function m__set_level()
{
global $dbm;
$_POST = helper::sqlxss($_POST);
$aid = isset($_POST['aid']) ? intval($_POST['aid']) : 0;
$gid = isset($_POST['gid']) ? intval($_POST['gid']) : 0;
$_POST['level'] = isset($_POST['level']) ? $_POST['level'] : array();
if ($aid < 0 && $gid < 0) {
die('{"code":"1","msg":"请选择权限设置对象,无法设置"}');
}
if ($gid > 0) {
if ($gid == 1) {
die('{"code":"100","msg":"超级管理组权限无需设置"}');
}
check_level("B0301");
$fields['g_urank'] = implode(',', $_POST['level']);
$rs = $dbm->single_update(TB_PREFIX . 'admin_group', $fields, "group_id='{$gid}'");
logs("设置组权限成功:" . $fields['g_urank']);
die('{"code":"0","msg":"设置用户组权限成功"}');
}
if ($aid > 0) {
check_level("B0302");
//die(print_r($_POST));
$fields['alevel'] = implode(',', $_POST['level']);
$rs = $dbm->single_update(TB_PREFIX . 'admin_list', $fields, "admin_id='{$aid}'");
logs("设置组权限成功:" . $fields['alevel']);
die('{"code":"0","msg":"设置用户权限成功"}');
}
}
function m__save()
{
global $l_obj;
check_level("A0201");
// 其他站点配置
$config = $_SERVER['DOCUMENT_ROOT'] . SITE_PATH . '/core/config.php';
$cf = @file_get_contents($config);
if (!$cf) {
die('{"code":"0","msg":"读取失败"}');
}
if (!empty($_POST)) {
foreach ($_POST as $k => $v) {
$v = urldecode($v);
if (get_magic_quotes_gpc()) {
$v = stripslashes($v);
}
if ($k == 'comment_code') {
} else {
$v = preg_replace('~"~', '"', $v);
}
$v = preg_replace('~"~', '\\\\"', $v);
set_config(strtoupper($k), $v, $cf);
}
}
$cf = @file_put_contents($config, $cf);
if (!$cf) {
die('{"code":"0","msg":"写入失败"}');
}
//$c->url_config();
//$c->update_cate();
//$c->update_externs();
$l_obj->insert("修改配置成功");
die('{"code":"100","msg":"配置成功"}');
}
function createmenuitems()
{
global $PAGESACCESS;
// $menubar['id'] = array("href" => , "label" => );
$menubar['main'] = array("href" => "./", "label" => T_("Status"));
$menubar['users'] = array("href" => "display", "label" => T_("Users"), "submenu" => array('createuser' => array("href" => "newuser", "label" => T_("New User")), 'createtickets' => array("href" => "newtickets", "label" => T_("Batch Users")), 'createmachine' => array("href" => "newuser?computer", "label" => T_("Computer Account"))));
$menubar['sessions'] = array("href" => "sessions", "label" => T_("Monitor Sessions"), "submenu" => array('reports' => array("href" => "reports", "label" => T_("Reports")), 'dhcpleases' => array("href" => "dhcpleases", "label" => T_("DHCP Leases"))));
$menubar['settings'] = array("href" => "settings", "label" => T_("Settings"), "submenu" => array('uploadlogo' => array("href" => "uploadlogo", "label" => T_("Site Logo")), 'netconfig' => array("href" => "netconfig", "label" => T_("Network Settings")), 'chilliconfig' => array("href" => "chilliconfig", "label" => T_("Coova Chilli Settings")), 'loginconfig' => array("href" => "loginconfig", "label" => T_("Portal Customisation")), 'ticketprintconfig' => array("href" => "ticketprintconfig.php", "label" => T_("Ticket Print Settings")), 'groups' => array("href" => "groupconfig", "label" => T_("Groups"))));
$menubar['passwd'] = array("href" => "passwd", "label" => T_("Admin Users"), "submenu" => array('adminlog' => array("href" => "adminlog", "label" => T_("Admin Log"))));
$menubar['logout'] = array("href" => "./?logoff", "label" => T_("Logoff"));
// Filter out menu items user doesn't have access to
$newmenubar = array();
foreach ($menubar as $label => $toplevel) {
// If they don't have access to top level of a menu section, they also don't have access to the levels below it via the menu (still up to the PAGESACCESS to prevent access
if (check_level($PAGESACCESS[$label])) {
$submenu = array();
if (isset($toplevel['submenu']) && is_array($toplevel['submenu'])) {
foreach ($toplevel['submenu'] as $secondlabel => $secondlevel) {
if (check_level($PAGESACCESS[$secondlabel])) {
$submenu[$secondlabel] = $secondlevel;
}
}
}
$item = $toplevel;
unset($item['submenu']);
if (sizeof($submenu)) {
$item['submenu'] = $submenu;
}
$newmenubar[$label] = $item;
}
}
return $newmenubar;
}
/**
* 删除选中的数据
* 支持单个删除 根据post数据来获取需要删除的数据的信息
*/
function m__del()
{
global $dbm;
//判断操作权限
check_level("E08");
if (isset($_POST['resource_id'])) {
$_POST['params'][] = $_POST['resource_id'];
}
//循环删除
foreach ($_POST['params'] as $id) {
$id = intval($id);
$res = $dbm->query("SELECT id,info_id,resource_url from " . TB_PREFIX . "resource_list WHERE id='" . $id . "'");
if (count($res['list']) != 1) {
continue;
}
$res = check_resource($res['list'][0]['id'], $res['list'][0]['info_id'], $res['list'][0]['resource_url']);
if ($res['info']['table_name'] != 'undefined' || $res['info']['id_name'] != 'undefined' || $res['info']['id_zhi'] != 'undefined') {
continue;
}
$img_path = str_replace('\\', '/', dirname(__FILE__)) . '/..' . $res['info']['resource_url'];
@unlink($img_path);
$x = strripos($img_path, '/');
$thumb_img = substr($img_path, 0, $x + 1) . "thumb_" . substr($img_path, $x + 1);
@unlink($thumb_img);
@rmdir(dirname($thumb_img));
$where = " id = '" . $id . "'";
$res = $dbm->single_del(TB_PREFIX . "resource_list", $where);
if (!empty($res['error'])) {
continue;
}
}
logs("删除资源成功");
die('{"code":"0","msg":"删除成功"}');
}
function check_page_access()
{
global $ACCESS_LEVEL, $templateEngine;
if (!check_level($ACCESS_LEVEL)) {
$templateEngine->displayPage('accessdenied.tpl');
exit;
}
}
function m__edit()
{
global $url_re_obj, $logs_obj;
check_level("A0301");
$post = $_POST;
//解码数据
foreach ($post as $key => $val) {
$post[$key] = urldecode($val);
}
if (!is_numeric($post['url_id'])) {
die('{"code":"210","msg":"规则节点ID必须是数字"}');
}
if (empty($post['url_title'])) {
die('{"code":"220","msg":"规则节点名称不能为空"}');
}
if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $post['url_title'])) {
die('{"code":"230","msg":"规则节点名称必须以字母开头,只允许字母、下划线"}');
}
if (empty($post['url_true'])) {
die('{"code":"230","msg":"动态地址规则不能为空"}');
}
if (empty($post['url_rule'])) {
die('{"code":"230","msg":"伪静态地址规则不能为空"}');
}
if ($post['url_id'] > 0) {
// 编辑
$res = $url_re_obj->update($post, $post['url_id']);
//更新缓存
//$c -> update_url_config();
//$c -> update_cate();
//生成伪静态文件(.htaccess)
//htaccess();
//iis_httpd_ini();
$logs_obj->insert("更新伪静态成功");
if ($res) {
die('{"code":"0","msg":"更新规则成功"}');
}
die('{"code":"240","msg":"更新规则失败"}');
} else {
// 添加
//判断节点是否存在
/*$rs=$dbm->query("select * from ".TB_PREFIX . "url_rewrite where url_title='{$_POST['url_title']}'");
if(count($rs['list'])>0) die('{"code":"100","msg":"'.$_POST['url_title'].'节点名称不能重复"}');
unset($_POST['url_id']);
$res = $dbm -> single_insert(TB_PREFIX . "url_rewrite", $_POST);*/
//更新缓存
$c->update_url_config();
$c->update_cate();
//生成伪静态文件(.htaccess)
htaccess();
iis_httpd_ini();
if (empty($res['error']) && $res['autoid'] > 0) {
die('{"code":"0","msg":"添加规则成功"}');
}
die('{"code":"250","msg":"添加规则失败,请核对重试"}');
}
}
public function del()
{
check_login();
check_level(3);
$del_id = I("get.del_id", '', 'number_int');
$data['comment_content'] = "我们要做个爱国的文明人哦~大家来争当爱国小能手吧O(∩_∩)O哈哈~";
if ($del_id) {
D('scomment')->where('comment_id=' . $del_id)->save($data);
$this->success('屏蔽成功', 'index.php?s=Home/comment/index');
} else {
$this->error('非法操作!');
}
}
public function del()
{
check_login();
check_level(3);
$del_id = I("get.del_id", '', 'number_int');
if ($del_id) {
$data['use_time'] = "90";
D('rank')->where('id=' . $del_id)->save($data);
$this->success('废除成功', 'index.php?s=Home/rank/index');
} else {
$this->error('非法操作!');
}
}
/**
* 获取编辑或添加管理组
*/
function m__edit()
{
global $dbm;
check_level("B0101");
$params = array();
foreach ($_POST as $k => $v) {
$_POST[$k] = helper::escape($v, 1);
}
if (!is_numeric($_POST['group_id'])) {
die('{"code":"210","msg":"用户组ID必须是数字"}');
}
// 验证会员信息是否合法
if (empty($_POST['g_name'])) {
die('{"code":"220","msg":"用户组名字不能为空"}');
}
//if(!isset($_POST['g_urank']) || trim($_POST['g_urank']) =='') die('{"code":"230","msg":"用户组权限不能为空"}');
//if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['g_name'])) die('{"code":"230","msg":"用户组名必须以字母开头,只允许字母、数字、下划线"}');
$params['g_name'] = $_POST['g_name'];
//$params['g_urank'] = $_POST['g_urank'];
$params['g_remark'] = isset($_POST['g_remark']) && !empty($_POST['g_remark']) ? htmlspecialchars($_POST['g_remark']) : '';
$params['create_time'] = time();
if (intval($_POST['group_id']) > 0) {
$where = " group_id ='" . $_POST['group_id'] . "'";
$res = $dbm->single_update(TB_PREFIX . "admin_group", $params, $where);
if (empty($res['error'])) {
logs("用户组编辑成功,用户组ID为:{$_POST['group_id']}");
die('{"code":"0","msg":"操作成功"}');
}
logs("编辑用户组失败,请核实后再添加,用户组ID为:{$_POST['group_id']}");
die('{"code":"280","msg":"编辑用户组失败,请核实后再添加"}');
} else {
// 添加会员
$where = " g_name='" . $_POST['g_name'] . "'";
$a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_group"));
if (count($a['list']) > 0) {
die('{"code":"260","msg":"用户组名字不能重复"}');
}
$res = $dbm->single_insert(TB_PREFIX . "admin_group", $params);
if ($res['autoid'] > 0) {
logs("添加用户组成功,用户组名字为:{$_POST['g_name']}");
die('{"code":"0","msg":"添加用户组成功"}');
}
logs("添加用户组失败,请核实后再添加,用户组名字为:{$_POST['g_name']}");
die('{"code":"270","msg":"添加用户组失败,请核实后再添加"}');
}
}
function m__set_auth()
{
check_level("A0501");
$config = '../core/config.php';
$cf = file_get_contents($config);
$_POST = helper::sqlxss($_POST);
$code = isset($_POST['auth']) ? $_POST['auth'] : '';
if (!preg_match('~^[a-z_A-Z0-9=]{1,64}~', $code)) {
die('{"code":"1","msg":"授权码格式错误' . $code . '"}');
}
if (AUTH_CODE != $code) {
set_config('AUTH_CODE', $code, $cf);
if (helper::getChmod($config) != '0777') {
die('{"code":"1","msg":"/core/config.php 配置文件没有写权限"}');
}
file_put_contents($config, $cf);
}
die('{"code":"0","msg":"成功设置授权码"}');
}
function m__edit_group()
{
global $page, $dbm;
check_level("E1004");
if ($_POST['act'] == 'search') {
$sql = "select * from " . TB_PREFIX . "keyword";
$rs = $dbm->query($sql);
$group = array();
$id = array();
foreach ($rs['list'] as $k => $v) {
if (!in_array($v['qgroup'], $group)) {
$group[$k] = $v['qgroup'];
}
$group_ = array_flip($group);
if (!empty($id[$group_[$v['qgroup']]])) {
$id[$group_[$v['qgroup']]] .= ',' . $v['keyword_id'];
} else {
$id[$group_[$v['qgroup']]] = $v['keyword_id'];
}
}
$str = '<tr><td width="50%">组名</td><td class="alignleft" width="30%">关键字数</td><td class="alignleft"></td></tr>';
foreach ($group as $k => $v) {
$id_shu = count(explode(',', $id[$k]));
$str .= '<tr><td width="80"><input title="' . $id[$k] . '" type="text" value="' . $v . '" name="qgroup" id="qgroup' . $k . '" class="ipt" ></td><td>' . $id_shu . '</td><td><a href="javascript:void(0);" class="but2 but2" id="subtn" onclick="del_group(' . $k . ')">保存</a></td></tr>';
}
die(urlencode($str));
} elseif ($_POST['act'] == 'save') {
$sql = "UPDATE " . TB_PREFIX . "keyword SET qgroup = '" . $_POST['v'] . "' WHERE keyword_id in(" . $_POST['k'] . ")";
$rs = $dbm->query_update($sql);
if (!$rs['error']) {
die("{'code':'0','msg':'保存成功'}");
} else {
die("{'code':'1','msg':'保存失败'}");
}
}
}
public function del()
{
check_login();
check_level(3);
$del_id = I("get.del_id", '', 'number_int');
$shop_id = I("get.shop_id", '', 'number_int');
if ($del_id && $shop_id) {
//echo $del_id.$shop_id;
D('dish')->where('dish_id=' . $del_id)->delete();
$this->success('删除成功', 'index.php?s=Admin/menu/shop_edit/edit_id/' . $shop_id);
} else {
$this->error('非法操作!');
}
}
public function del()
{
/*不要乱删店,评论等也会全没了*/
check_login();
check_level(3);
$del_id = I("get.del_id", '', 'number_int');
if ($del_id) {
//echo $del_id;
D('shop')->where('shop_id=' . $del_id)->delete();
D('dcomment')->where('shop_id=' . $del_id)->delete();
D('dish')->where('shop_id=' . $del_id)->delete();
$this->success('删除成功', 'index.php?s=Admin/node/index');
} else {
$this->error('非法操作!');
}
}
function m__order()
{
global $t_obj, $l_obj;
//判断操作权限
check_level("H0703");
$ids = json_decode(stripslashes(urldecode($_POST['params'])), true);
foreach ($ids as $a) {
$params['qorder'] = $a['val'];
$res = $t_obj->update($params, $a['id']);
}
if ($res['state'] == 0) {
$l_obj->insert("修改排序成功");
die('{"code":"0","msg":"排序修改成功"}');
}
die('{"code":"100","msg":"排序修改失败"}');
}
function m__del_attr()
{
global $m_obj, $l_obj;
check_level("D0304");
$post = $_POST;
$model_id = isset($_GET['mid']) ? $_GET['mid'] : 0;
$where = " model_id = " . $model_id . " and field = '" . $post['field'] . "'";
$res = $m_obj->delete_model_field($where);
if ($res) {
$l_obj->insert("删除字段成功");
die('{"code":0,"msg":"删除成功"}');
} else {
die('{"code":1,"msg":"删除失败 "}');
}
}
function m__update_state()
{
global $u_obj, $l_obj;
check_level("B0103");
$user_id = isset($_GET['uid']) ? $_GET['uid'] : 0;
$state = isset($_GET['ustate']) ? $_GET['ustate'] : 1;
//把状态修改为需要更改的状态,因为传过来的是原始状态
$update_state = $state == 0 ? 1 : 0;
$update_msg = $state == 0 ? "停用" : "启用";
$params['ustate'] = $update_state;
$res = $u_obj->update($params, $user_id);
if ($res['state'] == 0) {
$l_obj->insert($update_msg . "用户成功【{$user_id}】");
die('{"code":"0","msg":"' . $update_msg . '用户成功","gid":"' . $user_id . '"}');
}
die('{"code":"100","msg":"' . $update_msg . '用户失败"}');
}
<?php
// ******************************************************************************************************************************
// MCMS Copyright (c) 2012-2013 ZhangYiYeTai Inc.
// The program developed by loyjers core architecture, individual all rights reserved, if you have any questions please contact loyjers@126.com
// ******************************************************************************************************************************
require_once dirname(__FILE__) . "/inc_common.php";
//加载共用代码
check_level("W02");
// ******************************************************************************************************************************
// 页面动作函数载入
// ******************************************************************************************************************************
call_mfunc();
// ******************************************************************************************************************************
// 模板载入
// ******************************************************************************************************************************
$tpl = assign_tpl_admin(basename(__FILE__));
$template = $tpl[0];
require_once $tpl[1];
//
// ******************************************************************************************************************************
// 页面动作函数方法,必须以 m__ 开头
// ******************************************************************************************************************************
// 列表
function m__list()
{
global $dbm, $list;
// 查询
$params['where'] = " 1=1";
if (isset($_GET['search_type']) && $_GET['search_type'] == 'msg_key' && isset($_GET['search_txt']) && $_GET['search_txt'] != '') {
$params['where'] .= " and(msg_key like '%" . $_GET['search_txt'] . "%' or msg_key1 like '%" . $_GET['search_txt'] . "%' or msg_key2 like '%" . $_GET['search_txt'] . "%' or msg_key3 like '%" . $_GET['search_txt'] . "%' or msg_key4 like '%" . $_GET['search_txt'] . "%' or msg_key5 like '%" . $_GET['search_txt'] . "%')";
public function del()
{
check_login();
check_level(3);
$del_id = I("get.del_id", '', 'number_int');
if ($del_id) {
//echo $del_id;
D('job')->where('job_id=' . $del_id)->delete();
$this->success('删除成功', 'index.php?s=Admin/job/index');
} else {
$this->error('非法操作!');
}
}
break;
}
if (check_level() >= 2 && !in_array($menu, array('4', '5', '6', '7', '8', '9', '10', '11', '12'))) {
$tpl->parse('cp_' . $menu . '_' . $sub_menu);
} elseif (check_level() >= 3 && !in_array($menu, array('6', '7', '8', '9', '10', '11', '12'))) {
$tpl->parse('cp_' . $menu . '_' . $sub_menu);
} elseif (check_level() >= 4 && !in_array($menu, array('11', '12'))) {
$tpl->parse('cp_' . $menu . '_' . $sub_menu);
} elseif (check_level() >= 9) {
$tpl->parse('cp_' . $menu . '_' . $sub_menu);
} elseif (in_array($menu, array('13', '14', '15', '16'))) {
$tpl->parse('cp_' . $menu . '_' . $sub_menu);
}
$menu_level = '';
if (check_level() >= 2) {
$menu_level .= @file_get_contents('templates/level_2.html');
}
if (check_level() >= 3) {
$menu_level .= @file_get_contents('templates/level_3.html');
}
if (check_level() >= 4) {
$menu_level .= @file_get_contents('templates/level_4.html');
}
if (check_level() >= 9) {
$menu_level .= @file_get_contents('templates/level_9.html');
}
$tpl->assign(array('menu_level' => $menu_level, 'version' => $version['name'] . ' ' . $version['value'], 'this_menu' => $this_menu, 'messages_new' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_messages WHERE message_to = '" . $_SESSION['user']['id'] . "' and message_read = 0")), 'total_user' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_users")), 'menu' => $menu, 'sub_menu' => $sub_menu));
$tpl->tpl_out();
} else {
header('Location: ../cnt-login.php');
}
<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
if (check_log() == true && check_level() >= 4) {
if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && strlen($_POST['img']) > 1) {
@mysql_query("INSERT INTO cnt_ads (ad_name, ad_image, ad_link, ad_type) VALUES ('" . $_POST['name'] . "', '" . $_POST['img'] . "', '" . $_POST['url'] . "', " . $_POST['type'] . ")");
header('Location: index.php?m=6');
} elseif ($_GET['type'] == 'edit') {
@mysql_query("UPDATE cnt_ads SET ad_name = '" . $_POST['name'] . "', ad_image = '" . $_POST['img'] . "', ad_link = '" . $_POST['url'] . "', ad_type = " . $_POST['type'] . " WHERE id = " . $_POST['id']);
header('Location: index.php?m=6');
} elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_ads WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=6');
} else {
header('Location: index.php?m=6');
}
} else {
echo "Hacking attempt";
}
function check_profile()
{
global $_POST;
global $CONST;
if (isset($_POST["question"]) && filter_var($_POST["question"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^{$_SESSION["level"]}[1-{$CONST["questions"]}]\$/")))) {
return check_question($_POST["question"]);
} else {
if (isset($_POST["advance"]) && filter_var($_POST["advance"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^[a-z\\d]+\$/i")))) {
return check_level($_POST["advance"]);
} else {
return NULL;
}
}
}
function m__reply()
{
global $dbm, $c;
check_level("E0703");
if (!isset($_POST['comment_id']) || !is_numeric($_POST['comment_id'])) {
die('{"code":"101","msg":"回复评论ID出错"}');
}
if (!isset($_POST['comment']) || trim($_POST['comment']) == '') {
die('{"code":"101","msg":"回复评论不能为空"}');
}
$comment = helper::escape(htmlspecialchars($_POST['comment']), 1);
$comment_id = intval($_POST['comment_id']);
$rs = $dbm->query_update("UPDATE " . TB_PREFIX . "comment SET reply = '{$comment}' WHERE comment_id = '{$comment_id}'");
if ($rs['error'] == '') {
die('{"code":"0","msg":"回复成功"}');
}
die('{"code":"1","msg":"评论失败"}');
}
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
include '../cnt-includes/functions.php';
if (check_log() == true) {
if ($_GET['type'] == 'add' && strlen($_POST['content']) >= 10 && $_POST['captcha'] == $_SESSION['captcha']) {
@mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")");
header('Location: ' . $_POST['back']);
} elseif ($_GET['type'] == 'reply' && check_level() >= 2) {
@mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_sid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_POST['id'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")");
header('Location: index.php?m=2');
} elseif ($_GET['type'] == 'edit' && check_level() >= 2) {
@mysql_query("UPDATE cnt_comments SET comment_content = '" . br($_POST['content']) . "' WHERE id = " . $_POST['id']);
header('Location: index.php?m=2');
} elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id'] && check_level() >= 2) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_comments WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=2');
} else {
echo "Hacking attempt";
}
} else {
echo "Hacking attempt";
}
$t_id = check_t_id($id);
$query = "SELECT id, f_id, t_id, author, title, data, replyof, last, ora, date \n\t\t FROM " . __PREFIX__ . "topic \n\t\t WHERE id = '" . $id . "' \n\t\t OR replyof = '" . $id . "' \n\t\t ORDER BY id, last DESC";
$res = mysql_query($query);
while ($row = mysql_fetch_row($res)) {
$query_2 = "SELECT email, web_site, msn, level, id, firma \n\t\t\t\t FROM " . __PREFIX__ . "users \n\t\t\t\t WHERE username = '******'";
$row_info = mysql_fetch_row(mysql_query($query_2));
$mail = login($username, $password) == FALSE ? '<i>Login richiesto!</i>' : check_null($row_info[0], 1);
?>
<div id="content">
<div id="userinfo">
<div><div style="float: left;"><b><?php
print $row[3];
?>
</b></div><div style="float: right;"><?php
print check_level($row_info[3]);
?>
</div></div><hr />
<div><div style="float: left;">Post:</div><div style="float:right;"><?php
print check_num_topic($row[3]);
?>
</div></div><hr />
<div><div style="float: left;">E-Mail:</div><div style="float: right;"><?php
print $mail;
?>
</div></div><hr />
<div><div style="float: left;">MsN:</div><div style="float: right;"><?php
print check_null($row_info[2], 1);
?>
</div></div><hr />
<div><div style="float: left;">Sito Web:</div><div style="float: right;"><?php
<?php
/*!
* **************************************************************
**************** ProQuiz V2 ******************************
***************************************************************/
/* documentation at: http://proquiz.softon.org/documentation/
/* Designed & Maintained by
/* - Softon Technologies
/* Developer
/* - Manzovi
/* For Support Contact @
/* - proquiz@softon.org
/* Release Date : 02 Feb 2011
/* Licensed under GPL license:
/* http://www.gnu.org/licenses/gpl.html
*/
?>
<ul>
<?php
foreach ($headMenu as $value) {
if (check_level($value) && check_auth($value)) {
if (preg_match('/' . $value['link'] . '/', $_SERVER['PHP_SELF'], $matches)) {
echo '<li><a class="current" href="' . $value['link'] . '">' . $value['title'] . '</a></li>';
} else {
echo '<li><a href="' . $value['link'] . '">' . $value['title'] . '</a></li>';
}
}
}
?>
</ul>
<?php
/*-----------------------------------*\
| Copyright © CNT |
| Phone: 0986.901.797 |
| Y!m: banmai_xanhmai |
| Website: CongNgheTre.Vn |
| Email: PeakOfMusic@Gmail.Com |
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
if (check_log() & check_level() >= 3) {
$total = @mysql_num_rows(@mysql_query("SELECT id FROM cnt_products"));
$data = '<?xml version="1.0"?>
<?mso-application progid="Excel.Sheet"?>
<Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet"
xmlns:html="http://www.w3.org/TR/REC-html40">
<DocumentProperties xmlns="urn:schemas-microsoft-com:office:office">
<Author>Admin</Author>
<LastAuthor>Admin</LastAuthor>
<Created>2010-08-12T12:09:16Z</Created>
<Company>- ETH0 -</Company>
<Version>11.9999</Version>
</DocumentProperties>
<ExcelWorkbook xmlns="urn:schemas-microsoft-com:office:excel">
<WindowHeight>9720</WindowHeight>
<WindowWidth>15195</WindowWidth>
<WindowTopX>480</WindowTopX>
function m__del()
{
global $dbm;
//判断操作权限
check_level("E0302");
// 直接传过来的删除动作
if (isset($_POST['nlink_id'])) {
$_POST['params'][] = $_POST['nlink_id'];
}
if (empty($_POST['params'])) {
die('{"code":"100","msg":"没有选中要删除的友链"}');
}
foreach ($_POST['params'] as $id) {
$id = intval($id);
$where = " nlink_id = '" . $id . "'";
$res = $dbm->single_del(TB_PREFIX . "nlink", $where);
if (!empty($res['error'])) {
continue;
}
}
logs("删除内链词成功");
die('{"code":"0","msg":"删除成功"}');
}
function m__set_state()
{
global $a_obj, $l_obj;
check_level("B0503");
if (!is_numeric($_GET['astate'])) {
die('{"code":"210","msg":"状态必须是数字"}');
}
$astate = $_GET['astate'];
//需要操作的状态
$params['astate'] = $astate;
$action = $_GET['astate'] == 1 ? "停用" : "启用";
$uids = explode(',', stripslashes($_POST['params']));
$count = 0;
$html = " ID 分别是:";
//初步处理信息。比如超级管理员不能停用等
foreach ($uids as $kuid => $vuid) {
if (!is_numeric($vuid)) {
die('{"code":"220","msg":"账号ID必须是数字"}');
}
//不能停用当前用户
if ($vuid == $_SESSION['admin']['admin_id']) {
die('{"code":"230","msg":"不能停用当前账户,请核对后再操作"}');
exit;
}
//不能停用超级管理员用户
if ($a_obj->is_super_admin($vuid)) {
die('{"code":"240","msg":"不能启用或停用超级管理员用户"}');
exit;
}
}
foreach ($uids as $kuid => $vuid) {
$res = $a_obj->update($params, $vuid);
$count++;
$html .= $vuid . ",";
}
$msg = "成功" . $action . "了 " . $count . " 个账号," . $html;
//$msg = '设置成功';
$l_obj->insert($msg);
die('{"code":"0","msg":"' . $msg . '"}');
}
<?php
//if returns yes in sched.php this page will be executed
include '../../config/connection.php';
include '../../config/sy.php';
require '../../auth.php';
confirm_logged_in();
check_level();
$course = $_REQUEST['course'];
$yrlvl = $_REQUEST['yrlvl'];
$sem = $_REQUEST['sem'];
$s = mysql_query("SELECT * FROM scheds WHERE course_id='{$course}' AND yrlvl='{$yrlvl}' AND sem='{$sem}'");
while ($t = mysql_fetch_array($s)) {
$trappings = mysql_query("SELECT * FROM schedules WHERE `subject_id`='{$t['subject_id']}' AND `course_id`='{$t['course_id']}' AND `section_id`='{$t['section_id']}' OR `time_id`='{$t['time_id']}' AND `room_id`='{$t['room_id']}' AND `sy_id`='{$sy['sy_id']}' AND `sem`='{$sem}' ");
if (mysql_num_rows($trappings) > 0) {
} else {
$insert = mysql_query("INSERT INTO schedules(`sched_id`,`subject_id`,`course_id`,`yrlvl`,`time_id`,`section_id`,`room_id`,`size`,`pop`,`sy_id`,`sem`,`status`)VALUES('','{$t['subject_id']}','{$t['course_id']}','{$t['yrlvl']}','{$t['time_id']}','{$t['section_id']}','{$t['room_id']}','{$t['size']}','{$t['pop']}','{$t['sy_id']}','{$t['sem']}','{$t['status']}')");
}
}
//$deleteexist=mysql_query("DELETE FROM scheds WHERE EXISTS (SELECT * FROM schedules WHERE scheds.sched_id=schedules.sched_id)");
echo "<meta http-equiv='refresh' content='0; url=classmenu.php'><script>alert('Schedules has been set successfully!')</script>";
\*-----------------------------------*/
define('CNT', true);
include '../cnt-includes/config.php';
include '../cnt-includes/functions.php';
if (check_log() == true) {
if ($_GET['type'] == 'my') {
if ($_POST['action'] == 1 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_bills WHERE bill_user = "******" and id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=14');
} else {
header('Location: index.php?m=14');
}
} elseif (check_level() >= 3) {
if ($_POST['action'] == 1 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("DELETE FROM cnt_bills WHERE id = " . $_POST['id'][$i]);
}
header('Location: index.php?m=4');
} elseif ($_POST['action'] == 2 && $_POST['id']) {
$total = count($_POST['id']);
for ($i = 0; $i < $total; $i++) {
@mysql_query("UPDATE cnt_bills SET bill_pay = 1 WHERE id = " . $_POST['id'][$i]);
$bill = @mysql_fetch_array(@mysql_query("SELECT bill_name, bill_phone, bill_fax, bill_email, bill_add, bill_content, bill_time FROM cnt_bills WHERE id = " . $_POST['id'][$i]));
$mail = '<div>
<p>
<strong>Đơn đặt hàng (Đã thanh toán)</strong> <em>(' . format_time($bill['bill_time'], 2) . ')</em>
</p>
