function searchPhantom($query, $without = '', $pj = false, $pere = 0, $limit = 0, $orderby = "gabarit_id,pere", $where = '', $etat_id = 0, $version_id = 0, $langue_id = 0) { $langue_id = $langue_id == 0 && $_GET["la_langue"] == "" ? __defaultlangueid__ : ($langue_id != "" ? $langue_id : $_GET["la_langue"]); $pere = $pere === 0 ? "" : "and a.pere in (" . $pere . ")"; $limit = $limit == 0 ? "" : "limit " . $limit; $orderby = "order by " . $orderby; $etat_id = $etat_id == 0 ? $_GET["etat_id"] : $etat_id; $version_id = $version_id == 0 ? $_GET["version_id"] : $version_id; $query = $without != '' ? $query . " -" . $without : $query; $wherepj = ""; if ($pj) { $wherepj = "or c1.content_id in(select content_id from " . __racinebd__ . "fichiers where \r\n MATCH(titre,abstract,contenu) against('" . addquote($query) . "' IN BOOLEAN MODE) and supprimer=0)"; } $from = "" . __racinebd__ . "content c1 inner join " . __racinebd__ . "contenu c on c1.contenu_id=c.contenu_id \r\n inner join " . __racinebd__ . "arbre a on c.arbre_id=a.arbre_id and c.langue_id=" . $langue_id . " \r\n and a.etat_id in(" . $etat_id . ") and c1.version_id in(" . $version_id . ")\r\n inner join " . __racinebd__ . "gabarit g on g.gabarit_id=a.gabarit_id and g.search=1 where \r\n (MATCH(titre1,titre2,contenu,abstract) against('" . addquote($query) . "' IN BOOLEAN MODE)\r\n or c1.content_id in(select content_id from " . __racinebd__ . "tag_search ts inner join " . __racinebd__ . "tag_search_content tsc on ts.tag_search_id=tsc.tag_search_id where \r\n MATCH(ts.libelle) against('" . addquote($query) . "' IN BOOLEAN MODE))\r\n or c1.content_id in(select content_id from " . __racinebd__ . "tag t inner join " . __racinebd__ . "tag_content tsc on t.tag_id=tsc.tag_id where \r\n MATCH(t.libelle) against('" . addquote($query) . "' IN BOOLEAN MODE))\r\n {$wherepj}\r\n ) and a.supprimer=0"; $sql = "select c1.*,c.arbre_id,a.pere,a.gabarit_id,g.libelle from " . $from . " " . $pere . " " . $where . " " . $orderby . " " . $limit; //print $sql; $link = query($sql); $tbl_result_final = array(); while ($tbl_result = fetch($link)) { $tbl_result_final[] = $tbl_result; } return $limit == "limit 1" ? $tbl_result_final[0] : $tbl_result_final; }
<?php require "../../admin/require/function.php"; require "../../conf_front.php"; if ($_POST["mdp"] != "" && $_POST["ident"] != "") { //$sql="select * from users where username='******' and active=1 and user_template_id is null"; /* $sql="select u.*,c.compte_id,c.raisonsociale from users u inner join ".__racinebd__."compte c on u.original_application_id=c.application_id and actif=1 and supprimer=0 where username='******' and active=1 and user_template_id is null"; */ $sql = "select u.*,c.compte_id,c.raisonsociale from " . __racinebd__ . "usergps u\r\n inner join " . __racinebd__ . "compte c on c.compte_id=u.compte_id\r\n where c.supprimer=0 and u.supprimer=0\r\n and username='******'"; //print $sql; $link = query($sql); if (num_rows($link) > 0) { $tbl = fetch($link); if ($tbl["password"] == md5($_POST["mdp"])) { //verification si elle peut se connecter aujourd'hui $indicedujour = dayOfWeek(time()); /* $sql="select mc.* from ".__racinebd__."jour_usersgps mc inner join ".__racinebd__."usergps u on u.usergps_id=mc.usergps_id and user_id=".$tbl["user_id"]." and jour_id=".$indicedujour; */ $sql = "select * from " . __racinebd__ . "jour_usersgps where usergps_id=" . $tbl["usergps_id"] . " and jour_id=" . $indicedujour; //print $sql; $link2 = query($sql); if (num_rows($link2) == 0) { print "nok2"; die; } //creation des sessions
//vérification des droit du compte $sql = "update " . __racinebd__ . "categorie_compte set supprimer=1 where categorie_compte_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; //print $sql."<br>"; $link = query($sql); $msgsave = "Suppression effectuée"; } if ($_POST["mode"] == "ajout") { //vérification des droit du compte $sql = "insert into " . __racinebd__ . "categorie_compte (libelle,compte_id) values('" . addquote($_POST["libelle"]) . "'," . $_SESSION["compte_id"] . ")"; //print $sql."<br>"; $link = query($sql); $msgsave = "ajout"; } if ($_POST["id"] != "" && $_POST["mode"] == "modif") { //vérification des droit du compte $sql = "update " . __racinebd__ . "categorie_compte set libelle ='" . addquote($_POST["libelle"]) . "' where categorie_compte_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; //print $sql."<br>"; $link = query($sql); $msgsave = "modif"; } $sql = "select * from " . __racinebd__ . "categorie_compte where compte_id=" . $_SESSION["compte_id"] . " and supprimer=0 order by libelle"; //$sql="select tlc.*,count(lc.device_id) as nb from ".__racinebd__."categorie_compte tlc left join ".__racinebd__."device lc on tlc.categorie_compte_id=lc.categorie_id and lc.supprimer=0 where tlc.supprimer=0 and lc.compte_id=".$_SESSION["compte_id"]." group by tlc.categorie_compte_id order by libelle"; $link = query($sql); while ($tbl = fetch($link)) { $sql = "select * from " . __racinebd__ . "categorie_compte_device ccd inner join " . __racinebd__ . "device d on d.device_id=ccd.device_id and supprimer=0 and categorie_compte_id=" . $tbl["categorie_compte_id"]; $link2 = query($sql); $tbl["nb"] = num_rows($link2); $tbl_list_categorie[] = $tbl; // $key_list_agence[$tbl["categorie_compte_id"]]=$tbl["libelle"]; } if ($_POST["id"] != "" && $_POST["mode"] == "") {
*/ require "../../include/template_list.php"; } else { if ($_POST["save"] == "yes") { switch ($_GET["mode"]) { case "suppr": $txtmsg = "Le tag a été supprimé"; $szQuery = "update {$table} set supprimer=1 where " . $tablekey . "='" . $_GET["id"] . "'"; break; case "ajout": $txtmsg = "Le tag a été ajouté"; $szQuery = "insert into {$table} (libelle)\r\n values ('" . addquote($_POST["libelle"]) . "')"; break; case "modif": $txtmsg = "Le tag a été modifié"; $szQuery = "update {$table} set \r\n\t\t\t\t\tlibelle='" . addquote($_POST["libelle"]) . "'\r\n where {$tablekey}=" . $_GET["id"]; //print $szQuery; break; } require "../../include/template_save.php"; } else { $szQuery = "SELECT * FROM {$table} where {$tablekey}=" . $_GET["id"]; //$query="select newsletter_etat_id,libelle from newsletter_etat order by libelle"; //libelle=>nom du champ|type|obligatoire|taille (facultatif) //les type sont les suivant // txt area html media date file email list(nom var requete) listmutiple(nom var requete) $tabcolonne = array("Libelle" => "libelle|txt(255)|yes"); /* $tabcolonne=array( "Login"=>"login|txt(255)|yes", "Password"=>"mdp|txt(255)|yes",
//deplacement du fichier //move_uploaded_file($_FILES[ext]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$_FILES["ext"]["name"]); $filename = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext"]["name"]); //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $ext = getext($_FILES["ext"]["name"]); $sql = "insert into " . __racinebd__ . "prix (montant,quantite,ref) value('" . addquote($_POST["prix"]) . "','" . addquote($_POST["quantite"]) . "','" . addquote($_POST["ref"]) . "')"; $link = query($sql); $prix_id = insert_id(); $querystring = "select * from " . __racinebd__ . "attribut where supprimer=0 order by libelle"; $link = query($querystring); while ($tbl = fetch($link)) { //print "attr_".$tbl["attribut_id"]."<br>"; //print $_POST["attr_".$tbl["attribut_id"]]; if ($_POST["attr_" . $tbl["attribut_id"]] != "" && $_POST["attr_" . $tbl["attribut_id"]] != -1) { $sql = "insert into " . __racinebd__ . "valeur_prix (valeur_id,prix_id,attribut_id) value('" . addquote($_POST["attr_" . $tbl["attribut_id"]]) . "','" . $prix_id . "','" . $tbl["attribut_id"] . "')"; query($sql); } } ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_prix_<?php echo $prix_id; ?> ">'; content+='<input type="hidden" name="listprix[]" value="<?php echo $prix_id; ?> "/>'; content+='<input type="hidden" id="prix_<?php echo $prix_id;
<?php require "../../require/function.php"; require "../../require/back_include.php"; set_time_limit(3600); if ($_POST["libelle"] != "") { $sql = "select max(ordre) as maxordre from " . __racinebd__ . "devisline where supprimer=0 and devis_id=" . $_GET["id"]; $link = query($sql); $tbl = fetch($link); $sql = "insert into " . __racinebd__ . "devisline (devis_id,libelle,montant,ordre) \r\n value('" . addquote($_GET["id"]) . "','" . addquote($_POST["libelle"]) . "','" . str_replace(",", ".", addquote($_POST["montant"])) . "','" . ($tbl["maxordre"] + 1) . "')"; $link = query($sql); $mmontant_id = insert_id(); ?> <script> //rafraichissement de la liste //alert(top.listidmontantiframelist.location) if(top.listidmontantiframelist.contentWindow) top.listidmontantiframelist.contentWindow.location.reload(true); else top.listidmontantiframelist.location.reload(true); </script> <?php } ?> <html> <head> <META http-equiv="Content-Type" Content="text/html; charset=UTF-8"> <script> function validateForm(obj){ if(obj.libelle.value==""){ alert('Veuillez indiquer un libelle');
<?php require "../../require/function.php"; require "../../require/back_include.php"; $_GET["nomobj"] = "listval[]"; set_time_limit(3600); if ($_POST["save"] == "yes") { //creation du repertoire tmp //@mkdir ($_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id'], 0775); //deplacement du fichier //move_uploaded_file($_FILES[ext]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$_FILES["ext"]["name"]); //$filename2=preg_replace('/[^a-z0-9_\-\.]/i', '_', $_FILES["ext2"]["name"]); //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $sql = "update " . __racinebd__ . "list_val \r\n set titre='" . addquote($_POST["titre"]) . "',\r\n val='" . addquote($_POST["val"]) . "'\r\n where val_id=" . $_POST["val_id"]; /* ext1,nom_fichier1,titre2,ext2,nom_fichier2,lightbox,contenulightbox) value(,'".$ext1."','".$filename1."','".addquote($_POST["titre_fichier2"])."','".$ext2."','".$filename2."','".$_POST["lightbox"]."','".$_POST["contenu"]."')"; */ $link = query($sql); //$images_id=insert_id(); $sql = "select * from " . __racinebd__ . "list_val where val_id=" . $_POST["val_id"]; $link = query($sql); $tbl_info = fetch($link); ?> <script> //parent. content='<table width="100%" style="border-bottom:1px solid black" id="table_val_<?php echo $_POST["val_id"]; ?> ">';
} } } if ($_FILES["ext5"]["tmp_name"] != "" && $_POST["ext5_chk"] != 1) { $myext5 = savefile("ext5", $table . "5_"); } else { if ($_POST["ext5"] != "" && $_POST["ext5_chk"] != 1) { $myext5 = ",ext5='" . $_POST["ext5"] . "'"; } else { if ($_POST["ext5_chk"] == 1) { $myext5 = ",ext5=null"; } } } //si pas de changement d'etat $szQuery = "update {$table} set \r\n \t\t\t\t\ttitre1='" . addquote($_POST["titre1"]) . "',\r\n \t\t\t\t\ttitre2='" . addquote($_POST["titre2"]) . "',\r\n \t\t\t\t\ttitre3='" . addquote($_POST["titre3"]) . "',\r\n \t\t\t\t\ttitre4='" . addquote($_POST["titre4"]) . "',\r\n \t\t\t\t\ttitre5='" . addquote($_POST["titre5"]) . "',\r\n \t\t\t\t\tabstract='" . addquote($_POST["abstract"]) . "',\r\n abstract2='" . addquote($_POST["abstract2"]) . "',\r\n \t\t\t\t\tabstract3='" . addquote($_POST["abstract3"]) . "',\r\n \t\t\t\t\tabstract4='" . addquote($_POST["abstract4"]) . "',\r\n \t\t\t\t\tabstract5='" . addquote($_POST["abstract5"]) . "',\r\n \t\t\t\t\tcontenu='" . addquote($_POST["contenu"]) . "',\r\n \t\t\t\t\tdate_actu='" . datetimebdd($_POST["date_actu"]) . "',\r\n \t\t\t\t\tdate_fin='" . datetimebdd($_POST["date_fin"]) . "',\r\n \t\t\t\t\tnote='" . $_POST["note"] . "',\r\n \t\t\t\t\tversion_id='" . $_POST["version_id"] . "',\r\n \t\t\t\t\ttwitter='" . $_POST["twitter"] . "',\r\n \t\t\t\t\ttva_id='" . $_POST["tva_id"] . "',\r\n \t\t\t\t\tfournisseur_id='" . $_POST["fournisseur_id"] . "',\r\n note1='" . $_POST["note1"] . "',\r\n note2='" . $_POST["note2"] . "',\r\n note3='" . $_POST["note3"] . "',\r\n note4='" . $_POST["note4"] . "',\r\n archive='" . $_POST["archive"] . "',\r\n envoye='" . $_POST["envoye"] . "',\r\n titleseo='" . addquote($_POST["titleseo"]) . "',\r\n abstractseo='" . addquote($_POST["abstractseo"]) . "',\r\n robotseo='" . addquote($_POST["robotseo"]) . "'\r\n \t\t\t\t\t{$myext}\r\n \t\t\t\t\t{$myext2}\r\n \t\t\t\t\t{$myext3}\r\n \t\t\t\t\t{$myext4}\r\n {$myext5}\r\n where content_id=" . $content_id; majfichier($content_id); majval($content_id); updateContent($content_id, $_GET["arbre_id"], $_GET["langue_id"]); createdefault("ext", $table, $content_id); createdefault("ext2", $table . "2_", $content_id); createdefault("ext3", $table . "3_", $content_id); createdefault("ext4", $table . "4_", $content_id); createdefault("ext5", $table . "5_", $content_id); } if ($_POST["version_id"] == 1) { $sql = "update " . __racinebd__ . "contenu set translate=1 where contenu_id=" . $contenu_id; query($sql); } $sql = "delete from " . __racinebd__ . "tag_content where content_id=" . $content_id; query($sql);
for ($i = 0; $i < count($_POST["jour"]); $i++) { $sql = "insert into " . __racinebd__ . "jour_usersgps (usergps_id,jour_id) values(" . $_POST["id"] . "," . $_POST["jour"][$i] . ")"; query($sql); } //sauvegarde des rapports $sql = "delete from " . __racinebd__ . "rapport_usersgps where usergps_id=" . $_POST["id"]; query($sql); for ($i = 0; $i < count($_POST["rapport"]); $i++) { $sql = "insert into " . __racinebd__ . "rapport_usersgps (usergps_id,rapport_id) values(" . $_POST["id"] . "," . $_POST["rapport"][$i] . ")"; query($sql); } $msgsave = "Sauvegarde effectuée"; } //sauvegarde d'ajout if ($_POST["id"] == "" && $_POST["mode"] == "ajout") { $sql = "insert into " . __racinebd__ . "usergps (tel,name,email,password,username,date_creation,compte_id) \r\n values('" . addquote($_POST["tel"]) . "','" . addquote($_POST["name"]) . "','" . addquote($_POST["email"]) . "','" . md5($_POST["password"]) . "','" . addquote($_POST["username"]) . "',now(),'" . $_GET["pere"] . "')"; query($sql); $usergpd_id = insert_id(); //sauvegarde des agences for ($i = 0; $i < count($_POST["agence"]); $i++) { $sql = "insert into " . __racinebd__ . "agence_compte_usergps (usergps_id,agence_compte_id) values(" . $usergpd_id . "," . $_POST["agence"][$i] . ")"; query($sql); } //sauvegarde des vehicules for ($i = 0; $i < count($_POST["vehicule"]); $i++) { $sql = "insert into " . __racinebd__ . "usergps_device (usergps_id,device_id) values(" . $usergpd_id . "," . $_POST["vehicule"][$i] . ")"; query($sql); } //sauvegarde des modules for ($i = 0; $i < count($_POST["module"]); $i++) { $sql = "insert into " . __racinebd__ . "module_usersgps (usergps_id,module_id) values(" . $usergpd_id . "," . $_POST["module"][$i] . ")";
require "../../require/back_include.php"; set_time_limit(3600); if ($_POST["titre"] != "") { $sql = "select max(ordre) as maxordre from " . __racinebd__ . "newsletterline where supprimer=0 and newsletter_id=" . $_GET["id"]; $link = query($sql); $tbl = fetch($link); if ($_FILES["ext"]["tmp_name"] != "") { $myext = "'" . getext($_FILES["ext"]["name"]) . "'"; } else { if ($_POST["ext"] != "") { $myext = "'" . $_POST["ext"] . "'"; } else { $myext = "null"; } } $sql = "insert into " . __racinebd__ . "newsletterline (newsletter_id,titre,contenu,ordre,ext,lien) \r\n value('" . addquote($_GET["id"]) . "','" . addquote($_POST["titre"]) . "','" . str_replace(",", ".", addquote($_POST["contenu"])) . "','" . ($tbl["maxordre"] + 1) . "',{$myext},'" . addquote($_POST["lien"]) . "')"; $link = query($sql); $mmontant_id = insert_id(); if ($_FILES["ext"]["tmp_name"] != "") { savefile("ext", __racinebd__ . "newsletterline", $mmontant_id); } ?> <script> //rafraichissement de la liste //alert(top.listidmontantiframelist.location) if(top.listidmontantiframelist.contentWindow) top.listidmontantiframelist.contentWindow.location.href=top.listidmontantiframelist.contentWindow.location.href.replace('mode=',''); else top.listidmontantiframelist.location.href=top.listidmontantiframelist.location.href.replace('mode=',''); </script>
$szQuery = "insert into " . __racinebd__ . "device (devices_id,type_device_id,IMEI,serialnumber,vieprivee,modepieton,nomvehicule,telboitier,compte_id,date_creation,unitid) \r\n values('" . $id . "','" . $_POST["type_device_id"] . "','" . addquote($_POST["IMEI"]) . "','" . addquote($_POST["serialnumber"]) . "','" . addquote($_POST["vieprivee"]) . "','" . addquote($_POST["modepieton"]) . "','" . addquote($_POST["nomvehicule"]) . "','" . addquote($_POST["telboitier"]) . "','" . $_GET["pere"] . "',now(),'" . addquote($_POST["unitid"]) . "')"; //query($sql); //$szQuery=""; break; case "modif": $txtmsg = "Le boitiers a été modifié"; //username='******', if ($_POST["type_device_id"] == 1) { //orion on stock le serial $uniqueId = $_POST["unitid"]; } else { $uniqueId = $_POST["IMEI"]; } $sql = "update devices set uniqueId='" . addquote($uniqueId) . "' where id=" . $_POST["devices_id"]; query($sql); $szQuery = "update {$table} set \r\n\t\t\t\t\tIMEI='" . addquote($_POST["IMEI"]) . "',\r\n\t\t\t\t\tserialnumber='" . addquote($_POST["serialnumber"]) . "',\r\n unitid='" . addquote($_POST["unitid"]) . "', \r\n vieprivee='" . addquote($_POST["vieprivee"]) . "',\r\n modepieton='" . addquote($_POST["modepieton"]) . "',\r\n nomvehicule='" . addquote($_POST["nomvehicule"]) . "',\r\n telboitier='" . addquote($_POST["telboitier"]) . "' \r\n where {$tablekey}=" . $_GET["id"]; //print $szQuery; //modification de la table device break; } require "../../include/template_save.php"; } else { //$szQuery = "SELECT * FROM $table where $tablekey=".$_GET["id"]; /* $szQuery = "select * from $table t inner join ".__racinebd__."compte c on c.application_id=t.original_application_id inner join device d on d.owner_id=t.user_id inner join ".__racinebd__."device pd on pd.owner_id=t.user_id inner join user_template ut on ut.user_template_id=t.user_template_id and ut.application_id=c.application_id and template_name='Device' where active=1 and $tablekey=".$_GET["id"]; */
while ($tbl_result = fetch($link)) { $sql = "insert into " . __racinebd__ . "contenu (arbre_id,langue_id,nom,translate) values (" . $tbl_result["arbre_id"] . "," . $id . ",'" . $tbl_result["nom"] . "',0)"; query($sql); } $szQuery = ""; break; case "modif": if ($_FILES["ext"]["tmp_name"] != "" && $_POST["ext_chk"] != 1) { $myext = savefile("ext", $table); tbl_img($table, $_GET["id"], getext($_FILES["ext"]["name"]), 16, 10); } else { if ($_POST["ext_chk"] == 1) { $myext = ",ext=null "; } } $txtmsg = "La langue a été modifiée"; $szQuery = "update {$table} set \r\n\t\t\t\t\tlibelle='" . addquote($_POST["libelle"]) . "',\r\n\t\t\t\t\tshortlib='" . addquote($_POST["shortlib"]) . "',\r\n\t\t\t\t\tactive='" . addquote($_POST["active"]) . "'\r\n\t\t\t\t\t{$myext}\r\n where {$tablekey}=" . $_GET["id"]; break; } require "../../include/template_save.php"; } else { $szQuery = "SELECT * FROM {$table} where {$tablekey}=" . $_GET["id"]; //libelle=>nom du champ|type|obligatoire|taille (facultatif) //les type sont les suivant // txt area html media date file email list(nom var requete) listmutiple(nom var requete) $querylist = "select langue_id,libelle from " . __racinebd__ . "langue"; $tabcolonne = array("Langue" => "libelle|txt(255)|yes", "Code" => "shortlib|txt(255)|yes", "Icon" => "ext|file(gif,jpg,png)|yes", "Active" => "active|chk"); require "../../include/template_detail.php"; } } }
<?php require "../../require/function.php"; require "../../require/back_include.php"; $sql = "update " . __racinebd__ . "prix set montant='" . addquote($_POST["montant"]) . "',montantremise='" . addquote($_POST["montantremise"]) . "',quantite='" . addquote($_POST["quantite"]) . "',ref='" . addquote($_POST["ref"]) . "' where prix_id=" . $_POST["indice"]; query($sql); ?> okmodif
$delete = true; $search = false; $notview = true; require "../../include/template_list.php"; } else { if ($_POST["save"] == "yes") { switch ($_GET["mode"]) { case "suppr": $txtmsg = "La nouveauté a été supprimé"; $szQuery = "update {$table} set supprimer=1 where " . $tablekey . "='" . $_GET["id"] . "'"; break; case "ajout": $txtmsg = "La nouveauté a été ajouté"; $szQuery = "insert into {$table} (texte,date_creation)\r\n values ('" . addquote($_POST["texte"]) . "','" . datetimebdd($_POST["date_creation"]) . "')"; break; case "modif": $txtmsg = "La nouveauté a été modifié"; $szQuery = "update {$table} set \r\n\t\t\t\t\ttexte='" . addquote($_POST["texte"]) . "',\r\n\t\t\t\t\tdate_creation='" . datetimebdd($_POST["date_creation"]) . "'\r\n where {$tablekey}=" . $_GET["id"]; break; } require "../../include/template_save.php"; } else { $szQuery = "SELECT * FROM {$table} where {$tablekey}=" . $_GET["id"]; //libelle=>nom du champ|type|obligatoire|taille (facultatif) //les type sont les suivant // txt area html media date file email list(nom var requete) listmutiple(nom var requete) $tabcolonne = array("Texte" => "texte|area|yes", "Date" => "date_creation|date2|yes"); require "../../include/template_detail.php"; } } }
$sql = "select * from " . __racinebd__ . "device where supprimer=0 and unitid='" . addquote($tablelem[4]) . "'"; //print $sql; $link2 = query($sql); //if(num_rows($link2)==0&&$tablelem[5]!=""){ if (num_rows($link2) == 0) { $compte_id = $tbl["compte_id"]; $sql = "select max(id) as maxid from devices"; $link = query($sql); $tbl = fetch($link); $sql = "insert into devices (name,uniqueId) \r\n values('Device" . ($tbl["maxid"] + 1) . "','" . addslashes($tablelem[4]) . "')"; //print $sql."<br>"; query($sql); $id = insert_id(); $sql = "INSERT INTO users_devices (users_id, devices_id) VALUES ('1', {$id})"; //query($sql); $szQuery = "insert into " . __racinebd__ . "device (devices_id,type_device_id,IMEI,serialnumber,nomvehicule,telboitier,compte_id,date_creation,unitid,immatriculation) \r\n values('" . $id . "',1,'" . addslashes($tablelem[4]) . "','" . addslashes($tablelem[4]) . "','" . addslashes($tablelem[2]) . "','+" . addslashes($tablelem[5]) . "','" . $compte_id . "',now(),'" . addquote($tablelem[4]) . "','" . addquote($tablelem[3]) . "')"; //query($sql); //print $szQuery."<br>"; query($szQuery); $device_id = insert_id(); //device phantom_usergps_device $sql = "select * from " . __racinebd__ . "usergps where compte_id=" . $compte_id; $link_device = query($sql); while ($tbl_device = fetch($link_device)) { $sql = "insert into " . __racinebd__ . "usergps_device (device_id,usergps_id) values('" . $device_id . "','" . $tbl_device["usergps_id"] . "')"; //print $sql."<br>"; query($sql); } } } else { print "erreur compte '" . addslashes($tablelem[0]) . "' non trouvé<br>";
} //device phantom_usergps_device $sql = "select * from " . __racinebd__ . "device where compte_id=" . $_GET["pere"]; $link = query($sql); while ($tbl = fetch($link)) { $sql = "insert into " . __racinebd__ . "usergps_device (device_id,usergps_id) values('" . $tbl["device_id"] . "','" . $usergpd_id . "')"; query($sql); } $szQuery = ""; break; case "modif": $txtmsg = "L'utilisateurs a été modifié"; if ($_POST["password2"] != "") { $pwd = ",password='******'"; } $szQuery = "update {$table} set \r\n\t\t\t\t\tusername='******',\r\n\t\t\t\t\tname='" . addquote($_POST["name"]) . "',\r\n email='" . addquote($_POST["email"]) . "',\r\n tel='" . addquote($_POST["tel"]) . "'\r\n {$pwd}\r\n where {$tablekey}=" . $_GET["id"]; //print $szQuery; break; } require "../../include/template_save.php"; } else { $szQuery = "SELECT * FROM {$table} where {$tablekey}=" . $_GET["id"]; //libelle=>nom du champ|type|obligatoire|taille (facultatif) //les type sont les suivant // txt area html media date file email list(nom var requete) listmutiple(nom var requete) if ($_GET["mode"] == "ajout") { $tabcolonne = array("Username" => "username|txt(255)|yes", "Name" => "name|txt(255)|yes", "Password" => "password|password|yes", "Email" => "email|txt(255)|no", "Téléphone" => "tel|txt(255)|no"); } else { $tabcolonne = array("Username" => "username|txt(255)|yes", "Name" => "name|txt(255)|yes", "Password (for change)" => "password2|password|no", "Email" => "email|txt(255)|no", "Téléphone" => "tel|txt(255)|no"); } require "../../include/template_detail.php";
<?php require "../../require/function.php"; require "../../require/back_include.php"; set_time_limit(3600); if ($_POST["titre"] != "") { $sql = "insert into " . __racinebd__ . "list_val (titre,val) \r\n value('" . addquote($_POST["titre"]) . "','" . addquote($_POST["val"]) . "')"; $link = query($sql); $val_id = insert_id(); ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_val_<?php echo $val_id; ?> ">'; content+='<input type="hidden" name="listvals[]" value="<?php echo $val_id; ?> "/>'; content+='<input type="hidden" name="listtitre[]" value="<?php echo $_POST["titre1"]; ?> "/>'; content+='<input type="hidden" name="listval[]" value="<?php echo $_POST["val"]; ?> "/>'; content+='<input type="hidden" id="val_<?php echo $val_id; ?> " name="val_<?php
break; case "ajout": $txtmsg = $trad["L'utilisateur a été ajouté"]; $szQuery = "insert into {$table} (login,mdp,email)\r\n values ('" . addquote($_POST["login"]) . "','" . addquote($_POST["mdp"]) . "','" . addquote($_POST["email"]) . "')"; $link = query($szQuery); $id = insert_id(); //sauvegarde des droits for ($i = 0; $i < count($_POST["groupe_id"]); $i++) { $sql = "insert into " . __racinebd__ . "groupe_users (groupe_id,users_id) values (" . $_POST["groupe_id"][$i] . "," . $id . ")"; query($sql); } $szQuery = ""; break; case "modif": $txtmsg = $trad["L'utilisateur a été modifié"]; $szQuery = "update {$table} set \r\n\t\t\t\t\tlogin='******',\r\n\t\t\t\t\tmdp='" . addquote($_POST["mdp"]) . "',\r\n\t\t\t\t\temail='" . addquote($_POST["email"]) . "'\r\n where {$tablekey}=" . $_GET["id"]; //print $szQuery; $sql = "delete from " . __racinebd__ . "groupe_users where users_id=" . $_GET["id"]; query($sql); //sauvegarde des droits for ($i = 0; $i < count($_POST["groupe_id"]); $i++) { $sql = "insert into " . __racinebd__ . "groupe_users (groupe_id,users_id) values (" . $_POST["groupe_id"][$i] . "," . $_GET["id"] . ")"; query($sql); } break; } require "../../include/template_save.php"; } else { $szQuery = "SELECT * FROM {$table} where {$tablekey}=" . $_GET["id"]; //libelle=>nom du champ|type|obligatoire|taille (facultatif) //les type sont les suivant
<?php if (!verifdroit("AGE")) { die; } $msgsave = ""; if ($_POST["mode"] == "ajout") { //vérification des droit du compte $sql = "insert into " . __racinebd__ . "agence_compte (libelle,principal,compte_id) values('" . addquote($_POST["libelle"]) . "','" . $_POST["principal"] . "'," . $_SESSION["compte_id"] . ")"; //print $sql."<br>"; $link = query($sql); $msgsave = "ajout"; } if ($_POST["id"] != "" && $_POST["mode"] == "modif") { //vérification des droit du compte $sql = "update " . __racinebd__ . "agence_compte set libelle ='" . addquote($_POST["libelle"]) . "' , principal='" . $_POST["principal"] . "' where agence_compte_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; //print $sql."<br>"; $link = query($sql); $msgsave = "modif"; } $sql = "select * from " . __racinebd__ . "agence_compte where compte_id=" . $_SESSION["compte_id"] . " and supprimer=0 order by libelle"; $link = query($sql); while ($tbl = fetch($link)) { $tbl_list_agence[] = $tbl; // $key_list_agence[$tbl["agence_compte_id"]]=$tbl["libelle"]; } if ($_POST["id"] != "" && $_POST["mode"] == "") { $sql = "select * from " . __racinebd__ . "agence_compte where compte_id=" . $_SESSION["compte_id"] . " and agence_compte_id=" . $_POST["id"] . " order by libelle"; $link = query($sql); $tbl_modif_agence = fetch($link); }
query($sql); //creation d'une agence par defaut $sql = "insert into " . __racinebd__ . "agence_compte (libelle,principal,compte_id) values('Agence 1',1," . $id . ")"; query($sql); //creation de type de véhicule $sql = "INSERT INTO `phantom_type_compte` (`libelle`, `compte_id`, `icon`) VALUES('Voiture', " . $id . ", 'car_icon.png');"; query($sql); $sql = "INSERT INTO `phantom_type_compte` (`libelle`, `compte_id`, `icon`) VALUES('Camion', " . $id . ", 'supercamion_icon.png');"; query($sql); $sql = "INSERT INTO `phantom_type_compte` (`libelle`, `compte_id`, `icon`) VALUES('Utilitaire', " . $id . ", 'utilitaire-icon.png');"; query($sql); $szQuery = ""; break; case "modif": $txtmsg = "Le compte a été modifié"; $szQuery = "update {$table} set \r\n\t\t\t\t\tcommercial_id='" . addquote($_POST["commercial_id"]) . "',\r\n\t\t\t\t\tnom='" . addquote($_POST["nom"]) . "',\r\n\t\t\t\t\tcodecreation='" . addquote($_POST["codecreation"]) . "', \r\n adresse='" . addquote($_POST["adresse"]) . "',\r\n raisonsociale='" . addquote($_POST["raisonsociale"]) . "',\r\n cp='" . addquote($_POST["cp"]) . "',\r\n ville='" . addquote($_POST["ville"]) . "',\r\n tel='" . addquote($_POST["tel"]) . "',\r\n email='" . addquote($_POST["email"]) . "',\r\n actif='" . addquote($_POST["actif"]) . "'\r\n where {$tablekey}=" . $_GET["id"]; //print $szQuery; $sql = "delete from " . __racinebd__ . "compte_options where compte_id=" . $_GET["id"]; query($sql); //sauvegarde des options for ($i = 0; $i < count($_POST["options_id"]); $i++) { $sql = "insert into " . __racinebd__ . "compte_options (compte_id,options_id) values (" . $_GET["id"] . "," . $_POST["options_id"][$i] . ")"; query($sql); } break; } require "../../include/template_save.php"; } else { $szQuery = "SELECT * FROM {$table} where {$tablekey}=" . $_GET["id"]; //libelle=>nom du champ|type|obligatoire|taille (facultatif) //les type sont les suivant
//vérification des droit du compte $sql = "update " . __racinebd__ . "type_compte set supprimer=1 where type_compte_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; query($sql); //print $sql."<br>"; $msgsave = "Suppression effectuée"; } if ($_POST["mode"] == "ajout") { //vérification des droit du compte $sql = "insert into " . __racinebd__ . "type_compte (libelle,consommation,vitesseattente,icon,compte_id) values('" . addquote($_POST["libelle"]) . "','" . addquote($_POST["consommation"]) . "','" . addquote($_POST["vitesseattente"]) . "','" . addquote($_POST["icon"]) . "'," . $_SESSION["compte_id"] . ")"; //print $sql."<br>"; $link = query($sql); $msgsave = "Sauvegarde effectuée"; } if ($_POST["id"] != "" && $_POST["mode"] == "modif") { //vérification des droit du compte $sql = "update " . __racinebd__ . "type_compte set libelle ='" . addquote($_POST["libelle"]) . "',consommation='" . addquote($_POST["consommation"]) . "',vitesseattente='" . addquote($_POST["vitesseattente"]) . "',icon='" . addquote($_POST["icon"]) . "' where type_compte_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; //print $sql."<br>"; $link = query($sql); $msgsave = "Sauvegarde effectuée"; } $sql = "select * from " . __racinebd__ . "type_compte where compte_id=" . $_SESSION["compte_id"] . " and supprimer=0 order by libelle"; $link = query($sql); while ($tbl = fetch($link)) { $tbl_list_type[] = $tbl; // $key_list_agence[$tbl["type_compte_id"]]=$tbl["libelle"]; } if ($_POST["id"] != "" && $_POST["mode"] == "") { $sql = "select * from " . __racinebd__ . "type_compte where compte_id=" . $_SESSION["compte_id"] . " and type_compte_id=" . $_POST["id"] . " order by libelle"; $link = query($sql); $tbl_modif_type = fetch($link); }
//deplacement du fichier //move_uploaded_file($_FILES[ext]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$_FILES["ext"]["name"]); $filename1 = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext1"]["name"]); $filename2 = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext2"]["name"]); //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $ext1 = getext($_FILES["ext1"]["name"]); $ext2 = getext($_FILES["ext2"]["name"]); /*if(PHANTOM_FULLTEXT==true){ $contenu1=addslashes(extract2tmpfile($ext1,$_FILES["ext1"]["tmp_name"])); $contenu2=addslashes(extract2tmpfile($ext2,$_FILES["ext2"]["tmp_name"])); }else{ $contenu1=addquote($_POST["description_fichier1"]); $contenu2=addquote($_POST["description_fichier2"]); }*/ $sql = "insert into " . __racinebd__ . "list_images (titre1,ext1,nom_fichier1,titre2,ext2,nom_fichier2,lightbox,contenulightbox) \r\n value('" . addquote($_POST["titre_fichier1"]) . "','" . $ext1 . "','" . $filename1 . "','" . addquote($_POST["titre_fichier2"]) . "','" . $ext2 . "','" . $filename2 . "','" . $_POST["lightbox"] . "','" . $_POST["contenu"] . "')"; $link = query($sql); $images_id = insert_id(); savefile("ext1", __racinebd__ . "list_images", $images_id); savefile("ext2", __racinebd__ . "list_images2_", $images_id); ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_images_<?php echo $images_id; ?> ">'; content+='<input type="hidden" name="listimages[]" value="<?php echo $images_id; ?> "/>'; content+='<textarea name="listimagescontenu[]" style="display:none"><?php
$myext2 = savefile("ext2", __racinebd__ . "list_images2_"); } else { if ($_POST["ext2"] != "" && $_POST["ext2_chk"] != 1) { $filename2 = preg_replace('/[^a-z0-9_\\-\\.]/i', '_', $_FILES["ext2"]["name"]); $myext2 = ",ext2='" . getext($_FILES["ext2"]["name"]) . "',nom_fichier2='" . $filename2 . "'"; } else { if ($_POST["ext2_chk"] == 1) { $myext2 = ",ext1=null"; } } } //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $ext1 = getext($_FILES["ext1"]["name"]); $ext2 = getext($_FILES["ext2"]["name"]); $sql = "update " . __racinebd__ . "list_images \r\n set titre1='" . addquote($_POST["titre_fichier1"]) . "',\r\n titre2='" . addquote($_POST["titre_fichier2"]) . "',\r\n lightbox='" . addquote($_POST["lightbox"]) . "',\r\n contenulightbox='" . addquote($_POST["contenu"]) . "'\r\n {$myext1}\r\n {$myext2}\r\n where images_id=" . $_POST["images_id"]; /* ext1,nom_fichier1,titre2,ext2,nom_fichier2,lightbox,contenulightbox) value(,'".$ext1."','".$filename1."','".addquote($_POST["titre_fichier2"])."','".$ext2."','".$filename2."','".$_POST["lightbox"]."','".$_POST["contenu"]."')"; */ $link = query($sql); //$images_id=insert_id(); $sql = "select * from " . __racinebd__ . "list_images where images_id=" . $_POST["images_id"]; $link = query($sql); $tbl_info = fetch($link); ?> <script> //parent. //content='<table width="100%" style="border-bottom:1px solid black" id="table_image_<?php echo $images_id;
<h1>Add a quote</h1> <form action="/?add" method="POST"> <?php if (count($_POST) > 0) { // we can at least assume that the submit button was pressed... if (check_empty($_POST['quotetext'])) { // Do NAHFIN'! // Quote box was empty, we'll ignore they pressed submit. } else { // Do IT! $exist = checkquoteexist($_POST['quotetext']); if (is_numeric($exist)) { print "<br /><center><font color=\"red\">The quote has already been entered as <a href=\"/?" . $exist . "\">Quote #" . $exist . "</a></font></center>"; } else { $newquote = addquote($_POST); // printf("<br>NQ: %s", $newquote); if (is_numeric($newquote)) { print "<br /><center><font color=\"red\">Your quote has been submitted as Quote #" . $newquote . "</font></center><br />"; } } } //print "<font color=red>post exists</font>"; } ?> <textarea cols="100%" rows="10" name="quotetext"></textarea> <br /><br /> <input type="submit" name="cmdSubmit" value="Submit">
<?php if ($_POST["id"] != "" && $_POST["mode"] == "modif") { //on verifie si il existe un enregistrement dans la table etat_moteur_compte $sql = "select * from " . __racinebd__ . "etat_moteur_compte where etat_moteur_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; $link = query($sql); if (num_rows($link) == 0) { $sql = "insert into " . __racinebd__ . "etat_moteur_compte(etat_moteur_id,libelle,couleur,compte_id) values(" . $_POST["id"] . ",'" . addquote($_POST["libelle"]) . "','" . addquote($_POST["couleur"]) . "','" . $_SESSION["compte_id"] . "')"; } else { $sql = "update " . __racinebd__ . "etat_moteur_compte set libelle='" . addquote($_POST["libelle"]) . "',couleur='" . addquote($_POST["couleur"]) . "' where compte_id=" . $_SESSION["compte_id"] . " and etat_moteur_id=" . $_POST["id"]; } query($sql); $msgsave = "Sauvegarde effectuée"; } $sql = "select em.etat,em.etat_moteur_id,em.libelle,emc.libelle as lib2,couleur,defaultcouleur from " . __racinebd__ . "etat_moteur em left join\r\n " . __racinebd__ . "etat_moteur_compte emc on emc.etat_moteur_id=em.etat_moteur_id and compte_id=" . $_SESSION["compte_id"] . " order by libelle"; $link = query($sql); while ($tbl = fetch($link)) { //$tbl_list_etat[]=array("etat_moteur_id"=>$tbl["etat"],"libelle"=>(($tbl["lib2"]=="")?$tbl["libelle"]:$tbl["lib2"])); $tbl_list_etat[] = $tbl; } if ($_POST["id"] != "") { $sql = "select em.etat,em.etat_moteur_id,em.libelle,emc.libelle as lib2,couleur,defaultcouleur \r\n from " . __racinebd__ . "etat_moteur em left join\r\n " . __racinebd__ . "etat_moteur_compte emc on emc.etat_moteur_id=em.etat_moteur_id and compte_id=" . $_SESSION["compte_id"] . " where em.etat_moteur_id=" . $_POST["id"] . " order by libelle"; //print $sql."<br>"; $link = query($sql); $tbl_modif = fetch($link); }
//vérification des droit du compte $sql = "update " . __racinebd__ . "entretien_compte set supprimer=1 where entretien_compte_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; query($sql); //print $sql."<br>"; $msgsave = "Suppression effectuée"; } if ($_POST["mode"] == "ajout") { //vérification des droit du compte $sql = "insert into " . __racinebd__ . "entretien_compte (libelle,icon,compte_id) values('" . addquote($_POST["libelle"]) . "','" . addquote($_POST["icon"]) . "'," . $_SESSION["compte_id"] . ")"; //print $sql."<br>"; $link = query($sql); $msgsave = "Sauvegarde effectuée"; } if ($_POST["id"] != "" && $_POST["mode"] == "modif") { //vérification des droit du compte $sql = "update " . __racinebd__ . "entretien_compte set libelle ='" . addquote($_POST["libelle"]) . "',icon='" . addquote($_POST["icon"]) . "' where entretien_compte_id=" . $_POST["id"] . " and compte_id=" . $_SESSION["compte_id"]; //print $sql."<br>"; $link = query($sql); $msgsave = "Sauvegarde effectuée"; } $sql = "select * from " . __racinebd__ . "entretien_compte where compte_id=" . $_SESSION["compte_id"] . " and supprimer=0 order by libelle"; $link = query($sql); while ($tbl = fetch($link)) { $tbl_list_type[] = $tbl; // $key_list_agence[$tbl["entretien_compte_id"]]=$tbl["libelle"]; } if ($_POST["id"] != "" && $_POST["mode"] == "") { $sql = "select * from " . __racinebd__ . "entretien_compte where compte_id=" . $_SESSION["compte_id"] . " and entretien_compte_id=" . $_POST["id"] . " order by libelle"; $link = query($sql); $tbl_modif_type = fetch($link); }
<?php require "../../require/function.php"; require "../../require/back_include.php"; $_GET["nomobj"] = "listmontant[]"; set_time_limit(3600); $sql = "select * from " . __racinebd__ . "devisline where devisline_id=" . ($_GET["id"] == "" ? $_POST["devisline_id"] : $_GET["id"]); $link = query($sql); $tbl_info = fetch($link); if ($_POST["save"] == "yes") { //sauvegarde en base $sql = "update " . __racinebd__ . "devisline \r\n set libelle='" . addquote($_POST["libelle"]) . "',\r\n montant='" . str_replace(",", ".", addquote($_POST["montant"])) . "'\r\n where devisline_id=" . $_POST["devisline_id"]; $link = query($sql); ?> <script> alert("Modifications prises en compte"); if(top.listidmontantiframelist.contentWindow) top.listidmontantiframelist.contentWindow.location.reload(true); else top.listidmontantiframelist.location.reload(true); window.location="insertfile.php?nomobj=listontant[]&id=<?php echo $tbl_info["devis_id"]; ?> "; </script> <?php die; } ?> <html>
$child = true; $childtxt[] = "Compte"; $urlchild[] = __racineadmin__ . "/custom/compte/index.php"; require "../../include/template_list.php"; } else { if ($_POST["save"] == "yes") { switch ($_GET["mode"]) { case "suppr": $txtmsg = "Le commercial a été supprimé"; $szQuery = "update {$table} set supprimer=1 where " . $tablekey . "='" . $_GET["id"] . "'"; break; case "ajout": $txtmsg = "Le commercial a été ajouté"; $szQuery = "insert into {$table} (prenom,nom,actif)\r\n values ('" . addquote($_POST["prenom"]) . "','" . addquote($_POST["nom"]) . "','" . addquote($_POST["actif"]) . "')"; break; case "modif": $txtmsg = "Le commercial a été modifié"; $szQuery = "update {$table} set \r\n\t\t\t\t\tprenom='" . addquote($_POST["prenom"]) . "',\r\n\t\t\t\t\tnom='" . addquote($_POST["nom"]) . "',\r\n\t\t\t\t\tactif='" . addquote($_POST["actif"]) . "'\r\n where {$tablekey}=" . $_GET["id"]; break; } require "../../include/template_save.php"; } else { $szQuery = "SELECT * FROM {$table} where {$tablekey}=" . $_GET["id"]; //libelle=>nom du champ|type|obligatoire|taille (facultatif) //les type sont les suivant // txt area html media date file email list(nom var requete) listmutiple(nom var requete) $tabcolonne = array("Nom" => "nom|txt(255)|yes", "Prénom" => "prenom|txt(255)|yes", "Actif" => "actif|chk|no"); require "../../include/template_detail.php"; } } }
<?php if (!verifdroit("VEH")) { die; } if ($_GET["mode"] == "delete") { $sql = "update " . __racinebd__ . "device set supprimer=1 where device_id=" . $_GET["id"]; query($sql); $msgsave = "Suppression effectuée"; } //print_r($_POST); //sauvegarde de modification if ($_POST["id"] != "" && $_POST["mode"] == "modif") { $sql = "update " . __racinebd__ . "device set agence_compte_id='" . $_POST["agence_compte_id"] . "',\r\n type_compte_id='" . $_POST["type_compte_id"] . "',consommation='" . addquote($_POST["consommation"]) . "',nomvehicule='" . addquote($_POST["nomvehicule"]) . "'\r\n ,immatriculation='" . addquote($_POST["immatriculation"]) . "',chassis='" . addquote($_POST["chassis"]) . "',marque='" . addquote($_POST["marque"]) . "'\r\n ,modele='" . addquote($_POST["modele"]) . "',kminit='" . addquote($_POST["kminit"]) . "',correctifkm='" . addquote($_POST["correctifkm"]) . "'\r\n ,correctifh='" . addquote($_POST["correctifh"]) . "',type_moteur_id='" . $_POST["type_moteur_id"] . "',consommationtype='" . $_POST["consommationtype"] . "',tel='" . $_POST["tel"] . "' where device_id=" . $_POST["pdevice_id"]; //print $sql."<br>"; query($sql); //sauvegarde des categories $sql = "delete from " . __racinebd__ . "categorie_compte_device where device_id=" . $_POST["id"]; query($sql); for ($i = 0; $i < count($_POST["categorie"]); $i++) { $sql = "insert into " . __racinebd__ . "categorie_compte_device (device_id,categorie_compte_id) values(" . $_POST["id"] . "," . $_POST["categorie"][$i] . ")"; query($sql); } $msgsave = "Sauvegarde effectuée"; } $sql = "select * from " . __racinebd__ . "categorie_compte where compte_id=" . $_SESSION["compte_id"] . " and supprimer=0 order by libelle"; $link = query($sql); while ($tbl = fetch($link)) { $tbl_list_categorie[] = $tbl; } /*
$filename = makename($_FILES["ext"]["name"]); //if(move_uploaded_file($_FILES["ext"]["tmp_name"],$_SERVER["DOCUMENT_ROOT"].__uploaddir__."u".$_SESSION['users_id']."/".$filename)===false){ //sauvegarde en base $ext = getext($_FILES["ext"]["name"]); //$sql="insert into ".__racinebd__."fichiers (titre,abstract,ext,nom_fichier,contenu) value('".addquote($_POST["titre_fichier"])."','".addquote($_POST["description_fichier"])."','".$ext."','".$filename."','".$contenu."')"; $sql = "insert into " . __racinebd__ . "fichiers (titre,abstract,ext,nom_fichier) value('" . addquote($_POST["titre_fichier"]) . "','" . addquote($_POST["description_fichier"]) . "','" . $ext . "','" . addquote($filename) . "')"; //print $sql; $link = query($sql); $fichiers_id = insert_id(); savefile("ext", __racinebd__ . "fichiers", $fichiers_id); //print $_SERVER["DOCUMENT_ROOT"].__uploaddir__.__racinebd__."fichiers".$fichiers_id.".".$ext; if (PHANTOM_FULLTEXT == true) { $contenu = addslashes(extract2tmpfile($ext, $_SERVER["DOCUMENT_ROOT"] . __uploaddir__ . __racinebd__ . "fichiers" . $fichiers_id . "." . $ext)); } if ($contenu == '') { $contenu = addquote($_POST["description_fichier"]); } $sql = "update " . __racinebd__ . "fichiers set contenu='" . $contenu . "' where fichiers_id=" . $fichiers_id; query($sql); ?> <script> content='<table width="100%" style="border-bottom:1px solid black" id="table_fichier_<?php echo $fichiers_id; ?> ">'; content+='<input type="hidden" name="listfichiers[]" value="<?php echo $fichiers_id; ?> "/>'; content+='<input type="hidden" id="fichiers_<?php echo $fichiers_id;