function categoryExists($chid, $game = false) { return channelExists($chid, $game); }
function constructQuery($module) { global $smarty; $query_module = ''; if ($module == 'private' or $module == 'public') { $query_module = " AND v.type = '" . $module . "'"; } $query = array(); $query_select = "SELECT v.*,s.username FROM video AS v, signup AS s WHERE v.UID = s.UID" . $query_module; $query_count = "SELECT count(v.VID) AS total_videos FROM video AS v WHERE v.VID != ''" . $query_module; $query_add = $query_module != '' ? " AND" : " WHERE"; $query_option = array(); $channel = isset($_GET['CID']) && is_numeric($_GET['CID']) && channelExists($_GET['CID']) ? trim($_GET['CID']) : NULL; $option_orig = array('username' => '', 'title' => '', 'description' => '', 'keyword' => '', 'channel' => $channel, 'active' => '', 'sort' => 'VID', 'order' => 'DESC', 'display' => 100); $all = isset($_GET['all']) ? intval($_GET['all']) : 0; if ($all == 1) { unset($_SESSION['search_videos_option']); } $option = isset($_SESSION['search_videos_option']) ? $_SESSION['search_videos_option'] : $option_orig; if (isset($_POST['search_videos'])) { $option['username'] = trim($_POST['username']); $option['title'] = trim($_POST['title']); $option['description'] = trim($_POST['description']); $option['keyword'] = trim($_POST['keyword']); $option['channel'] = intval(trim($_POST['channel'])); $option['active'] = trim($_POST['active']); $option['sort'] = trim($_POST['sort']); $option['order'] = trim($_POST['order']); $option['display'] = trim($_POST['display']); if ($option['username'] != '' || isset($_GET['UID'])) { if ($option['username'] != '') { $UID = getUserID($option['username']); } else { $UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? $_GET['UID'] : 0; } $UID = $UID ? $UID : 0; $query_option[] = " AND v.UID = '" . mysql_real_escape_string($UID) . "'"; } if ($option['title'] != '') { $query_option[] = " AND v.title LIKE '%" . mysql_real_escape_string($option['title']) . "%'"; } if ($option['description'] != '') { $query_option[] = " AND v.description LIKE '%" . mysql_real_escape_string($option['description']) . "%'"; } if ($option['keyword'] != '') { $query_option[] = " AND v.keyword LIKE '%" . mysql_real_escape_string($option['keyword']) . "%'"; } if ($option['channel'] != '') { $query_option[] = " AND v.channel = " . intval($option['channel']); } if ($option['active'] == '0' || $option['active'] == '1') { $query_option[] = " AND v.active = '" . $option['active'] . "'"; } $_SESSION['search_videos_option'] = $option; } $query_option[] = " ORDER BY " . $option['sort'] . " " . $option['order']; $query['select'] = $query_select . implode(' ', $query_option); $query['count'] = $query_count . implode(' ', $query_option); $query['page_items'] = $option['display']; $smarty->assign('option', $option); return $query; }
<?php defined('_VALID') or die('Restricted Access!'); Auth::checkAdmin(); $chimg = $config['BASE_DIR'] . '/media/categories/game'; if (!file_exists($chimg) or !is_dir($chimg) or !is_writable($chimg)) { $errors[] = 'Category image directory \'' . $chimg . '\' is not writable!'; } $channel = array(); $CID = isset($_GET['CID']) && is_numeric($_GET['CID']) ? trim($_GET['CID']) : NULL; $CID = $CID && channelExists($CID, true) ? $CID : NULL; if (!$CID) { $errors[] = 'Category does not exist! Invalid channel id!?'; } if (isset($_POST['edit_channel']) && !$errors) { $name = trim($_POST['name']); if ($name == '') { $errors[] = 'Category name field cannot be blank!'; } if (!$errors) { $sql = "UPDATE game_categories SET category_name = '" . mysql_real_escape_string($name) . "' WHERE category_id = '" . mysql_real_escape_string($CID) . "' LIMIT 1"; $conn->execute($sql); if ($_FILES['picture']['tmp_name'] != '') { require $config['BASE_DIR'] . '/classes/image.class.php'; $image = new VImageConv(); $image->process($_FILES['picture']['tmp_name'], $chimg . '/' . $CID . '.jpg', 'MAX_WIDTH', 384, 216); $image->canvas(384, 216, '000000', true); } } if (!$errors) { $messages[] = 'Category updated successfuly!';
<?php defined('_VALID') or die('Restricted Access!'); Auth::checkAdmin(); $channel = array(); $CID = isset($_GET['CID']) && is_numeric($_GET['CID']) ? trim($_GET['CID']) : NULL; $CID = $CID && channelExists($CID) ? $CID : NULL; if ($CID) { $sql = "SELECT * FROM channel WHERE CHID = '" . mysql_real_escape_string($CID) . "' LIMIT 1"; $rs = $conn->execute($sql); $channel = $rs->getrows(); } else { $err = 'Channel does not exist! Invalid channel id!?'; session_write_close(); header('Location: channels.php?err=' . $err); die; } $smarty->assign('channel', $channel);
function constructQuery($module) { global $smarty; $query_module = ''; if ($module == 'private' or $module == 'public') { $query_module = " AND g.type = '" . $module . "'"; } $query = array(); $query_select = "SELECT g.*,s.username FROM game AS g, signup AS s WHERE g.UID = s.UID" . $query_module; $query_count = "SELECT count(g.GID) AS total_games FROM game AS g WHERE g.GID != ''" . $query_module; $query_add = $query_module != '' ? " AND" : " WHERE"; $query_option = array(); $channel = isset($_GET['CID']) && is_numeric($_GET['CID']) && channelExists($_GET['CID']) ? trim($_GET['CID']) : NULL; $option = array('username' => '', 'title' => '', 'keyword' => '', 'channel' => $channel, 'status' => '', 'sort' => 'g.GID', 'order' => 'DESC', 'display' => 10); if (isset($_POST['search_games'])) { $option['username'] = trim($_POST['username']); $option['title'] = trim($_POST['title']); $option['keyword'] = trim($_POST['keyword']); $option['channel'] = trim($_POST['channel']); $option['status'] = trim($_POST['status']); $option['sort'] = trim($_POST['sort']); $option['order'] = trim($_POST['order']); $option['display'] = trim($_POST['display']); } if ($option['username'] != '' || isset($_GET['UID'])) { if ($option['username'] != '') { $UID = getUserID($option['username']); } else { $UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? $_GET['UID'] : 0; } $UID = $UID ? $UID : 0; $query_option[] = " AND g.UID = '" . mysql_real_escape_string($UID) . "'"; } if ($option['title'] != '') { $query_option[] = " AND g.title LIKE '%" . mysql_real_escape_string($option['title']) . "%'"; } if ($option['keyword'] != '') { $query_option[] = " AND g.tags LIKE '%" . mysql_real_escape_string($option['keyword']) . "%'"; } if ($option['channel'] != '') { $query_option[] = " AND g.category = " . intval($option['channel']); } if ($option['status'] === 0 || $option['status'] === 1) { $query_option[] = " AND g.status = " . intval($option['status']); } $query_option[] = " ORDER BY " . $option['sort'] . " " . $option['order']; $query['select'] = $query_select . implode(' ', $query_option); $query['count'] = $query_count . implode(' ', $query_option); $query['page_items'] = $option['display']; $smarty->assign('option', $option); return $query; }