$u_status = ""; $t_name = EncodeHTMLTag($_GET["t_name"]); $msg = EncodeHTMLTag($_GET["msg"]); // GET status message $orderby = "`order`"; $orderseq = "asc"; $page = 1; $record_per_page = 10; // records display each page if (isset($_GET["page"])) { $page = $_GET["page"] | 0; } if (isset($_GET["orderby"])) { $orderby = EncodeHTMLTag($_GET["orderby"]); } if (isset($_GET["seq"])) { $orderseq = EncodeHTMLTag($_GET["seq"]); } $search_arr = array("t_name" => $t_name); $sort_arr = array("orderby" => $orderby, "seq" => $orderseq); $class_arr = array("", "small border=0 cellpadding=0 cellspacing=0", "", "\"\" style=\"padding-left:2px;padding-right:2px;\""); $get_sql = "Select * FROM tbl_link"; if ($t_name != "") { $get_sql .= " WHERE link_name LIKE '%" . $t_name . "%'"; } $get_result = mysql_query($get_sql, $link_id); $total_record = mysql_num_rows($get_result); $offset = $record_per_page * ($page - 1); $total_page = ceil($total_record / $record_per_page); $get_result = mysql_query($get_sql . " limit {$offset},{$record_per_page};", $link_id); mysql_close();
$year = 0; $sql_date = "NULL"; $date_year = $_POST[date_year] | 0; $date_month = $_POST[date_month] | 0; $date_day = $_POST[date_day] | 0; if ($date_day > 0 && $date_day <= 31 && $date_month > 0 && $date_month <= 12 && $date_year >= 1990) { $sql_date = "'{$date_year}-{$date_month}-{$date_day}'"; if ($date_month >= 9) { $year = $date_year; } else { $year = $date_year - 1; } } $id = $_POST[id] | 0; $name = EncodeHTMLTag($_POST['name']); $desc = EncodeHTMLTag($_POST['desc']); $participant = addslashes($_POST['participant']); $class_year = $_POST[class_year] | 0; $type_id = $_POST[type_id] | 0; // Insert new data if ($id != 0) { $update_sql = "UPDATE `tbl_movie` SET\r\n\t\t`name` = '{$name}' ,\r\n\t\t`date` = {$sql_date} ,\r\n\t\t`year` = {$year} ,\r\n\t\t`description` = '{$desc}' ,\r\n\t\t`modified_by` = '" . $_SESSION["plk_admin_user_name"] . "' ,\r\n\t\t`modified_date` = now() ,\r\n\t\t`type_id` = {$type_id} ,\r\n\t\t`class_year` = {$class_year}\r\n\tWHERE id = '{$id}' "; mysql_query("set names utf8"); $run_status = mysql_query($update_sql); if (!$run_status) { $msg = str_replace(" ", "+", "tο~: " . mysql_error($link_id)); } else { $msg = "Record has been updated successfully."; } mysql_close(); //header("Location:activity.php?msg=$msg&t_name=".$name."&type_id=".$type_id);
<?php // admin checking require_once "../../php-bin/admin_check.php"; // access control checking require_once "z_access_control.php"; // Connect Database require_once "../../php-bin/function.php"; // function for resize photo require_once "../../php-bin/lib_img_resize.php"; $sub_content_ID = $_POST['sub_content_id'] | 0; $item_ID = $_POST['item_id'] | 0; $item_Title = EncodeHTMLTag($_POST['item_title']); $item_Order = $_POST['item_order'] | 0; $item_Html = str_replace("'", "'", $_POST['elm1']); $file_name = ""; $item_Day = $_POST['item_day'] | 0; $item_Month = $_POST['item_month'] | 0; $item_Year = $_POST['item_year'] | 0; /* if( $item_Title=='' ) { header("Location: w_sub_content_item_update.php?id=".$item_ID); exit(); } */ $item_sql = " SELECT * FROM tbl_web_sub_content_item WHERE `web_sub_content_item_id`=" . $item_ID; $item_result = mysql_query($item_sql, $link_id); $item_obj = mysql_fetch_object($item_result); ////////////////////////////////////////////////////////////////////////////////////////////////////// /* Start Upload Photo */
<?php header("Content-Type:text/html;charset=utf-8"); require_once "../../admin.inc.php"; // access control checking //require_once("z_access_control.php"); // Selection require_once "../../php-bin/function.php"; require_once "../../php-bin/pagedisplay.php"; $msg = ""; $u_name = ""; $u_type = ""; $u_status = ""; $t_name = EncodeHTMLTag($_GET["t_name"]); $msg = EncodeHTMLTag($_GET["msg"]); // GET status message $orderby = "`order`"; $orderseq = "asc"; $page = 1; $record_per_page = 15; // records display each page if (isset($_GET["page"])) { $page = $_GET["page"] | 0; } if (isset($_GET["orderby"])) { $orderby = addslashes($_GET["orderby"]); } if (isset($_GET["seq"])) { $orderseq = addslashes($_GET["seq"]); } $search_arr = array("t_name" => $t_name);
$u_email = EncodeHTMLTag($_POST["u_email"]); $u_intro = EncodeHTMLTag($_POST["u_intro"]); $u_id = EncodeHTMLTag($_POST['u_name']); //$u_pw = EncodeHTMLTag($_POST["u_pw"]); $u_pw_sql = ""; if (EncodeHTMLTag($_POST["u_pw"]) != "") { $u_pw_sql = " `password` = '" . md5($_POST["u_pw"]) . "' , "; } $subject = EncodeHTMLTag($_POST["subject"]); $show = "N"; if ($_POST[show] == "Y") { $show = "Y"; } $order = $_POST["order"] | 0; $duty_admin = EncodeHTMLTag($_POST["duty_admin"]); $duty_teach = EncodeHTMLTag($_POST["duty_teach"]); $got_degree = $_POST["got_degree"] | 0; $take_train = $_POST["take_train"] | 0; $pass_english_test = $_POST["pass_english_test"] | 0; $pass_putonghua_test = $_POST["pass_putonghua_test"] | 0; $year_experience = $_POST["year_experience"] | 0; $type_id = $_POST["type_id"] | 0; $update_sql = "UPDATE `tbl_teacher` SET\r\n`teacher_name`='{$u_name}', `teacher_email`='{$u_email}', `teacher_intro`='{$u_intro}', `teacher_login`='{$u_id}', " . $u_pw_sql . " \r\n `subject`='{$subject}', `show`='{$show}', `order`='{$order}', `duty_admin`='{$duty_admin}', `duty_teach`='{$duty_teach}', `got_degree`='{$got_degree}', `take_train`='{$take_train}',\r\n `pass_english_test`='{$pass_english_test}', `pass_putonghua_test`='{$pass_putonghua_test}', `year_experience`='{$year_experience}', `type_id`='{$type_id}' \r\nWHERE `teacher_id`=" . $u_teacher_id; $run_status = mysql_query($update_sql, $link_id); if (!$run_status) { $msg = str_replace(" ", "+", "tο~: " . mysql_error($link_id)); } else { // update access control - start $update_access_control_sql = "UPDATE `tbl_access_control` SET\r\n access_teacher={$access_teacher}, access_student={$access_student}, access_class={$access_class},\r\n access_activity={$access_activity}, access_calendar={$access_calendar}, access_news={$access_news}, access_outside={$access_outside},\r\n access_file={$access_file}, access_match={$access_match}, access_topmark={$access_topmark}, access_content={$access_content}, access_headmaster={$access_headmaster}, access_calendar_2={$access_calendar_2}, access_assignment={$access_assignment} , access_calendar_s={$access_calendar_s}, access_calendar_h={$access_calendar_h}, access_calendar_p={$access_calendar_p} \r\n\tWHERE teacher_id=" . $u_teacher_id; $access_status = mysql_query($update_access_control_sql, $link_id); // update access control - end
<?php header("Content-Type:text/html;charset=utf-8"); // admin checking require_once '../../admin.inc.php'; // Connect Database require_once "../../php-bin/function.php"; // access control checking require_once "z_access_control.php"; $type = $_GET['n_type'] | 0; $year = $_GET['n_year'] | 0; $month = $_GET['n_month'] | 0; $title = EncodeHTMLTag($_GET['n_title']); $serial = EncodeHTMLTag($_GET['n_serial']); $msg = EncodeHTMLTag($_GET['msg']); $search_SQL = " SELECT * FROM \r\n\ttbl_chancellor where file_type_id=9 "; $search_Result = mysql_query($search_SQL, $link_id); if (!$search_Result) { $msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id)); } //************** Paging System - Start ************/ $Paging_Size = 10; // how many record per page. $Paging_Width = 10; // $Paging_RecordCount = mysql_num_rows($search_Result); // include include_once "../../php-bin/lib_paging.php"; //************** Paging System - End ************/ ?> <html>
<?php header("Content-Type:text/html;charset=utf-8"); // admin checking require_once '../../admin.inc.php'; // Connect Database require_once "../../php-bin/function.php"; $submit_type = $_POST['submit_type'] | 0; $type_id = $_POST['type_id'] | 0; $type_order = $_POST['type_order'] | 0; $type_name = EncodeHTMLTag($_POST['type_name']); $msg = ""; if ($submit_type == 0) { $sql = 'INSERT INTO `tbl_chancellor_type` ( `type_name`, `type_order` ) VALUES ( "' . $type_name . '", ' . $type_order . ' )'; if (mysql_query($sql, $link_id)) { $msg = "增加分類完成"; } else { $msg = str_replace(" ", "+", "失敗: " . mysql_error($link_id)); } } else { if ($submit_type == 1) { $sql = " UPDATE `tbl_chancellor_type` SET type_name='" . $type_name . "' , type_order=" . $type_order . " WHERE type_id=" . $type_id; if (mysql_query($sql, $link_id)) { $msg = "更新分類完成"; } else { $msg = str_replace(" ", "+", "失敗: " . mysql_error($link_id)); } } else { $sql = " DELETE FROM tbl_chancellor_type WHERE type_id = " . $type_id; if (mysql_query($sql, $link_id)) { $msg = "刪除分類完成";
//$match_Orderby = ''; //$match_Sequence = ''; if ($_GET['m_match_name'] != '') { $match_Name = EncodeHTMLTag($_GET['m_match_name']); //$queryText .= '&m_match_name='. $_GET['m_match_name']; } if ($_GET['m_year'] != '') { $match_Year = $_GET['m_year'] | 0; //$queryText .= '&m_year='. $_GET['m_year']; } if ($_GET['m_student_name'] != '') { $match_StudentName = EncodeHTMLTag($_GET['m_student_name']); //$queryText .= '&m_student_name='. $_GET['m_student_name']; } if ($_GET['orderby'] != '') { $match_Orderby = EncodeHTMLTag($_GET['orderby']); //$queryText .= '&orderby='. $_GET['orderby']; } if ($_GET['sequence'] != '') { $match_Sequence = $_GET['sequence'] | 0; //$queryText .= '&sequence='. $_GET['sequence']; } // do the search $search_SQL = ''; $search_Condition_SQL = ''; // To Check how many record "match the request". $search_SQL = "SELECT DISTINCT m.* from tbl_match AS m LEFT JOIN tbl_match_record AS r ON( m.match_id=r.match_id ) WHERE 1 "; if ($match_Name != '') { $search_Condition_SQL .= ' AND m.match_name LIKE "%' . $match_Name . '%"'; } if ($match_Year != '') {
<?php header("Content-Type:text/html;charset=utf-8"); // admin checking require_once "../../php-bin/admin_check.php"; // access control checking require_once "z_access_control.php"; // Connect Database require_once "../../php-bin/function.php"; $sub_content_ID = $_POST['sub_content_id'] | 0; $change_to_ID = $HeadMaster_WebContent_ID; $content_Title = EncodeHTMLTag($_POST['w_title']); $content_Template = $_POST['w_template'] | 0; $content_Description = EncodeHTMLTag($_POST['w_description']); $content_Inner = $_POST['w_hidden'] | 0; if ($content_Inner != 0) { $content_Inner = $_POST['link_to'] | 0; } $content_Order = $_POST['w_order'] | 0; if ($content_Title == '') { header("Location: w_search.php?id=" . $change_to_ID); exit; } $update_sql = "UPDATE `tbl_web_sub_content` SET \r\n\r\n `web_sub_content_title` = '{$content_Title}',\r\n\r\n `web_sub_content_template` = {$content_Template},\r\n\r\n `web_sub_content_description` = '{$content_Description}',\r\n\r\n `web_sub_content_inner` = {$content_Inner},\r\n\r\n `web_sub_content_order` = {$content_Order}\r\n\r\nWHERE web_content_id=" . $HeadMaster_WebContent_ID . " AND `web_sub_content_id` = " . $sub_content_ID; $run_status = mysql_query($update_sql, $link_id); if (!$run_status) { $msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id)); } else { $msg = "比賽學生添加完成"; } mysql_close();
<?php // admin checking require_once "../../admin.inc.php"; // access control checking require_once "z_access_control.php"; // Connect Database require_once "../../php-bin/function.php"; $class_name = EncodeHTMLTag($_POST[class_name]); $class_year = $_POST[class_year] | 0; if (isset($_POST[Submit])) { // Insert new data $add_sql = "INSERT INTO tbl_class (class_id ,class_name,year) VALUES ('', '{$class_name}', '{$class_year}')"; $run_status = mysql_query($add_sql); if (!$run_status) { if (mysql_errno($link_id) == 1062) { $msg = 'Duplication class name has been found.'; } else { $msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id)); } } else { $msg = "The record has been added successfully."; } mysql_close(); $msg = urlencode($msg); header("Location:index.php?msg={$msg}"); }
} $exp_date_year = $_POST[exp_date_year] | 0; $exp_date_month = $_POST[exp_date_month] | 0; $exp_date_day = $_POST[exp_date_day] | 0; if ($exp_date_day > 0 && $exp_date_day <= 31 && $exp_date_month > 0 && $exp_date_month <= 12 && $exp_date_year >= 1990) { $exp_date = $exp_date_year . "-" . $exp_date_month . "-" . $exp_date_day; } else { $exp_date = "0000-00-00"; } $title = EncodeHTMLTag($_POST[title]); $serial = EncodeHTMLTag($_POST[serial]); $content = EncodeHTMLTag($_POST[content]); $link_text = EncodeHTMLTag($_POST[link_text]); $link_url = EncodeHTMLTag($_POST[link_url]); $new_window = EncodeHTMLTag($_POST[new_window]); $type = EncodeHTMLTag($_POST[type]); if (isset($_POST[Submit])) { // Insert new data $add_sql = "INSERT INTO `tbl_calendar` ( `post_id` , `poster` , `date` , `exp_date` , `title` , `serial` , `content` , `posttime` , `file_name` , `link_text` , `link_url` , `link_open_window` , `type`) VALUES ('" . $_SESSION["kw_admin_user_id"] . "', '" . $_SESSION["kw_admin_user_name"] . "', '{$date}', '{$exp_date}', '{$title}', '{$serial}', '{$content}', now(), '', '{$link_text}', '{$link_url}', '{$new_window}', '{$type}');"; mysql_query($add_sql); $pkid = mysql_insert_id(); $oldfilename = $_FILES["file"]['name']; $new_file_name = $pkid . substr($oldfilename, -4); if (isset($_FILES["file"]["tmp_name"]) && $_FILES["file"]["tmp_name"] != "") { $output_path = "../../calendar_attachment/"; if (!copy($_FILES["file"]["tmp_name"], $output_path . $new_file_name)) { echo "Fail to copy doc file - " . $_FILES["file"]["tmp_name"]; exit; } else { $query = "update `tbl_calendar` set file_name ='{$new_file_name}' where calendarid ='{$pkid}' "; mysql_query("set names utf8");
<?php // admin checking require_once "../../admin.inc.php"; // Connect Database require_once "../../php-bin/function.php"; // access control checking require_once "z_access_control.php"; require "config.php"; $title = EncodeHTMLTag($_GET['title']); $category_id = $_GET['title'] | 0; $msg = $_GET['msg']; $search_SQL = "SELECT * FROM tbl_video WHERE 1"; if ($category_id) { $search_SQL .= " AND category_id ={$category_id} "; } if ($title != "") { $search_SQL .= " AND title LIKE '%" . $title . "%'"; } $search_Result = mysql_query($search_SQL, $link_id); if (!$search_Result) { $msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id)); } //************** Paging System - Start ************/ $Paging_Size = 10; // how many record per page. $Paging_Width = 10; // $Paging_RecordCount = mysql_num_rows($search_Result); // include include_once "../../php-bin/lib_paging.php";
} foreach ($_POST['student_outside_praise_ary'] as $key => $value) { $Student_Outside_Praise_Ary[] = EncodeHTMLTag($value); } foreach ($_POST['student_inside_praise_ary'] as $key => $value) { $Student_Inside_Praise_Ary[] = EncodeHTMLTag($value); } } $Student_Count = count($Student_Name_Ary); echo $Student_Count; for ($i = 0; $i < $Student_Count; $i++) { $Student_ID_Ary[$i] = $Student_ID_Ary[$i] | 0; } $match_Name = EncodeHTMLTag($_POST['match_name']); $match_Subject = EncodeHTMLTag($_POST['match_subject']); $match_Sponsor = EncodeHTMLTag($_POST['match_sponsor']); $date_year = $_POST[date_year] | 0; $date_month = $_POST[date_month] | 0; $date_day = $_POST[date_day] | 0; $match_Date = $date_year . "-" . $date_month . "-" . $date_day; $match_Year = 0; //EncodeHTMLTag($_POST['match_year']); if ($date_year != 0 && $date_month != 0 && $date_day != 0) { if ($date_month >= 9) { $match_Year = $date_year; } else { $match_Year = $date_year - 1; } } if ($Student_Count != 0) { if ($match_Name == '') {
header("Location: m_search.php?msg=".$msg); } */ $new_name = "temp_match_import_" . (time() | 0) . $ext; if (!copy($_FILES[$file_input_name]["tmp_name"], $temp_folder . $new_name)) { echo "Fail to copy doc file - " . $_FILES[$file_input_name]["tmp_name"]; exit; } $handle = fopen($temp_folder . $new_name, "r"); while (($data = fgetcsv($handle, 100000, "\t")) !== FALSE) { if ($row++ != 0) { $num = count($data); //if( $num!=8 || ($num==8&&$data[7]=='') ) //continue; for ($c = 0; $c < $num; $c++) { $csv_array[$student_count][$c] = EncodeHTMLTag($data[$c]); } $student_count++; } } fclose($handle); // Delete import file unlink($temp_folder . $new_name); // init $change = false; $match_title = ""; $match_date = ""; $year = 0; $month = 0; $day = 0; $match_year = "";
$Student_Inside_Praise_Ary = array(); if ($_POST['student_name_ary'] != '') { foreach ($_POST['student_id_ary'] as $key => $value) { $Student_ID_Ary[] = $value | 0; } foreach ($_POST['student_name_ary'] as $key => $value) { $Student_Name_Ary[] = EncodeHTMLTag($value); } foreach ($_POST['student_class_name_ary'] as $key => $value) { $Student_Class_Name_Ary[] = EncodeHTMLTag($value); } foreach ($_POST['student_outside_praise_ary'] as $key => $value) { $Student_Outside_Praise_Ary[] = EncodeHTMLTag($value); } foreach ($_POST['student_inside_praise_ary'] as $key => $value) { $Student_Inside_Praise_Ary[] = EncodeHTMLTag($value); } } $Student_Count = count($Student_Name_Ary); if ($match_Name == '') { header("Location: m_update.php?id=" . $match_ID); exit; } // update information in tbl_match $update_sql = "UPDATE `tbl_match` SET `match_name`='" . $match_Name . "', `match_year`='" . $match_Year . "', `match_date`='" . $match_Date . "', `match_subject`='" . $match_Subject . "', `match_sponsor`='" . $match_Sponsor . "'\r\n\r\n WHERE `match_id`=" . $match_ID; $run_status = mysql_query($update_sql, $link_id); if (!$run_status) { $msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id)); } else { $msg = "比賽更新完成"; }
<?php header("Content-Type:text/html;charset=utf-8"); // admin checking require_once "../../admin.inc.php"; // Connect Database require_once "../../php-bin/function.php"; // access control checking require_once "z_access_control.php"; $id = EncodeHTMLTag($_GET["id"]); if ($id != 0) { $file = $id; // get the product no to be edit $get_sql = "SELECT * FROM `tbl_art_gallery` WHERE `file_name`='{$file}';"; $result = mysql_query($get_sql, $link_id); $record = mysql_fetch_object($result); } else { echo "<script language='javascript'>"; echo "alert(\"No Product no. supply\");"; echo "history.go(-1)"; echo "</script>"; exit; } mysql_close(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>圖片檢示</title> <!-- no cache headers -->
$date = $date_year . "-" . $date_month . "-" . $date_day; $file_year = 0; if ($date_year != 0 && $date_month != 0 && $date_day != 0) { if ($date_month >= 9) { $file_year = $date_year; } else { $file_year = $date_year - 1; } //?v9ٓ 8-31,?vf?H } $date2 = ($_POST["date_year2"] | 0) . "-" . ($_POST["date_month2"] | 0) . "-" . ($_POST["date_day2"] | 0); $title = addslashes($_POST["n_title"]); $serial = EncodeHTMLTag($_POST["n_serial"]); $content = addslashes($_POST["n_content"]); $link_text = addslashes($_POST["n_link_text"]); $link_url = EncodeHTMLTag($_POST["n_link_url"]); $new_window = $_POST["n_new_window"] | 0; $add_sql = "INSERT INTO `tbl_chancellor` ( `file_type_id` , `file_date` , `file_exp_date` , `file_serial` , `file_title` , `file_content` , `file_link_text` , `file_link_url` , `file_link_new_window`, `file_year` ) \r\nVALUES ( {$type_id}, '{$date}', '{$date2}', '{$serial}', '{$title}', '{$content}', '{$link_text}', '{$link_url}', {$new_window}, {$file_year} );"; mysql_query("set names utf8"); if (mysql_query($add_sql, $link_id)) { $last_insert_id = mysql_insert_id($link_id); if (is_uploaded_file($_FILES["n_photo"]['tmp_name'])) { $uploadfilename = basename($_FILES['n_photo']['name']); $suffix = explode('.', $uploadfilename); $suffix = $suffix[count($suffix) - 1]; if (in_array($suffix, array("php", "php3"))) { exit("<script>alert('Disallow file type.');history.back(-1);</script>"); } $filename = "p" . $last_insert_id . "_" . date("YmdHis") . rand(10000, 99999) . '.' . $suffix; require_once '../../include/image.class.php'; $image = new image();
<?php header("Content-Type:text/html;charset=utf-8"); // admin checking require_once "../../admin.inc.php"; // Connect Database require_once "../../php-bin/function.php"; // access control checking require_once "z_access_control.php"; $id = $_POST['id'] | 0; $date_year = $_POST[date_year] | 0; $date_month = $_POST[date_month] | 0; $date_day = $_POST[date_day] | 0; $date = $date_year . "-" . $date_month . "-" . $date_day; $category_id = $_POST['_POST'] | 0; $title = EncodeHTMLTag($_POST["title"]); $video = EncodeHTMLTag($_POST["video"]); $picture = EncodeHTMLTag($_POST["picture"]); $update_qstr = "UPDATE tbl_video SET `category_id`={$category_id}, `date`='{$date}', title='{$title}', video='{$video}', picture='{$picture}' WHERE id={$id}"; if (mysql_query($update_qstr, $link_id)) { $msg = "Update Sucess"; } mysql_close(); header("Location: search.php?start_search=1&msg=" . $msg . "&mp3_title=" . urlencode($search_Obj2->mp3_title) . "&mp3_type_id=" . urlencode($search_Obj2->mp3_type_id));
<?php // preview init start $is_preview = $_POST["is_preview"] | 0; $preview_item_id = $_POST["item_id"] | 0; $preview_item_order = $_POST["item_order"] | 0; $preview_item_title = EncodeHTMLTag($_POST["item_title"]); $preview_item_content = str_replace('\\"', "'", $_POST['elm1']); $item_Day = $_POST['item_day'] | 0; $item_Month = $_POST['item_month'] | 0; $item_Year = $_POST['item_year'] | 0; $preview_item_date = ""; if ($item_Day > 0 && $item_Day <= 31 && $item_Month > 0 && $item_Month <= 12 && $item_Year >= 1996) { $preview_item_date = "'{$item_Year}-{$item_Month}-{$item_Day}'"; } // preview init end // update the item order temporary if ($is_preview > 0) { $original_item_order_result = mysql_query("SELECT web_sub_content_item_order FROM tbl_web_sub_content_item WHERE web_sub_content_item_id=" . $preview_item_id); $original_item_order_obj = mysql_fetch_object($original_item_order_result); $original_item_order = $original_item_order_obj->web_sub_content_item_order; mysql_query("UPDATE tbl_web_sub_content_item SET web_sub_content_item_order=" . $preview_item_order . " WHERE web_sub_content_item_id=" . $preview_item_id); } //update end
header("Content-Type:text/html;charset=utf-8"); // admin checking require_once "../../php-bin/admin_check.php"; // access control checking require_once "z_access_control.php"; // Connect Database require_once "../../php-bin/function.php"; $item_id = $_POST["id"] | 0; $item_sql = ' SELECT * FROM tbl_web_sub_content_item WHERE web_sub_content_item_id=' . $item_id; $item_result = mysql_query($item_sql, $link_id); if ($item_obj = mysql_fetch_object($item_result)) { foreach ($_FILES["file_ary"]["error"] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $upfile = $_FILES["file_ary"]["tmp_name"][$key]; $remark = EncodeHTMLTag($_POST["remark"][$key]); $ext = EncodeHTMLTag(strrchr($_FILES["file_ary"]['name'][$key], ".")); $ran_num = (time() | 0) . "_" . rand(0, 999999999); $output_path = "../../file_sub_content/"; $ori_file_name = $item_id . "_{$ran_num}{$ext}"; copy($upfile, $output_path . $ori_file_name); $sql_c = "INSERT INTO tbl_web_sub_content_file ( `web_sub_content_item_id`, `file_name`, `file_remark` ) VALUES ({$item_id}, '" . $ori_file_name . "', '" . $remark . "')"; mysql_query($sql_c, $link_id); } } header("Location: file_upload.php?id=" . $item_id); } else { ?> <script> alert("not exist");
<?php header("Content-Type:text/html;charset=utf-8"); // admin checking require_once "../../admin.inc.php"; // Connect Database require_once "../../php-bin/function.php"; // access control checking require_once "z_access_control.php"; $id = $_GET['id'] | 0; $file_name = EncodeHTMLTag($_GET["file_name"]); $remark = EncodeHTMLTag($_GET["remark"]); $img_sql = " SELECT * FROM tbl_lastest_gallery WHERE file_name='{$file_name}' "; $img_result = mysql_query($img_sql, $link_id); if ($img_obj = mysql_fetch_object($img_result)) { //access_detail_check( $img_obj->act_id ); // delete data $add_sql = "DELETE FROM `tbl_lastest_gallery` WHERE file_name='{$file_name}' "; $run_status = mysql_query($add_sql); if (!$run_status) { $msg = str_replace(" ", "+", "Query failed: " . mysql_error($link_id)); } else { unlink("../../gallery_activity/" . $file_name); unlink("../../gallery_activity/thumb" . $file_name); unlink("../../gallery_activity/web" . $img_obj->ori_file_name); $msg = "The record hadd been delete successfully."; } mysql_close(); //echo $add_sql; header("Location:gallery.php?msg={$msg}&id={$id}"); }
header("Content-Type:text/html;charset=utf-8"); // admin checking require_once "../../admin.inc.php"; // Connect Database require_once "../../php-bin/function.php"; // access control checking //require_once("z_access_control.php"); $a_id = $_POST["a_id"] | 0; $u_name = addslashes($_POST['u_name']); $a_content = addslashes($_POST["a_content"]); $order = addslashes($_POST["order"]); $a_id = $_POST['a_id']; $contype = $_POST['a_type']; $date_year = $_POST[date_year] | 0; $date_month = $_POST[date_month] | 0; $date_day = $_POST[date_day] | 0; $date = $date_year . "-" . $date_month . "-" . $date_day; //$u_pw = EncodeHTMLTag($_POST["u_pw"]); $subject = EncodeHTMLTag($_POST["subject"]); $order = $_POST["order"] | 0; $update_sql = "UPDATE `tbl_contest` SET\r\n`a_title`='{$u_name}', `a_content`='{$a_content}', `order`='{$order}', `a_date`='{$date}' WHERE `a_id`=" . $a_id; mysql_query("set names utf8"); $run_status = mysql_query($update_sql, $link_id); if (!$run_status) { $msg = 4; } else { $msg = 3; } mysql_close(); header("Location:contestlist.php?id=" . $contype . "&msg=" . $msg);
// require_once("../../include/image.class.php"); $id = $_POST[id] | 0; $sql = " SELECT * FROM tbl_activity WHERE id=" . $id; $result = mysql_query($sql); if ($obj = mysql_fetch_object($result)) { access_detail_check($obj->type_id); } else { exit; } ////////////////////////////////////////////////////////////////////////////////////////////////////// /* Start Upload Photo */ ////////////////////////////////////////////////////////////////////////////////////////////////////// foreach ($_FILES["photo"]["error"] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $upfile = $_FILES["photo"]["tmp_name"][$key]; $remark = EncodeHTMLTag($_POST["remark"][$key]); $g_order = $_POST["order"][$key] | 0; $ext = strrchr($_FILES["photo"]['name'][$key], "."); $ran_num = (time() | 0) . "_" . rand(0, 999999999); $output_path = "../../gallery_activity/"; $file_name = $id . "_{$ran_num}.png"; $ori_file_name = $id . "_{$ran_num}{$ext}"; // $size = GetImageSize($upfile); // copy($upfile,$output_path.$file_name); // image_resize( $upfile, $output_filename, $output_path, 190, 120); // // copy($upfile,$output_path."small/".$file_name); // image_resize( $upfile, $output_filename, $output_path, 90, 60); // copy( $upfile, $output_path."original/".$ori_file_name ); $image = (require_once "../../include/image.class.php"); $image = new image(); $image->source = $_FILES['photo']["tmp_name"][$key];
} $exp_date_year = $_POST[exp_date_year] | 0; $exp_date_month = $_POST[exp_date_month] | 0; $exp_date_day = $_POST[exp_date_day] | 0; if ($exp_date_day > 0 && $exp_date_day <= 31 && $exp_date_month > 0 && $exp_date_month <= 12 && $exp_date_year >= 1990) { $exp_date = $exp_date_year . "-" . $exp_date_month . "-" . $exp_date_day; } else { $exp_date = "0000-00-00"; } $title = EncodeHTMLTag($_POST[title]); $serial = EncodeHTMLTag($_POST[serial]); $content = EncodeHTMLTag($_POST[content]); $link_text = EncodeHTMLTag($_POST[link_text]); $link_url = EncodeHTMLTag($_POST[link_url]); $new_window = EncodeHTMLTag($_POST[new_window]); $is_news = EncodeHTMLTag($_POST[is_news]); // calendarid post_id poster date title content posttime if ($c_id != 0) { // Insert new data $update_sql = "update `tbl_calendar` set \r\n\r\nlink_text='{$link_text}', \r\nlink_url='{$link_url}', \r\nlink_open_window='{$new_window}', \r\ndate='{$date}' ,\r\nexp_date='{$exp_date}' ,\r\ntitle='{$title}', \r\nserial='{$serial}', \r\ncontent='{$content}', \r\nis_news ='{$is_news}', \r\npost_id ='" . $_SESSION["kw_admin_user_id"] . "', \r\nposter ='" . $_SESSION["plk_admin_user_name"] . "',\r\nposttime=now()\r\n\r\n WHERE calendarid={$c_id}"; mysql_query("set names utf8"); mysql_query($update_sql); $pkid = $c_id; $oldfilename = $_FILES["file"]['name']; $new_file_name = $pkid . substr($oldfilename, -4); if (isset($_FILES["file"]["tmp_name"]) && $_FILES["file"]["tmp_name"] != "") { // check the having file. $sql = "SELECT `file_name` FROM `tbl_calendar` WHERE calendarid = '{$pkid}'"; $result = mysql_query($sql, $link_id); $get_rows = mysql_fetch_array($result); if ($get_rows[file_name] != "") {