$u_status = "";
$t_name = EncodeHTMLTag($_GET["t_name"]);
$msg = EncodeHTMLTag($_GET["msg"]);
// GET status message
$orderby = "`order`";
$orderseq = "asc";
$page = 1;
$record_per_page = 10;
// records display each page
if (isset($_GET["page"])) {
$page = $_GET["page"] | 0;
}
if (isset($_GET["orderby"])) {
$orderby = EncodeHTMLTag($_GET["orderby"]);
}
if (isset($_GET["seq"])) {
$orderseq = EncodeHTMLTag($_GET["seq"]);
}
$search_arr = array("t_name" => $t_name);
$sort_arr = array("orderby" => $orderby, "seq" => $orderseq);
$class_arr = array("", "small border=0 cellpadding=0 cellspacing=0", "", "\"\" style=\"padding-left:2px;padding-right:2px;\"");
$get_sql = "Select * FROM tbl_link";
if ($t_name != "") {
$get_sql .= " WHERE link_name LIKE '%" . $t_name . "%'";
}
$get_result = mysql_query($get_sql, $link_id);
$total_record = mysql_num_rows($get_result);
$offset = $record_per_page * ($page - 1);
$total_page = ceil($total_record / $record_per_page);
$get_result = mysql_query($get_sql . " limit {$offset},{$record_per_page};", $link_id);
mysql_close();
$year = 0;
$sql_date = "NULL";
$date_year = $_POST[date_year] | 0;
$date_month = $_POST[date_month] | 0;
$date_day = $_POST[date_day] | 0;
if ($date_day > 0 && $date_day <= 31 && $date_month > 0 && $date_month <= 12 && $date_year >= 1990) {
$sql_date = "'{$date_year}-{$date_month}-{$date_day}'";
if ($date_month >= 9) {
$year = $date_year;
} else {
$year = $date_year - 1;
}
}
$id = $_POST[id] | 0;
$name = EncodeHTMLTag($_POST['name']);
$desc = EncodeHTMLTag($_POST['desc']);
$participant = addslashes($_POST['participant']);
$class_year = $_POST[class_year] | 0;
$type_id = $_POST[type_id] | 0;
// Insert new data
if ($id != 0) {
$update_sql = "UPDATE `tbl_movie` SET\r\n\t\t`name` = '{$name}' ,\r\n\t\t`date` = {$sql_date} ,\r\n\t\t`year` = {$year} ,\r\n\t\t`description` = '{$desc}' ,\r\n\t\t`modified_by` = '" . $_SESSION["plk_admin_user_name"] . "' ,\r\n\t\t`modified_date` = now() ,\r\n\t\t`type_id` = {$type_id} ,\r\n\t\t`class_year` = {$class_year}\r\n\tWHERE id = '{$id}' ";
mysql_query("set names utf8");
$run_status = mysql_query($update_sql);
if (!$run_status) {
$msg = str_replace(" ", "+", "tο~: " . mysql_error($link_id));
} else {
$msg = "Record has been updated successfully.";
}
mysql_close();
//header("Location:activity.php?msg=$msg&t_name=".$name."&type_id=".$type_id);
<?php
// admin checking
require_once "../../php-bin/admin_check.php";
// access control checking
require_once "z_access_control.php";
// Connect Database
require_once "../../php-bin/function.php";
// function for resize photo
require_once "../../php-bin/lib_img_resize.php";
$sub_content_ID = $_POST['sub_content_id'] | 0;
$item_ID = $_POST['item_id'] | 0;
$item_Title = EncodeHTMLTag($_POST['item_title']);
$item_Order = $_POST['item_order'] | 0;
$item_Html = str_replace("'", "'", $_POST['elm1']);
$file_name = "";
$item_Day = $_POST['item_day'] | 0;
$item_Month = $_POST['item_month'] | 0;
$item_Year = $_POST['item_year'] | 0;
/*
if( $item_Title=='' )
{
header("Location: w_sub_content_item_update.php?id=".$item_ID);
exit();
}
*/
$item_sql = " SELECT * FROM tbl_web_sub_content_item WHERE `web_sub_content_item_id`=" . $item_ID;
$item_result = mysql_query($item_sql, $link_id);
$item_obj = mysql_fetch_object($item_result);
//////////////////////////////////////////////////////////////////////////////////////////////////////
/* Start Upload Photo */
<?php
header("Content-Type:text/html;charset=utf-8");
require_once "../../admin.inc.php";
// access control checking
//require_once("z_access_control.php");
// Selection
require_once "../../php-bin/function.php";
require_once "../../php-bin/pagedisplay.php";
$msg = "";
$u_name = "";
$u_type = "";
$u_status = "";
$t_name = EncodeHTMLTag($_GET["t_name"]);
$msg = EncodeHTMLTag($_GET["msg"]);
// GET status message
$orderby = "`order`";
$orderseq = "asc";
$page = 1;
$record_per_page = 15;
// records display each page
if (isset($_GET["page"])) {
$page = $_GET["page"] | 0;
}
if (isset($_GET["orderby"])) {
$orderby = addslashes($_GET["orderby"]);
}
if (isset($_GET["seq"])) {
$orderseq = addslashes($_GET["seq"]);
}
$search_arr = array("t_name" => $t_name);
$u_email = EncodeHTMLTag($_POST["u_email"]);
$u_intro = EncodeHTMLTag($_POST["u_intro"]);
$u_id = EncodeHTMLTag($_POST['u_name']);
//$u_pw = EncodeHTMLTag($_POST["u_pw"]);
$u_pw_sql = "";
if (EncodeHTMLTag($_POST["u_pw"]) != "") {
$u_pw_sql = " `password` = '" . md5($_POST["u_pw"]) . "' , ";
}
$subject = EncodeHTMLTag($_POST["subject"]);
$show = "N";
if ($_POST[show] == "Y") {
$show = "Y";
}
$order = $_POST["order"] | 0;
$duty_admin = EncodeHTMLTag($_POST["duty_admin"]);
$duty_teach = EncodeHTMLTag($_POST["duty_teach"]);
$got_degree = $_POST["got_degree"] | 0;
$take_train = $_POST["take_train"] | 0;
$pass_english_test = $_POST["pass_english_test"] | 0;
$pass_putonghua_test = $_POST["pass_putonghua_test"] | 0;
$year_experience = $_POST["year_experience"] | 0;
$type_id = $_POST["type_id"] | 0;
$update_sql = "UPDATE `tbl_teacher` SET\r\n`teacher_name`='{$u_name}', `teacher_email`='{$u_email}', `teacher_intro`='{$u_intro}', `teacher_login`='{$u_id}', " . $u_pw_sql . " \r\n `subject`='{$subject}', `show`='{$show}', `order`='{$order}', `duty_admin`='{$duty_admin}', `duty_teach`='{$duty_teach}', `got_degree`='{$got_degree}', `take_train`='{$take_train}',\r\n `pass_english_test`='{$pass_english_test}', `pass_putonghua_test`='{$pass_putonghua_test}', `year_experience`='{$year_experience}', `type_id`='{$type_id}' \r\nWHERE `teacher_id`=" . $u_teacher_id;
$run_status = mysql_query($update_sql, $link_id);
if (!$run_status) {
$msg = str_replace(" ", "+", "tο~: " . mysql_error($link_id));
} else {
// update access control - start
$update_access_control_sql = "UPDATE `tbl_access_control` SET\r\n access_teacher={$access_teacher}, access_student={$access_student}, access_class={$access_class},\r\n access_activity={$access_activity}, access_calendar={$access_calendar}, access_news={$access_news}, access_outside={$access_outside},\r\n access_file={$access_file}, access_match={$access_match}, access_topmark={$access_topmark}, access_content={$access_content}, access_headmaster={$access_headmaster}, access_calendar_2={$access_calendar_2}, access_assignment={$access_assignment} , access_calendar_s={$access_calendar_s}, access_calendar_h={$access_calendar_h}, access_calendar_p={$access_calendar_p} \r\n\tWHERE teacher_id=" . $u_teacher_id;
$access_status = mysql_query($update_access_control_sql, $link_id);
// update access control - end
<?php
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once '../../admin.inc.php';
// Connect Database
require_once "../../php-bin/function.php";
// access control checking
require_once "z_access_control.php";
$type = $_GET['n_type'] | 0;
$year = $_GET['n_year'] | 0;
$month = $_GET['n_month'] | 0;
$title = EncodeHTMLTag($_GET['n_title']);
$serial = EncodeHTMLTag($_GET['n_serial']);
$msg = EncodeHTMLTag($_GET['msg']);
$search_SQL = " SELECT * FROM \r\n\ttbl_chancellor where file_type_id=9 ";
$search_Result = mysql_query($search_SQL, $link_id);
if (!$search_Result) {
$msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id));
}
//************** Paging System - Start ************/
$Paging_Size = 10;
// how many record per page.
$Paging_Width = 10;
//
$Paging_RecordCount = mysql_num_rows($search_Result);
// include
include_once "../../php-bin/lib_paging.php";
//************** Paging System - End ************/
?>
<html>
<?php
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once '../../admin.inc.php';
// Connect Database
require_once "../../php-bin/function.php";
$submit_type = $_POST['submit_type'] | 0;
$type_id = $_POST['type_id'] | 0;
$type_order = $_POST['type_order'] | 0;
$type_name = EncodeHTMLTag($_POST['type_name']);
$msg = "";
if ($submit_type == 0) {
$sql = 'INSERT INTO `tbl_chancellor_type` ( `type_name`, `type_order` ) VALUES ( "' . $type_name . '", ' . $type_order . ' )';
if (mysql_query($sql, $link_id)) {
$msg = "增加分類完成";
} else {
$msg = str_replace(" ", "+", "失敗: " . mysql_error($link_id));
}
} else {
if ($submit_type == 1) {
$sql = " UPDATE `tbl_chancellor_type` SET type_name='" . $type_name . "' , type_order=" . $type_order . " WHERE type_id=" . $type_id;
if (mysql_query($sql, $link_id)) {
$msg = "更新分類完成";
} else {
$msg = str_replace(" ", "+", "失敗: " . mysql_error($link_id));
}
} else {
$sql = " DELETE FROM tbl_chancellor_type WHERE type_id = " . $type_id;
if (mysql_query($sql, $link_id)) {
$msg = "刪除分類完成";
//$match_Orderby = '';
//$match_Sequence = '';
if ($_GET['m_match_name'] != '') {
$match_Name = EncodeHTMLTag($_GET['m_match_name']);
//$queryText .= '&m_match_name='. $_GET['m_match_name'];
}
if ($_GET['m_year'] != '') {
$match_Year = $_GET['m_year'] | 0;
//$queryText .= '&m_year='. $_GET['m_year'];
}
if ($_GET['m_student_name'] != '') {
$match_StudentName = EncodeHTMLTag($_GET['m_student_name']);
//$queryText .= '&m_student_name='. $_GET['m_student_name'];
}
if ($_GET['orderby'] != '') {
$match_Orderby = EncodeHTMLTag($_GET['orderby']);
//$queryText .= '&orderby='. $_GET['orderby'];
}
if ($_GET['sequence'] != '') {
$match_Sequence = $_GET['sequence'] | 0;
//$queryText .= '&sequence='. $_GET['sequence'];
}
// do the search
$search_SQL = '';
$search_Condition_SQL = '';
// To Check how many record "match the request".
$search_SQL = "SELECT DISTINCT m.* from tbl_match AS m LEFT JOIN tbl_match_record AS r ON( m.match_id=r.match_id ) WHERE 1 ";
if ($match_Name != '') {
$search_Condition_SQL .= ' AND m.match_name LIKE "%' . $match_Name . '%"';
}
if ($match_Year != '') {
<?php
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once "../../php-bin/admin_check.php";
// access control checking
require_once "z_access_control.php";
// Connect Database
require_once "../../php-bin/function.php";
$sub_content_ID = $_POST['sub_content_id'] | 0;
$change_to_ID = $HeadMaster_WebContent_ID;
$content_Title = EncodeHTMLTag($_POST['w_title']);
$content_Template = $_POST['w_template'] | 0;
$content_Description = EncodeHTMLTag($_POST['w_description']);
$content_Inner = $_POST['w_hidden'] | 0;
if ($content_Inner != 0) {
$content_Inner = $_POST['link_to'] | 0;
}
$content_Order = $_POST['w_order'] | 0;
if ($content_Title == '') {
header("Location: w_search.php?id=" . $change_to_ID);
exit;
}
$update_sql = "UPDATE `tbl_web_sub_content` SET \r\n\r\n `web_sub_content_title` = '{$content_Title}',\r\n\r\n `web_sub_content_template` = {$content_Template},\r\n\r\n `web_sub_content_description` = '{$content_Description}',\r\n\r\n `web_sub_content_inner` = {$content_Inner},\r\n\r\n `web_sub_content_order` = {$content_Order}\r\n\r\nWHERE web_content_id=" . $HeadMaster_WebContent_ID . " AND `web_sub_content_id` = " . $sub_content_ID;
$run_status = mysql_query($update_sql, $link_id);
if (!$run_status) {
$msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id));
} else {
$msg = "比賽學生添加完成";
}
mysql_close();
<?php
// admin checking
require_once "../../admin.inc.php";
// access control checking
require_once "z_access_control.php";
// Connect Database
require_once "../../php-bin/function.php";
$class_name = EncodeHTMLTag($_POST[class_name]);
$class_year = $_POST[class_year] | 0;
if (isset($_POST[Submit])) {
// Insert new data
$add_sql = "INSERT INTO tbl_class (class_id ,class_name,year) VALUES ('', '{$class_name}', '{$class_year}')";
$run_status = mysql_query($add_sql);
if (!$run_status) {
if (mysql_errno($link_id) == 1062) {
$msg = 'Duplication class name has been found.';
} else {
$msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id));
}
} else {
$msg = "The record has been added successfully.";
}
mysql_close();
$msg = urlencode($msg);
header("Location:index.php?msg={$msg}");
}
}
$exp_date_year = $_POST[exp_date_year] | 0;
$exp_date_month = $_POST[exp_date_month] | 0;
$exp_date_day = $_POST[exp_date_day] | 0;
if ($exp_date_day > 0 && $exp_date_day <= 31 && $exp_date_month > 0 && $exp_date_month <= 12 && $exp_date_year >= 1990) {
$exp_date = $exp_date_year . "-" . $exp_date_month . "-" . $exp_date_day;
} else {
$exp_date = "0000-00-00";
}
$title = EncodeHTMLTag($_POST[title]);
$serial = EncodeHTMLTag($_POST[serial]);
$content = EncodeHTMLTag($_POST[content]);
$link_text = EncodeHTMLTag($_POST[link_text]);
$link_url = EncodeHTMLTag($_POST[link_url]);
$new_window = EncodeHTMLTag($_POST[new_window]);
$type = EncodeHTMLTag($_POST[type]);
if (isset($_POST[Submit])) {
// Insert new data
$add_sql = "INSERT INTO `tbl_calendar` ( `post_id` , `poster` , `date` , `exp_date` , `title` , `serial` , `content` , `posttime` , `file_name` , `link_text` , `link_url` , `link_open_window` , `type`) VALUES ('" . $_SESSION["kw_admin_user_id"] . "', '" . $_SESSION["kw_admin_user_name"] . "', '{$date}', '{$exp_date}', '{$title}', '{$serial}', '{$content}', now(), '', '{$link_text}', '{$link_url}', '{$new_window}', '{$type}');";
mysql_query($add_sql);
$pkid = mysql_insert_id();
$oldfilename = $_FILES["file"]['name'];
$new_file_name = $pkid . substr($oldfilename, -4);
if (isset($_FILES["file"]["tmp_name"]) && $_FILES["file"]["tmp_name"] != "") {
$output_path = "../../calendar_attachment/";
if (!copy($_FILES["file"]["tmp_name"], $output_path . $new_file_name)) {
echo "Fail to copy doc file - " . $_FILES["file"]["tmp_name"];
exit;
} else {
$query = "update `tbl_calendar` set file_name ='{$new_file_name}' where calendarid ='{$pkid}' ";
mysql_query("set names utf8");
<?php
// admin checking
require_once "../../admin.inc.php";
// Connect Database
require_once "../../php-bin/function.php";
// access control checking
require_once "z_access_control.php";
require "config.php";
$title = EncodeHTMLTag($_GET['title']);
$category_id = $_GET['title'] | 0;
$msg = $_GET['msg'];
$search_SQL = "SELECT * FROM tbl_video WHERE 1";
if ($category_id) {
$search_SQL .= " AND category_id ={$category_id} ";
}
if ($title != "") {
$search_SQL .= " AND title LIKE '%" . $title . "%'";
}
$search_Result = mysql_query($search_SQL, $link_id);
if (!$search_Result) {
$msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id));
}
//************** Paging System - Start ************/
$Paging_Size = 10;
// how many record per page.
$Paging_Width = 10;
//
$Paging_RecordCount = mysql_num_rows($search_Result);
// include
include_once "../../php-bin/lib_paging.php";
}
foreach ($_POST['student_outside_praise_ary'] as $key => $value) {
$Student_Outside_Praise_Ary[] = EncodeHTMLTag($value);
}
foreach ($_POST['student_inside_praise_ary'] as $key => $value) {
$Student_Inside_Praise_Ary[] = EncodeHTMLTag($value);
}
}
$Student_Count = count($Student_Name_Ary);
echo $Student_Count;
for ($i = 0; $i < $Student_Count; $i++) {
$Student_ID_Ary[$i] = $Student_ID_Ary[$i] | 0;
}
$match_Name = EncodeHTMLTag($_POST['match_name']);
$match_Subject = EncodeHTMLTag($_POST['match_subject']);
$match_Sponsor = EncodeHTMLTag($_POST['match_sponsor']);
$date_year = $_POST[date_year] | 0;
$date_month = $_POST[date_month] | 0;
$date_day = $_POST[date_day] | 0;
$match_Date = $date_year . "-" . $date_month . "-" . $date_day;
$match_Year = 0;
//EncodeHTMLTag($_POST['match_year']);
if ($date_year != 0 && $date_month != 0 && $date_day != 0) {
if ($date_month >= 9) {
$match_Year = $date_year;
} else {
$match_Year = $date_year - 1;
}
}
if ($Student_Count != 0) {
if ($match_Name == '') {
header("Location: m_search.php?msg=".$msg);
}
*/
$new_name = "temp_match_import_" . (time() | 0) . $ext;
if (!copy($_FILES[$file_input_name]["tmp_name"], $temp_folder . $new_name)) {
echo "Fail to copy doc file - " . $_FILES[$file_input_name]["tmp_name"];
exit;
}
$handle = fopen($temp_folder . $new_name, "r");
while (($data = fgetcsv($handle, 100000, "\t")) !== FALSE) {
if ($row++ != 0) {
$num = count($data);
//if( $num!=8 || ($num==8&&$data[7]=='') )
//continue;
for ($c = 0; $c < $num; $c++) {
$csv_array[$student_count][$c] = EncodeHTMLTag($data[$c]);
}
$student_count++;
}
}
fclose($handle);
// Delete import file
unlink($temp_folder . $new_name);
// init
$change = false;
$match_title = "";
$match_date = "";
$year = 0;
$month = 0;
$day = 0;
$match_year = "";
$Student_Inside_Praise_Ary = array();
if ($_POST['student_name_ary'] != '') {
foreach ($_POST['student_id_ary'] as $key => $value) {
$Student_ID_Ary[] = $value | 0;
}
foreach ($_POST['student_name_ary'] as $key => $value) {
$Student_Name_Ary[] = EncodeHTMLTag($value);
}
foreach ($_POST['student_class_name_ary'] as $key => $value) {
$Student_Class_Name_Ary[] = EncodeHTMLTag($value);
}
foreach ($_POST['student_outside_praise_ary'] as $key => $value) {
$Student_Outside_Praise_Ary[] = EncodeHTMLTag($value);
}
foreach ($_POST['student_inside_praise_ary'] as $key => $value) {
$Student_Inside_Praise_Ary[] = EncodeHTMLTag($value);
}
}
$Student_Count = count($Student_Name_Ary);
if ($match_Name == '') {
header("Location: m_update.php?id=" . $match_ID);
exit;
}
// update information in tbl_match
$update_sql = "UPDATE `tbl_match` SET `match_name`='" . $match_Name . "', `match_year`='" . $match_Year . "', `match_date`='" . $match_Date . "', `match_subject`='" . $match_Subject . "', `match_sponsor`='" . $match_Sponsor . "'\r\n\r\n WHERE `match_id`=" . $match_ID;
$run_status = mysql_query($update_sql, $link_id);
if (!$run_status) {
$msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id));
} else {
$msg = "比賽更新完成";
}
<?php
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once "../../admin.inc.php";
// Connect Database
require_once "../../php-bin/function.php";
// access control checking
require_once "z_access_control.php";
$id = EncodeHTMLTag($_GET["id"]);
if ($id != 0) {
$file = $id;
// get the product no to be edit
$get_sql = "SELECT * FROM `tbl_art_gallery` WHERE `file_name`='{$file}';";
$result = mysql_query($get_sql, $link_id);
$record = mysql_fetch_object($result);
} else {
echo "<script language='javascript'>";
echo "alert(\"No Product no. supply\");";
echo "history.go(-1)";
echo "</script>";
exit;
}
mysql_close();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>圖片檢示</title>
<!-- no cache headers -->
$date = $date_year . "-" . $date_month . "-" . $date_day;
$file_year = 0;
if ($date_year != 0 && $date_month != 0 && $date_day != 0) {
if ($date_month >= 9) {
$file_year = $date_year;
} else {
$file_year = $date_year - 1;
}
//?v9ٓ 8-31,?vf?H
}
$date2 = ($_POST["date_year2"] | 0) . "-" . ($_POST["date_month2"] | 0) . "-" . ($_POST["date_day2"] | 0);
$title = addslashes($_POST["n_title"]);
$serial = EncodeHTMLTag($_POST["n_serial"]);
$content = addslashes($_POST["n_content"]);
$link_text = addslashes($_POST["n_link_text"]);
$link_url = EncodeHTMLTag($_POST["n_link_url"]);
$new_window = $_POST["n_new_window"] | 0;
$add_sql = "INSERT INTO `tbl_chancellor` ( `file_type_id` , `file_date` , `file_exp_date` , `file_serial` , `file_title` , `file_content` , `file_link_text` , `file_link_url` , `file_link_new_window`, `file_year` ) \r\nVALUES ( {$type_id}, '{$date}', '{$date2}', '{$serial}', '{$title}', '{$content}', '{$link_text}', '{$link_url}', {$new_window}, {$file_year} );";
mysql_query("set names utf8");
if (mysql_query($add_sql, $link_id)) {
$last_insert_id = mysql_insert_id($link_id);
if (is_uploaded_file($_FILES["n_photo"]['tmp_name'])) {
$uploadfilename = basename($_FILES['n_photo']['name']);
$suffix = explode('.', $uploadfilename);
$suffix = $suffix[count($suffix) - 1];
if (in_array($suffix, array("php", "php3"))) {
exit("<script>alert('Disallow file type.');history.back(-1);</script>");
}
$filename = "p" . $last_insert_id . "_" . date("YmdHis") . rand(10000, 99999) . '.' . $suffix;
require_once '../../include/image.class.php';
$image = new image();
<?php
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once "../../admin.inc.php";
// Connect Database
require_once "../../php-bin/function.php";
// access control checking
require_once "z_access_control.php";
$id = $_POST['id'] | 0;
$date_year = $_POST[date_year] | 0;
$date_month = $_POST[date_month] | 0;
$date_day = $_POST[date_day] | 0;
$date = $date_year . "-" . $date_month . "-" . $date_day;
$category_id = $_POST['_POST'] | 0;
$title = EncodeHTMLTag($_POST["title"]);
$video = EncodeHTMLTag($_POST["video"]);
$picture = EncodeHTMLTag($_POST["picture"]);
$update_qstr = "UPDATE tbl_video SET `category_id`={$category_id}, `date`='{$date}', title='{$title}', video='{$video}', picture='{$picture}' WHERE id={$id}";
if (mysql_query($update_qstr, $link_id)) {
$msg = "Update Sucess";
}
mysql_close();
header("Location: search.php?start_search=1&msg=" . $msg . "&mp3_title=" . urlencode($search_Obj2->mp3_title) . "&mp3_type_id=" . urlencode($search_Obj2->mp3_type_id));
<?php
// preview init start
$is_preview = $_POST["is_preview"] | 0;
$preview_item_id = $_POST["item_id"] | 0;
$preview_item_order = $_POST["item_order"] | 0;
$preview_item_title = EncodeHTMLTag($_POST["item_title"]);
$preview_item_content = str_replace('\\"', "'", $_POST['elm1']);
$item_Day = $_POST['item_day'] | 0;
$item_Month = $_POST['item_month'] | 0;
$item_Year = $_POST['item_year'] | 0;
$preview_item_date = "";
if ($item_Day > 0 && $item_Day <= 31 && $item_Month > 0 && $item_Month <= 12 && $item_Year >= 1996) {
$preview_item_date = "'{$item_Year}-{$item_Month}-{$item_Day}'";
}
// preview init end
// update the item order temporary
if ($is_preview > 0) {
$original_item_order_result = mysql_query("SELECT web_sub_content_item_order FROM tbl_web_sub_content_item WHERE web_sub_content_item_id=" . $preview_item_id);
$original_item_order_obj = mysql_fetch_object($original_item_order_result);
$original_item_order = $original_item_order_obj->web_sub_content_item_order;
mysql_query("UPDATE tbl_web_sub_content_item SET web_sub_content_item_order=" . $preview_item_order . " WHERE web_sub_content_item_id=" . $preview_item_id);
}
//update end
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once "../../php-bin/admin_check.php";
// access control checking
require_once "z_access_control.php";
// Connect Database
require_once "../../php-bin/function.php";
$item_id = $_POST["id"] | 0;
$item_sql = ' SELECT * FROM tbl_web_sub_content_item WHERE web_sub_content_item_id=' . $item_id;
$item_result = mysql_query($item_sql, $link_id);
if ($item_obj = mysql_fetch_object($item_result)) {
foreach ($_FILES["file_ary"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$upfile = $_FILES["file_ary"]["tmp_name"][$key];
$remark = EncodeHTMLTag($_POST["remark"][$key]);
$ext = EncodeHTMLTag(strrchr($_FILES["file_ary"]['name'][$key], "."));
$ran_num = (time() | 0) . "_" . rand(0, 999999999);
$output_path = "../../file_sub_content/";
$ori_file_name = $item_id . "_{$ran_num}{$ext}";
copy($upfile, $output_path . $ori_file_name);
$sql_c = "INSERT INTO tbl_web_sub_content_file ( `web_sub_content_item_id`, `file_name`, `file_remark` ) VALUES ({$item_id}, '" . $ori_file_name . "', '" . $remark . "')";
mysql_query($sql_c, $link_id);
}
}
header("Location: file_upload.php?id=" . $item_id);
} else {
?>
<script>
alert("not exist");
<?php
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once "../../admin.inc.php";
// Connect Database
require_once "../../php-bin/function.php";
// access control checking
require_once "z_access_control.php";
$id = $_GET['id'] | 0;
$file_name = EncodeHTMLTag($_GET["file_name"]);
$remark = EncodeHTMLTag($_GET["remark"]);
$img_sql = " SELECT * FROM tbl_lastest_gallery WHERE file_name='{$file_name}' ";
$img_result = mysql_query($img_sql, $link_id);
if ($img_obj = mysql_fetch_object($img_result)) {
//access_detail_check( $img_obj->act_id );
// delete data
$add_sql = "DELETE FROM `tbl_lastest_gallery` WHERE file_name='{$file_name}' ";
$run_status = mysql_query($add_sql);
if (!$run_status) {
$msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id));
} else {
unlink("../../gallery_activity/" . $file_name);
unlink("../../gallery_activity/thumb" . $file_name);
unlink("../../gallery_activity/web" . $img_obj->ori_file_name);
$msg = "The record hadd been delete successfully.";
}
mysql_close();
//echo $add_sql;
header("Location:gallery.php?msg={$msg}&id={$id}");
}
header("Content-Type:text/html;charset=utf-8");
// admin checking
require_once "../../admin.inc.php";
// Connect Database
require_once "../../php-bin/function.php";
// access control checking
//require_once("z_access_control.php");
$a_id = $_POST["a_id"] | 0;
$u_name = addslashes($_POST['u_name']);
$a_content = addslashes($_POST["a_content"]);
$order = addslashes($_POST["order"]);
$a_id = $_POST['a_id'];
$contype = $_POST['a_type'];
$date_year = $_POST[date_year] | 0;
$date_month = $_POST[date_month] | 0;
$date_day = $_POST[date_day] | 0;
$date = $date_year . "-" . $date_month . "-" . $date_day;
//$u_pw = EncodeHTMLTag($_POST["u_pw"]);
$subject = EncodeHTMLTag($_POST["subject"]);
$order = $_POST["order"] | 0;
$update_sql = "UPDATE `tbl_contest` SET\r\n`a_title`='{$u_name}', `a_content`='{$a_content}', `order`='{$order}', `a_date`='{$date}' WHERE `a_id`=" . $a_id;
mysql_query("set names utf8");
$run_status = mysql_query($update_sql, $link_id);
if (!$run_status) {
$msg = 4;
} else {
$msg = 3;
}
mysql_close();
header("Location:contestlist.php?id=" . $contype . "&msg=" . $msg);
// require_once("../../include/image.class.php");
$id = $_POST[id] | 0;
$sql = " SELECT * FROM tbl_activity WHERE id=" . $id;
$result = mysql_query($sql);
if ($obj = mysql_fetch_object($result)) {
access_detail_check($obj->type_id);
} else {
exit;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////
/* Start Upload Photo */
//////////////////////////////////////////////////////////////////////////////////////////////////////
foreach ($_FILES["photo"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$upfile = $_FILES["photo"]["tmp_name"][$key];
$remark = EncodeHTMLTag($_POST["remark"][$key]);
$g_order = $_POST["order"][$key] | 0;
$ext = strrchr($_FILES["photo"]['name'][$key], ".");
$ran_num = (time() | 0) . "_" . rand(0, 999999999);
$output_path = "../../gallery_activity/";
$file_name = $id . "_{$ran_num}.png";
$ori_file_name = $id . "_{$ran_num}{$ext}";
// $size = GetImageSize($upfile);
// copy($upfile,$output_path.$file_name);
// image_resize( $upfile, $output_filename, $output_path, 190, 120);
// // copy($upfile,$output_path."small/".$file_name);
// image_resize( $upfile, $output_filename, $output_path, 90, 60);
// copy( $upfile, $output_path."original/".$ori_file_name );
$image = (require_once "../../include/image.class.php");
$image = new image();
$image->source = $_FILES['photo']["tmp_name"][$key];
}
$exp_date_year = $_POST[exp_date_year] | 0;
$exp_date_month = $_POST[exp_date_month] | 0;
$exp_date_day = $_POST[exp_date_day] | 0;
if ($exp_date_day > 0 && $exp_date_day <= 31 && $exp_date_month > 0 && $exp_date_month <= 12 && $exp_date_year >= 1990) {
$exp_date = $exp_date_year . "-" . $exp_date_month . "-" . $exp_date_day;
} else {
$exp_date = "0000-00-00";
}
$title = EncodeHTMLTag($_POST[title]);
$serial = EncodeHTMLTag($_POST[serial]);
$content = EncodeHTMLTag($_POST[content]);
$link_text = EncodeHTMLTag($_POST[link_text]);
$link_url = EncodeHTMLTag($_POST[link_url]);
$new_window = EncodeHTMLTag($_POST[new_window]);
$is_news = EncodeHTMLTag($_POST[is_news]);
// calendarid post_id poster date title content posttime
if ($c_id != 0) {
// Insert new data
$update_sql = "update `tbl_calendar` set \r\n\r\nlink_text='{$link_text}', \r\nlink_url='{$link_url}', \r\nlink_open_window='{$new_window}', \r\ndate='{$date}' ,\r\nexp_date='{$exp_date}' ,\r\ntitle='{$title}', \r\nserial='{$serial}', \r\ncontent='{$content}', \r\nis_news ='{$is_news}', \r\npost_id ='" . $_SESSION["kw_admin_user_id"] . "', \r\nposter ='" . $_SESSION["plk_admin_user_name"] . "',\r\nposttime=now()\r\n\r\n WHERE calendarid={$c_id}";
mysql_query("set names utf8");
mysql_query($update_sql);
$pkid = $c_id;
$oldfilename = $_FILES["file"]['name'];
$new_file_name = $pkid . substr($oldfilename, -4);
if (isset($_FILES["file"]["tmp_name"]) && $_FILES["file"]["tmp_name"] != "") {
// check the having file.
$sql = "SELECT `file_name` FROM `tbl_calendar` WHERE calendarid = '{$pkid}'";
$result = mysql_query($sql, $link_id);
$get_rows = mysql_fetch_array($result);
if ($get_rows[file_name] != "") {
