a.id) as total from {$table} as a {$join} {$where} ";
     //$count_res = db()->select_row($sql,$args);
     $count_res = PtLib\db()->select_row($sql, $args);
     $records = $count_res['total'];
     $response = new stdClass();
     $response->page = $page;
     //cur page
     if ($records > 0) {
         $total_pages = ceil($records / $limit);
     } else {
         $total_pages = 1;
     }
     if ($page > $total_pages) {
         $page = $total_pages;
     }
     $response->total = $total_pages;
     //total pages
     $response->records = $records;
     //count
     $skip = ($page - 1) * $limit;
     $sql = "select {$select_fields} from {$table} as a {$join} {$where} {$order} limit {$skip},{$limit} ";
     //$rows = db()->select_rows($sql,$args);
     $rows = PtLib\db()->select_rows($sql, $args);
     foreach ($rows as $row) {
         $response->rows[] = array('id' => $row['id'], "cell" => $row);
     }
     return $response;
 }
Ejemplo n.º 30
0
        //把阅读量增一
        mysql_query("update article set read_count =read_count + 1 where id='{$_GET['id']}'");
        $clean = array();
        $clean['article_id'] = mysql_escape($row['id']);
        $clean['uername'] = mysql_escape($row['username']);
        $clean['title'] = mysql_escape($row['title']);
        $clean['type'] = mysql_escape($row['type']);
        $clean['content'] = ubb(mysql_escape($row['content']));
        $clean['read_count'] = mysql_escape($row['read_count']);
        $clean['comment_count'] = mysql_escape($row['comment_count']);
        $clean['date'] = mysql_escape($row['date']);
        $clean['member_id'] = mysql_escape($menber['id']);
        $clean['sex'] = mysql_escape($menber['sex']);
        $clean['face'] = mysql_escape($menber['face']);
        $clean['url'] = mysql_escape($menber['url']);
        $clean['email'] = mysql_escape($menber['email']);
    } else {
        alert('此短信不存在');
    }
} else {
    alert('非法操作');
    exit;
}
//引入header.php头文件
require dirname(__FILE__) . '/includes/header.inc.php';
?>
<div id="article">
	<h2>帖子详情</h2>
	<div id="subject">
	
		<dl>