public function insert($re_read = false)
{
if (!$this->before_insert()) {
return false;
}
$retval = _insert();
if ($retval) {
return $this->after_insert();
} else {
return false;
}
}
if (isset($_GET['action'])) {
if ($_GET['action'] == 'send') {
//protect from illegal registration
_check_code($_POST['code'], $_SESSION['RandCode']);
$_rows = _fetch_array("select \n\t\t\t\t\t\t\t\t\ttg_uniqid \n\t\t\t\t\t\t\t\t from \n\t\t\t\t\t\t\t\t\ttg_user \n\t\t\t\t\t\t\t\twhere \n\t\t\t\t\t\t\t\t\ttg_username = '******'username']}'");
if ($_rows) {
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
include ROOT_PATH . 'includes/check.func.php';
$_clean = array();
$_clean['touser'] = $_POST['touser'];
$_clean['fromuser'] = $_COOKIE['username'];
$_clean['flower'] = $_POST['flower'];
$_clean['content'] = _check_content($_POST['content']);
$_clean = _mysql_string($_clean);
//write into database
_insert("INSERT INTO tg_flower (\n\t\t\t\t\t\t\t\t\t\ttg_touser,\n\t\t\t\t\t\t\t\t tg_fromuser,\n\t\t\t\t\t\t\t\t tg_flower,\n\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t \tVALUES (\n\t\t\t\t\t \t\t\t\t\t'{$_clean['touser']}',\n\t\t\t\t\t \t\t\t\t\t'{$_clean['fromuser']}',\n\t\t\t\t\t \t\t\t\t\t'{$_clean['flower']}',\n\t\t\t\t\t \t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t \t\t\t\t\tNOW()\n\t\t\t\t\t\t \t\t\t\t)\n\t\t\t");
//Successfully sended
if (_affected_rows() == 1) {
_close();
//_session_destroy();
_alert_close('Successfully sended');
} else {
_close();
//_session_destroy();
_alert_back('Fail to send');
}
} else {
_alert_close('Illegal access!');
}
}
}
$_clean['active'] = _sha1_uniqid();
$_clean['username'] = _check_username($_POST['username']);
$_clean['password'] = _check_password($_POST['password'], $_POST['notpassword']);
$_clean['question'] = _check_question($_POST['question']);
$_clean['answer'] = _check_answer($_POST['question'], $_POST['answer']);
$_clean['sex'] = _check_sex($_POST['sex']);
$_clean['profile'] = _check_profile($_POST['profile']);
$_clean['email'] = _check_email($_POST['email']);
$_clean['msn'] = _check_msn($_POST['msn']);
$_clean['url'] = _check_url($_POST['url']);
//check whether this username has been registered
_is_repeat("select tg_username from tg_user where tg_username = '******'username']}'limit 1", 'This username has been registered');
//insert information into database
//Between double quotation marks, a variable's name could be used; However, an array element can't.
//A pair of braces are used to fix this problem
_insert("INSERT INTO tg_user (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_profile,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_msn,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['profile']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
//_SERVER["REMOTE_ADDR"] would acquire the current login IP address
if (_affected_rows() == 1) {
//receive the id number in the previous "insert" statement
$_clean['id'] = _insert_id();
_close();
//_session_destroy();
//XML
_set_xml('new.xml', $_clean);
//skip to main page
_location('congratulation, registration succeed', 'active.php?active=' . $_clean['active']);
} else {
_location('registration fails', 'register.php');
//_session_destroy();
_close();
}
function render_admin_validaradd($param)
{
list($aid, $sid, $folios, $signatura, $siglos, $periodo, $resumen, $notas) = vwVarFromInput("aid", "sid", "folios", "signatura", "siglos", "periodo", "resumen", "notas");
// Comprobamos que el documento no existe ya
list($db) = Getdb();
$tbl = GetTable('documentos');
$col = GetCols('documentos');
$sql = "SELECT {$col['signatura']},{$col['did']} FROM {$tbl} WHERE {$col['signatura']}='{$signatura}' and {$col['folios']}='{$folios}'";
$resultado = $db->Execute($sql);
if ($db->ErrorNo() != 0) {
$mensaje = "Ha ocurrido un error al leer de la base de datos";
return $mensaje;
}
if ($resultado->RecordCount() > 0) {
// El documento ya existe
$param['ruta'] = "error";
$param['mensaje'] = "El documento ya existe.Redireccionando a la edicion del documento ya existente";
$param['timeout'] = "3";
$res = $resultado->FetchRow();
$param['url'] = 'index.php?actor=documentos&accion=editar&id=' . $res[$col['did']];
render($param);
die;
}
// Insertamos el archivo en la base de datos
$seccion = array("aid" => $aid, "sid" => $sid, "folios" => htmlentities($folios, ENT_QUOTES), "signatura" => htmlentities($signatura, ENT_QUOTES), "siglos" => htmlentities($siglos, ENT_QUOTES), "periodo" => ParsePeriod($periodo), "resumen" => htmlentities($resumen, ENT_QUOTES), "notas" => htmlentities($notas, ENT_QUOTES));
//$seccion=fromcmstodb($seccion,'documentos');
$result = _insert($seccion);
if ($result != true) {
$param['ruta'] = "error";
$param['mensaje'] = "Ha ocurrido un error al introducir la sección en la base de datos <br>{$result}";
render($param);
die;
}
$mensaje = "La sección ha sido introducida correctamente.";
/* $resultado= SmartyInit();
$resultado->assign("mensaje",$mensaje);
$plantilla="mensaje.tpl";
$salida=$resultado->fetch($plantilla);
return $salida; */
$url = vwSessionGetVar('urlantigua');
vwSessionDelVar('urlantigua');
return render_msg($mensaje, 3, $url);
}
global $_system;
//Protect from faking unique identifier
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
//protect from spamming
_timed(time(), $_rows['tg_post_time'], $_system['post']);
//echo "<script>alert('".$_system['post']."')</script>";
include ROOT_PATH . 'includes/check.func.php';
//receive content in the post
$_clean = array();
$_clean['username'] = $_COOKIE['username'];
$_clean['type'] = $_POST['type'];
$_clean['title'] = _check_post_title($_POST['title'], 2, 40);
$_clean['content'] = _check_post_content($_POST['content'], 10);
$_clean = _mysql_string($_clean);
//write into database
_insert("INSERT INTO \n\t\t\t tg_article (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_title,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_type,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_content,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_date\n\t\t\t\t\t\t\t\t\t\t\t\t\t ) \n\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['title']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['type']}',\n\t\t\t\t\t\t\t\t\t\t\t'{$_clean['content']}',\n\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t)");
if (_affected_rows() == 1) {
$_clean['id'] = _insert_id();
//create a cookie to record post time to protect from spamming
//setcookie('post_time', time());
$_clean['time'] = time();
_query("UPDATE \n\t\t\t\t tg_user \n\t\t\t\t SET \n\t\t\t\t tg_post_time='{$_clean['time']}' \n\t\t\t\t WHERE \n\t\t\t\t tg_username='******'username']}'");
_close();
//_session_destroy();
_location('Successfully post£¡', 'article.php?id=' . $_clean['id']);
} else {
_close();
//_session_destroy();
_alert_back('Fail to post£¡');
}
}
