include_once "../../dao/DAOLog.class.php"; $log = new DAOLog($_SESSION["pessoa"], 3, $_SESSION["nivel"], $_SESSION["codigo"], 13, "num ext=\\'" . $tfNumExt . "\\'", "../../", $conexao); if (!$dao->cadastrar() || !$log->cadastrar()) { $comitar = false; } } if ($comitar) { $conexao->commit(); } else { $conexao->rollback(); } $_SESSION["numeroExt"] = $tfNumExt; header("Location: cadAverbacao.php?ave=ok"); die; } $ave = antiSQL(isset($_GET["ave"]) ? $_GET["ave"] : NULL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- @import url("../../scripts/css/geral.css"); --> </style> <script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script> <script type="text/javascript" language="javascript" src="../../scripts/javascript/averbacao.js"></script> <script type="text/javascript" language="javascript"> <!--
} $comitar = true; $dao = new DAOAverbacao(NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, "../../", $conexao); $log = new DAOLog($_SESSION["pessoa"], 7, $_SESSION["nivel"], $_SESSION["codigo"], 12, "id=\\'" . $slEmpRef . "\\'", "../../", $conexao); if (!$dao->deletar($slAveRef) || !$log->cadastrar()) { $comitar = false; } if ($comitar == true) { $conexao->commit(); } else { $conexao->rollback(); } header("Location: delAverbacao.php?can=ok"); die; } $can = antiSQL(isset($_GET["can"]) ? $_GET["can"] : NULL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- @import url("../../scripts/css/geral.css"); --> </style> <script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script> <script type="text/javascript" language="javascript" src="../../scripts/javascript/empresa.js"></script> </head> <body>
if ($empDel != NULL) { include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); include_once "../../dao/DAOLog.class.php"; $log = new DAOLog($_SESSION["pessoa"], 5, $_SESSION["nivel"], $_SESSION["codigo"], 2, "id=\\'" . $slEmpRef . "\\'", "../../", $conexao); include_once "../../dao/DAOEmpresa.class.php"; $dao = new DAOEmpresa(NULL, "../../", $conexao); if ($dao->deletar($empDel) && $log->cadastrar()) { $conexao->commit(); } else { $conexao->rollback(); } header("Location: delEmpresa.php?del=ok"); die; } $del = antiSQL(isset($_GET["del"]) ? $_GET["del"] : NULL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- @import url("../../scripts/css/geral.css"); --> </style> <script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script> <script type="text/javascript" language="javascript" src="../../scripts/javascript/empresa.js"></script> <script type="text/javascript" language="javascript"> window.onload = function(){
<?php session_start(); $nivelAcesso = "../../:4"; include_once "../../utils/controladorAcesso.php"; include_once "../../utils/funcoes.php"; $periodo = antiSQL(isset($_POST["slPer"]) ? $_POST["slPer"] : NULL); include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> No banco: <?php echo $_SESSION["banco_nome"]; ?> <br /> <br /> <table width="623" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="309" height="80" valign="top"><div align="center"><span class="texto2">Relatório analítico geral por periodo em .xls<br /> </span> <img src="../../imagens/xls.png" width="50" height="51" onclick="javascript: window.location = '../relatorioGeralXLS.php?per=<?php echo $periodo; ?> ';" style="cursor:pointer"/> <br /> Periodo: <?php
<?php include "config.php"; $login = antiSQL(@$_POST['login']); $login_ = strtolower($login); $senha = md5(antiSQL(@$_POST['senha'])); $query = @mysql_query("SELECT * FROM users WHERE login = '******' AND senha = '{$senha}' OR login = '******' AND senha = '{$senha}' ORDER BY id DESC LIMIT 1"); $ct = @mysql_num_rows($query); if ($ct == 0) { header("location: login.php?msg=Login / Senha incorretos! ({$ct})"); } else { setCookie('login', $login); setCookie('cad', 'true'); header('location: main.php'); }
<?php session_start(); $nivelAcesso = "../../:2:3:4"; include_once "../../utils/controladorAcesso.php"; include_once "../../utils/funcoes.php"; $key = antiSQL(isset($_GET["key"]) ? $_GET["key"] : NULL); if ($key != NULL) { include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); include_once "../../dao/DAOBanco.class.php"; include_once "../../beans/Banco.class.php"; $dao = new DAOBanco(NULL, NULL, "../../", $conexao); $banco = new Banco(NULL, NULL); $banco = $dao->getBanco($key); $conexao->commit(); echo '<div id="A">' . $banco->getCodigo() . '</div>'; echo '<div id="B">' . utf8_encode($banco->getDescricao()) . '</div>'; } else { echo "ERRO!"; }
<?php session_start(); $toRoot = "../"; include_once $toRoot . "beans/Produto.class.php"; include_once $toRoot . "dao/DAOProduto.class.php"; include_once $toRoot . "utils/ConectarMySQL.class.php"; include_once $toRoot . "utils/funcoes.php"; $valRef = antiSQL(isset($_GET["valRef"]) ? $_GET["valRef"] : NULL); if ($valRef != NULL) { $conexao = new ConectarMySql($toRoot); $bean = new Produto(); $dao = new DAOProduto($bean, $conexao); $bean = $dao->getProduto($valRef); $conexao->fechar(); echo '<div id="A">' . $bean->codigo . '</div>'; echo '<div id="B">' . $bean->empCodigo . '</div>'; echo '<div id="C">' . utf8_encode($bean->descricao) . '</div>'; echo '<div id="D">' . utf8_encode($bean->modelo) . '</div>'; echo '<div id="E">' . inverterValor($bean->valorVenda) . '</div>'; } else { echo "ERRO!"; }
} header("Location: cadPessoa.php?cad=ok"); die; } else { $comitar = false; } break; } if ($comitar) { $conexao->commit(); } else { $conexao->rollback(); } } $destino = "cadPessoa.php?tipo=" . $tipo . "&cadastrar=ok"; $cad = antiSQL(isset($_GET["cad"]) ? $_GET["cad"] : NULL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- @import url("../../scripts/css/geral.css"); --> </style> <script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script> <script type="text/javascript" language="javascript" src="../../scripts/javascript/pessoa.js"></script> <script type="text/javascript" language="javascript"> window.onload = function(){
$servidor = $dao->getServidor($linha["pes_codigo"], "%"); $servidor->setUtilizada($servidor->getUtilizada() - $parcela->getValor()); $servidor->setDisponivel($servidor->getDisponivel() + $parcela->getValor()); $dao->setServidor($servidor); if (!$dao->alterar($servidor->getPesCodigo() . ":" . $servidor->getMatricula())) { $comitar = false; } if ($comitar == true) { $conexao->commit(); } else { $conexao->rollback(); } header("Location: altAverbacao.php?liq=ok"); die; } $liq = antiSQL(isset($_GET["liq"]) ? $_GET["liq"] : NULL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- @import url("../../scripts/css/geral.css"); --> </style> <script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script> <script type="text/javascript" language="javascript" src="../../scripts/javascript/empresa.js"></script> <script type="text/javascript" language="javascript"> window.onload = function(){
<?php session_start(); $nivelAcesso = "../../:2:3:4"; include_once "../../utils/controladorAcesso.php"; include_once "../../utils/funcoes.php"; $tipo = antiSQL(isset($_GET["tipo"]) ? $_GET["tipo"] : NULL); $slTipo = antiSQL(isset($_POST["slTipo"]) ? $_POST["slTipo"] : NULL); $slPesRef = antiSQL(isset($_POST["slPesRef"]) ? $_POST["slPesRef"] : NULL); if ($slTipo != NULL && $slPesRef != NULL) { include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); include_once "../../dao/DAOPessoa.class.php"; include_once "../../beans/Pessoa.class.php"; $dao = new DAOPessoa(NULL, NULL, NULL, "../../", $conexao); $pessoa = new Pessoa(NULL, NULL, NULL, NULL); $pessoa = $dao->getPessoa($slPesRef); switch ($slTipo) { case "admin": include_once "../../dao/DAOAdministrador.class.php"; $dao = new DAOAdministrador(NULL, NULL, NULL, NULL, NULL, "../../", $conexao); include_once "../../beans/Administrador.class.php"; $administrador = new Administrador(NULL, NULL, NULL, NULL, NULL, NULL); $administrador = $dao->getAdministrador("codPes", $pessoa->getCodigo()); break; case "contato": include_once "../../dao/DAOBancoPessoa.class.php"; $dao = new DAOBancoPessoa(NULL, NULL, "../../", $conexao); include_once "../../beans/BancoPessoa.class.php"; $bancoPessoa = new BancoPessoa(NULL, NULL); $bancoPessoa = $dao->getBancoPessoa($pessoa->getCodigo());
<?php include "config.php"; $avatar = "../img/icon/avatar.png"; $login = antiSQL(@$_POST['login']); $login_ = strtolower($login); $senha = md5(antiSQL(@$_POST['senha'])); $email = antiSQL(@$_POST['email']); $query = @mysql_query("SELECT * FROM users WHERE login = '******'") or die(mysql_error()); $ct = @mysql_num_rows($query); if ($ct == 1) { header("location: cadastro?msg=Usuário Existente! ({$ct})"); die(''); } $query = "INSERT INTO users(login, senha, email, nuggets, avatar, last) VALUES"; $query .= "('{$login}', '{$senha}', '{$email}', '0', '{$avatar}', '')"; mysql_query($query) or die(mysql_error()); mysql_query("INSERT INTO stats (login, store) VALUES ('{$login}', '0')") or die(mysql_error()); setCookie('login', $login); setCookie('cad', time()); header('location: main.php');
<?php session_start(); include_once "../../utils/funcoes.php"; $tfCPF = antiSQL(isset($_POST["tfCPF"]) ? $_POST["tfCPF"] : NULL); include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> No banco: <?php echo $_SESSION["banco_nome"]; ?> <table width="583" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="242" height="80" valign="bottom"><span class="texto2">Relatório geral em .xls</span> <img src="../../imagens/xls.png" width="50" height="51" onclick="javascript: window.location = '../relatorioGeralXLSCPF.php?cpf=<?php echo $tfCPF; ?> ';" style="cursor:pointer"/> </td> <td width="341" valign="bottom"><span class="texto2">Veja o esquema desse arquivo em PDF aqui</span> <img src="../../imagens/pdf.png" width="50" height="77" onclick="javascript: window.location = '../../downloads/esquema-arquivo-xls.pdf';" style="cursor:pointer"/> </td> </tr> </table> <p><br /> Voltar <img src="../../imagens/voltar.gif" width="40" height="35" onclick="javascript: history.back(-1);" style="cursor:pointer"/> <br />
<?php include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); include_once "../../utils/funcoes.php"; $classe = antiSQL(isset($_GET["classe"]) ? $_GET["classe"] : "%"); switch ($classe) { case "B": case "contato": $sql = "SELECT distinct p.pes_codigo, p.pes_nome FROM pessoas p INNER JOIN bancos_pessoas bp ON p.pes_codigo = bp.pes_codigo ORDER BY pes_nome"; break; case "A": case "admin": $sql = "SELECT * FROM pessoas p INNER JOIN administradores a ON p.pes_codigo = a.pes_codigo ORDER BY pes_nome"; break; default: $sql = "SELECT * FROM pessoas ORDER BY pes_nome"; break; } $resultado = $conexao->selecionar($sql); if ($resultado == false) { die("Não foi possivel realizar a busca!"); } echo '<option value="---">-----------------------------</option>'; while ($linha = mysqli_fetch_array($resultado)) { echo '<option value="' . $linha["pes_codigo"] . '">' . utf8_encode($linha["pes_nome"]) . '</option>'; }
<?php session_start(); $nivelAcesso = "../../:2:3:4"; include_once "../../utils/controladorAcesso.php"; include_once "../../utils/funcoes.php"; $slBancRef = antiSQL(isset($_POST["slBancRef"]) ? $_POST["slBancRef"] : NULL); if ($slBancRef != NULL) { include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); include_once "../../dao/DAOBanco.class.php"; include_once "../../beans/Banco.class.php"; $dao = new DAOBanco(NULL, NULL, "../../", $conexao); $banco = new Banco(NULL, NULL); $banco = $dao->getBanco($slBancRef); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- @import url("../../scripts/css/geral.css"); --> </style> <script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script> <script type="text/javascript" language="javascript" src="../../scripts/javascript/banco.js"></script> <script type="text/javascript" language="javascript"> window.onload = function(){
<?php include_once "../../utils/ConectarMySQL.class.php"; include_once "../../utils/funcoes.php"; $status = antiSQL(isset($_GET["status"]) ? $_GET["status"] : NULL); $conexao = new ConectarMySQL(); $data = date("Y-m-d"); $dataMenor = $data . " 00:00:00"; $dataMaior = $data . "24:59:59"; if ($status == "aberto") { $resultado = $conexao->selecionar("SELECT ave_numero_externo FROM averbacoes WHERE sta_codigo = 1"); } else { $resultado = $conexao->selecionar("SELECT ave_numero_externo FROM averbacoes WHERE ave_data_criacao > '" . $dataMenor . "' AND ave_data_criacao < '" . $dataMaior . "'"); } echo $sql; if ($resultado == false) { die("Não foi possivel realizar a busca!"); } echo '<option value="---">-------------------------------------------------------</option>'; while ($linha = mysqli_fetch_array($resultado)) { echo '<option value="' . $linha["ave_numero_externo"] . '">' . $linha["ave_numero_externo"] . '</option>'; }
<?php include_once "../../utils/ConectarMySQL.class.php"; include_once "../../utils/funcoes.php"; $conexao = new ConectarMySQL(); $key = antiSQL(isset($_GET["key"]) ? $_GET["key"] : "%"); $resultado = $conexao->selecionar("SELECT * FROM telefones WHERE pes_codigo=" . $key); if ($resultado == false) { die("Não foi possivel realizar a busca!"); } $contador = 1; while ($linha = mysqli_fetch_array($resultado)) { echo '<div id="T' . $contador . '"><div id="tC' . $contador . '">' . $linha["tel_codigo"] . '</div><div id="tPC' . $contador . '">' . $linha["pes_codigo"] . '</div><div id="tN' . $contador . '">' . $linha["tel_numero"] . '</div></div>'; $contador++; } $contador--; echo '<div id="TQuantidade">' . $contador . '</div>';
<?php include_once "funcoes.php"; $tfNomeUsuario = antiSQL(isset($_POST["tfNomeUsuario"]) ? $_POST["tfNomeUsuario"] : NULL); $tfSenha = antiSQL(isset($_POST["tfSenha"]) ? $_POST["tfSenha"] : NULL); if ($tfNomeUsuario != NULL && $tfSenha != NULL) { include_once "ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); include_once "../dao/DAOAdministrador.class.php"; $daoAdm = new DAOAdministrador(NULL, NULL, NULL, NULL, NULL, "../", $conexao); $resultado = $daoAdm->pesquisar("nomUsu", $tfNomeUsuario); while ($linha = mysqli_fetch_array($resultado)) { if ($tfNomeUsuario == $linha["adm_nome_usuario"] && $tfSenha == decodificar($linha["adm_senha"])) { session_start(); $_SESSION["codigo"] = $linha["adm_codigo"]; $_SESSION["pessoa"] = $linha["pes_codigo"]; $_SESSION["nivel"] = $linha["niv_codigo"]; $_SESSION["banco"] = $linha["ban_codigo"]; $_SESSION["usuario"] = $linha["adm_nome_usuario"]; $_SESSION["senha"] = $linha["adm_senha"]; $linha = mysqli_fetch_array($conexao->selecionar("SELECT ban_descricao FROM bancos WHERE ban_codigo='" . $linha["ban_codigo"] . "'")); $_SESSION["banco_nome"] = $linha["ban_descricao"]; include_once "../dao/DAOLog.class.php"; $log = new DAOLog($linha["pes_codigo"], 1, $linha["niv_codigo"], $linha["adm_codigo"], 1, "Realizou log-in no sistema!", "../", $conexao); $log->cadastrar(); $conexao->commit(); header("Location: ../main.php"); die; } } $conexao->commit();
if ($slVerRef != NULL && $tfVerba != NULL && $slEmpRef != NULL && $slBancRef != NULL && $slProRef != NULL && $tfVerDesc != NULL) { include_once "../../utils/ConectarMySQL.class.php"; $conexao = new ConectarMySQL(); include_once "../../dao/DAOVerba.class.php"; include_once "../../dao/DAOLog.class.php"; $dao = new DAOVerba($tfVerba, $slEmpRef, $slBancRef, $slProRef, $tfVerDesc, "../../", $conexao); $log = new DAOLog($_SESSION["pessoa"], 4, $_SESSION["nivel"], $_SESSION["codigo"], 9, "Log id=\\'" . $slVerRef . "\\'", "../../", $conexao); if ($dao->alterar($slVerRef) && $log->cadastrar()) { $conexao->commit(); } else { $conexao->rollback(); } header("Location: altVerba.php?alt=ok"); die; } $alt = antiSQL(isset($_GET["alt"]) ? $_GET["alt"] : NULL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- @import url("../../scripts/css/geral.css"); --> </style> <script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script> <script type="text/javascript" language="javascript" src="../../scripts/javascript/verba.js"></script> <script type="text/javascript" language="javascript"> window.onload = function(){
$toRoot = "../../"; if (!isset($_SESSION["empresa"])) { header("Location: " . $toRoot . "utils/selecionarEmpresa.php?selecionar=nao"); die; } include_once $toRoot . "utils/funcoes.php"; include_once $toRoot . "utils/ConectarMySQL.class.php"; include_once $toRoot . "beans/Solicitacao.class.php"; include_once $toRoot . "beans/Log.class.php"; include_once $toRoot . "dao/DAOSolicitacao.class.php"; include_once $toRoot . "dao/DAOLog.class.php"; $conexao = new ConectarMySql($toRoot); $valRef = antiSQL(isset($_GET["valRef"]) ? $_GET["valRef"] : NULL); $alterar = isset($_GET["alterar"]) ? $_GET["alterar"] : NULL; if ($valRef == NULL) { $valRef = antiSQL($_POST["valRef"]); } if ($alterar == "sim") { foreach ($_POST as $nomeCampo => $valor) { $comando = "\$" . $nomeCampo . "= antiSQL(isset(\$_POST['{$nomeCampo}']) ? '" . $valor . "' : NULL);"; eval($comando); } $solicitacao = new Solicitacao(); $daoSolicitacao = new DAOSolicitacao($solicitacao, $conexao); $daoSolicitacao->getSolicitacao($valRef); $solicitacao->valorPago = $tfVal2; if ($solicitacao->valor == $tfVal2) { $solicitacao->staCodigo = 2; } else { $solicitacao->staCodigo = 3; }