function Photo_Stream($userid, $friends = true) { if ($friends) { return db_array('SELECT photos.id AS photoid, users.name AS username, photos.title FROM photos CROSS JOIN users ON photos.userid = users.id CROSS JOIN friendships ON users.id = friendships.following WHERE follower = ? LIMIT 100', array($userid)); } return db_array('SELECT photos.id AS photoid, users.name AS username, photos.title FROM photos CROSS JOIN users ON photos.userid = users.id LIMIT 100'); }
public function ilist_by_category($att_categories_id) { $where = array('status' => 0); if ($att_categories_id > 0) { $where['att_categories_id'] = $att_categories_id; } return db_array($this->table_name, $where, 'add_time desc'); }
public function ilist($parent_id = NULL) { $where = ''; if (!is_null($parent_id)) { $where .= 'and parent_id=' . dbq($parent_id); } return db_array("select * from " . $this->table_name . " where status=0 {$where} order by parent_id, prio desc, iname"); }
function db_clear($tables = false) { //cant find where this is called from. obsolete? global $_josh; $sql = $_josh["db"]["language"] == "mssql" ? "SELECT name FROM sysobjects WHERE type='u' AND status > 0" : "SHOW TABLES FROM " . $_josh["db"]["database"]; $tables = $tables ? explode(",", $tables) : db_array($sql); foreach ($tables as $table) { db_query("DELETE FROM " . $table); } }
public static function authenticate($username, $password) { $users = db_array('SELECT id, name, password, hashing FROM users WHERE name = :username LIMIT 1', compact('username')); if (count($users)) { $storedCrypto = $users[0]['password']; $reEncrypted = blowfishEncrypt($password, $users[0]['hashing']); if ($reEncrypted['password'] == $storedCrypto) { return $users[0]; } } return false; }
public static function listing($userid, $includeprivate = true) { $visibility = array('public'); if ($includeprivate) { $visibility[] = 'private'; } $rows = db_array('SELECT id, text, type, created, visibility, userid FROM posts WHERE userid = :userid AND visibility IN :visibility AND deleted != "yes" ORDER BY DATE( created ) DESC, TIME( created ) ASC, id ASC', compact('userid', 'visibility')); foreach ($rows as $i => $row) { $rows[$i]['formatted'] = Post::format($row['text']); } return $rows; }
public function ShowFormAction($form_id) { $id = $form_id + 0; $dict_link_multi = array(); if ($this->fw->route['method'] == 'GET') { if ($id > 0) { $item = $this->model->one($id); $item["ftime_str"] = DateUtils::int2timestr($item["ftime"]); $dict_link_multi = FormUtils::ids2multi($item['dict_link_multi']); } else { #defaults $item = array('fint' => 0, 'ffloat' => 0); } } else { $itemdb = $id ? $this->model->one($id) : array(); $item = array_merge($itemdb, req('item')); $dict_link_multi = req('dict_link_multi'); } $ps = array('id' => $id, 'i' => $item, 'add_user_id_name' => fw::model('Users')->full_name($item['add_user_id']), 'upd_user_id_name' => fw::model('Users')->full_name($item['upd_user_id']), 'select_options_parent_id' => FormUtils::select_options_db(db_array("select id, iname from {$this->table_name} where parent_id=0 and status=0 order by iname"), $item['parent_id']), 'select_options_demo_dicts_id' => $this->model_related->get_select_options($item['demo_dicts_id']), 'dict_link_auto_id_iname' => $item['dict_link_auto_id'] ? $this->model_related->iname($item['dict_link_auto_id']) : $item['dict_link_auto_id_iname'], 'multi_datarow' => $this->model_related->get_multi_list($dict_link_multi), 'att_id_url_s' => $this->fw->model('Att')->get_url_direct($item['att_id'], 's')); #combo date #TODO FormUtils::combo4date( $item['fdate_combo'], $ps, 'fdate_combo'); return $ps; }
function upgrade_1284() { # migrate the ALL domain to the superadmin column # Note: The ALL domain is not (yet) deleted to stay backwards-compatible for now (will be done in a later upgrade function) $result = db_query("SELECT username FROM " . table_by_key('domain_admins') . " where domain='ALL'"); if ($result['rows'] > 0) { while ($row = db_array($result['result'])) { printdebug("Setting superadmin flag for " . $row['username']); db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true))); } } }
<? if(!check_perms('admin_dnu')) { error(403); } if($_POST['submit'] == 'Delete'){ //Delete if(!is_number($_POST['id']) || $_POST['id'] == ''){ error(0); } $DB->query('DELETE FROM do_not_upload WHERE ID='.$_POST['id']); } else { //Edit & Create, Shared Validation $Val->SetFields('name', '1','string','The name must be set, and has a max length of 40 characters', array('maxlength'=>40, 'minlength'=>1)); $Val->SetFields('comment', '0','string','The description has a max length of 255 characters', array('maxlength'=>255)); $Err=$Val->ValidateForm($_POST); // Validate the form if($Err){ error($Err); } $P=array(); $P=db_array($_POST); // Sanitize the form if($_POST['submit'] == 'Edit'){ //Edit if(!is_number($_POST['id']) || $_POST['id'] == ''){ error(0); } $DB->query("UPDATE do_not_upload SET Name='$P[name]', Comment='$P[comment]', UserID='$LoggedUser[ID]', Time='".sqltime()."' WHERE ID='$P[id]'"); } else { //Create $DB->query("INSERT INTO do_not_upload (Name, Comment, UserID, Time) VALUES ('$P[name]','$P[comment]','$LoggedUser[ID]','".sqltime."')"); } } // Go back
} } else { $QueryID = $DB->query("\n\t\tSELECT\n\t\t\tSQL_CALC_FOUND_ROWS\n\t\t\tIP,\n\t\t\tStartTime,\n\t\t\tEndTime\n\t\tFROM users_history_ips\n\t\tWHERE UserID = '{$UserID}'\n\t\t\t{$SearchIPQuery}\n\t\tORDER BY StartTime DESC\n\t\tLIMIT {$Limit}"); } if (isset($QueryID)) { $DB->query('SELECT FOUND_ROWS()'); list($NumResults) = $DB->next_record(); $DB->set_query_id($QueryID); $Results = $DB->to_array(false, MYSQLI_ASSOC); $IPMatches = $IPMatchesUser = $IPMatchesIgnored = array(); } else { $NumResults = 0; $Results = array(); } if (!empty($Results)) { $IPs = db_array($DB->collect('IP'), array(), true); $DB->query("\n\t\tSELECT\n\t\t\tUserID,\n\t\t\tIP,\n\t\t\tStartTime,\n\t\t\tEndTime\n\t\tFROM users_history_ips\n\t\tWHERE IP IN (" . implode(',', $IPs) . ")\n\t\t\tAND UserID != '{$UserID}'\n\t\t\tAND UserID != 0\n\t\tORDER BY StartTime DESC"); unset($IPs); while ($Match = $DB->next_record(MYSQLI_ASSOC)) { $OtherIP = $Match['IP']; $OtherUserID = $Match['UserID']; if (!isset($IPMatchesUser[$OtherIP][$OtherUserID])) { $IPMatchesUser[$OtherIP][$OtherUserID] = 0; } if ($IPMatchesUser[$OtherIP][$OtherUserID] < 500) { $IPMatches[$OtherIP][] = $Match; } else { if (!isset($IPMatchesIgnored[$OtherIP][$OtherUserID])) { $IPMatchesIgnored[$OtherIP][$OtherUserID] = 0; } $IPMatchesIgnored[$OtherIP][$OtherUserID]++;
$channels = array_post_checkboxes('channels'); $languages = db_table('SELECT id, code FROM languages'); foreach ($languages as $l) { $addresses = db_array('SELECT DISTINCT u.email FROM users u JOIN users_to_channels_prefs u2cp ON u.id = u2cp.user_id WHERE u.is_active = 1 AND u.language_id = ' . $l['id'] . ' AND u2cp.channel_id IN (' . implode(',', $channels) . ')'); $topic = db_grab('SELECT ISNULL(u.nickname, u.firstname) firstname, u.lastname, t.title' . langExt($l['code']) . ' title, t.description' . langExt($l['code']) . ' description, y.title' . langExt($l['code']) . ' type, t.created_date FROM bb_topics t LEFT JOIN bb_topics_types y ON t.type_id = y.id JOIN users u ON t.created_user = u.id WHERE t.id = ' . $id); $channels_text = db_array('SELECT title' . langExt($l['code']) . ' FROM channels WHERE id IN (' . implode(',', $channels) . ')'); $channels_text = implode(', ', $channels_text); $message = '<p style="font-weight:bold;">' . $topic['firstname'] . ' ' . $topic['lastname'] . ' ' . getString('bb_notify', $l['code']) . '</p> <p>' . getString('title', $l['code']) . ': ' . draw_link(url_base() . '/bb/topic.php?id=' . $id, $topic['title']) . '</p> <p>' . getString('channels_label', $l['code']) . ': ' . $channels_text . '</p>'; if ($topic['type']) { $message .= '<p>' . getString('category', $l['code']) . ': ' . $topic['type'] . '</p>'; } $message .= '<div style="color:#555; border-top:1px dotted #555; padding-top:5px; margin-top:5px;">' . $topic['description'] . '</div>'; emailUser($addresses, $topic['title'], $message); } } bbDrawRss(); url_change(); } echo drawTop(drawSyndicateLink('bb'));
include "include.php"; if (isset($_GET["deleteID"])) { if (db_grab("SELECT endDate FROM intranet_users WHERE userID = " . $_GET["deleteID"])) { db_query("UPDATE intranet_users SET isActive = 0, deletedBy = {$user["id"]}, deletedOn = GETDATE() WHERE userID = " . $_GET["deleteID"]); } else { db_query("UPDATE intranet_users SET isActive = 0, deletedBy = {$user["id"]}, deletedOn = GETDATE(), endDate = GETDATE() WHERE userID = " . $_GET["deleteID"]); } url_query_drop("deleteID"); } $orgs = array(); if (!isset($_GET["id"])) { $_GET["id"] = 0; } $orgs[0] = "Shared"; $orgs = db_array("SELECT id, description FROM organizations ORDER BY description", $orgs); drawTop(); ?> <table class="navigation staff" cellspacing="1"> <tr class="staff-hilite"> <?php foreach ($orgs as $key => $value) { ?> <td width="14.28%"<?php if ($_GET["id"] == $key) { ?> class="selected"<?php } ?> ><?php if ($_GET["id"] != $key) {
public static function get_combo_select_sql($sql, $sel_value) { $rows = db_array($sql); $result = ''; foreach ($rows as $k => $row) { $value = $row['id']; $desc = $row['iname']; if (!$value && !$desc) { continue; } if ($value == $sel_value) { $result .= "<option value=\"{$value}\" selected>{$desc}\n"; } else { $result .= "<option value=\"{$value}\">{$desc}\n"; } } return $result; }
/** * Retrieve information on someone who is on vacation * @return struct|boolean stored information on vacation - array(subject - string, message - string, active - boolean, activeFrom - date, activeUntil - date) * will return false if no existing data */ function get_details() { $table_vacation = table_by_key('vacation'); $E_username = escape_string($this->username); $sql = "SELECT * FROM {$table_vacation} WHERE email = '{$E_username}'"; $result = db_query($sql); if ($result['rows'] != 1) { return false; } $row = db_array($result['result']); $boolean = $row['active'] == db_get_boolean(true); # TODO: only return true and store the db result array in $this->whatever for consistency with the other classes return array('subject' => $row['subject'], 'body' => $row['body'], 'active' => $boolean, 'interval_time' => $row['interval_time'], 'activeFrom' => $row['activefrom'], 'activeUntil' => $row['activeuntil']); }
/* ----------------------- ПАРАМЕТРЫ СТРАНИЦЫ ----------------------- */ $page['title'] = 'Лог'; $page['desc'] = 'Лог сервера'; resource(['datatables/datatables/media/css/jquery.dataTables.min.css', 'datatables/datatables/media/js/jquery.dataTables.min.js', <<<JS \$(document).ready(function() { \$('table').DataTable( { "language": { "url": "//cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/Russian.json" } } ); } ); JS ]); /* ---------------------- КОНТРОЛЛЕР СТРАНИЦЫ ----------------------- */ // Запрашиваем записи лога, относящиеся к API $logs = db_array("SELECT *, " . "DATE_FORMAT(`created_at`, '%d.%m.%y в %H:%m:%s') AS `time` " . "FROM `log`" . "WHERE `type` = 'API'" . "ORDER BY `created_at` DESC"); /* -------------------------- ОТОБРАЖЕНИЕ ------------ */ ob_start(); ?> <h2>Лог запросов к серверу</h2> <hr /> <table class="display" cellspacing="0" width="100%"> <thead> <tr> <th>ID</th> <th>Время</th> <th>Значение</th> </tr> </thead> <tbody>
} else { $checks = array(); } if (!empty($f_options['variants'])) { foreach ($f_options['variants'] as $num => $val) { echo '<div class="checkbox"><label><input type="checkbox"'; echo ' name="' . $f_name . '[]"'; echo ' value="' . $num . '"'; if (array_search($num, $checks) !== false) { echo ' checked=""'; } echo '> ' . $val . '</label></div>'; } } else { if (!empty($f_options['mysql_query'])) { $variants = db_array($f_options['mysql_query']); foreach ($variants as $var) { echo '<div class="checkbox"><label><input type="checkbox"'; echo ' name="' . $f_name . '[]"'; echo ' value="' . $var[$f_options['row_id']] . '"'; if (array_search($var[$f_options['row_id']], $checks) !== false) { echo ' checked=""'; } echo '> ' . $var[$f_options['row_title']] . '</label></div>'; } } } break; } //if (!empty($f_options['dadata']['yandex_map'])) echo '<div id="' . $f_name . '_map" style="width: 100%; height: 180px"></div>'; ?>
function print_import() { global $self, $xurl, $DB; print_header(); ?> <center> <h3>Import DB</h3> <div class="frm"> <b>.sql</b> or <b>.gz</b> file: <input type="file" name="file1" value="" size=40><br> <input type="hidden" name="doim" value="1"> <input type="submit" value=" Upload and Import " onclick="return ays()"><input type="button" value=" Cancel " onclick="window.location='<?php eo($self . '?' . $xurl . '&db=' . $DB['db']); ?> '"> </div> <br><br><br> <!-- <h3>Import one Table from CSV</h3> <div class="frm"> .csv file (Excel style): <input type="file" name="file2" value="" size=40><br> <input type="checkbox" name="r1" value="1" checked> first row contain field names<br> <small>(note: for success, field names should be exactly the same as in DB)</small><br> Character set of the file: <select name="chset"><?php echo chset_select('utf8'); ?> </select> <br><br> Import into:<br> <input type="radio" name="tt" value="1" checked="checked"> existing table: <select name="t"> <option value=''>- select -</option> <?php echo sel(db_array('show tables', NULL, 0, 1), 0, ''); ?> </select> <div style="margin-left:20px"> <input type="checkbox" name="ttr" value="1"> replace existing DB data<br> <input type="checkbox" name="tti" value="1"> ignore duplicate rows </div> <input type="radio" name="tt" value="2"> create new table with name <input type="text" name="tn" value="" size="20"> <br><br> <input type="hidden" name="doimcsv" value="1"> <input type="submit" value=" Upload and Import " onclick="return ays()"><input type="button" value=" Cancel " onclick="window.location='<?php eo($self); ?> '"> </div> --> </center> <?php print_footer(); exit; }
<? /* * This is the backend of the AJAXy reports resolve (When you press the shiny submit button). * This page shouldn't output anything except in error, if you do want output, it will be put * straight into the table where the report used to be. Currently output is only given when * a collision occurs or a POST attack is detected. */ if(!check_perms('admin_reports')) { error(403); } //Don't escape: Log message $Escaped = db_array($_POST, array(15)); //If we're here from the delete torrent page instead of the reports page. if(!isset($Escaped['from_delete'])) { $Report = true; } else if(!is_number($Escaped['from_delete'])) { echo 'Hax occured in from_delete'; } else { $Report = false; } $PMMessage = $_POST['uploader_pm']; if(is_number($Escaped['reportid'])) { $ReportID = $Escaped['reportid']; } else { echo 'Hax occured in the reportid'; die();
// check if table already exists, if so, don't recreate it $r = db_query("SELECT relname FROM pg_class WHERE relname = 'config'"); if ($r['rows'] == 0) { $pgsql = "\n CREATE TABLE " . table_by_key('config') . " ( \n id SERIAL,\n name VARCHAR(20) NOT NULL UNIQUE,\n value VARCHAR(20) NOT NULL,\n PRIMARY KEY(id)\n )"; db_query_parsed($pgsql); } } else { $mysql = "\n CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('config') . "(\n `id` {AUTOINCREMENT} {PRIMARY},\n `name` VARCHAR(20) {LATIN1} NOT NULL DEFAULT '',\n `value` VARCHAR(20) {LATIN1} NOT NULL DEFAULT '',\n UNIQUE name ( `name` )\n )\n "; db_query_parsed($mysql, 0, " ENGINE = MYISAM COMMENT = 'PostfixAdmin settings'"); } $sql = "SELECT * FROM config WHERE name = 'version'"; // insert into config('version', '01'); $r = db_query($sql); if ($r['rows'] == 1) { $rs = $r['result']; $row = db_array($rs); $version = $row['value']; } else { $version = 0; } _do_upgrade($version); function _do_upgrade($current_version) { global $CONF; $target_version = preg_replace('/[^0-9]/', '', '$Revision: 397 $'); if ($current_version >= $target_version) { # already up to date echo "Database is up to date"; return true; } echo "<p>Updating database:<p>old version: {$current_version}; target version: {$target_version}";
<?php include '../include.php'; $emails = array('*****@*****.**', 'foo [at] bar', 'test@mweb.co.za;testest@clara.net'); $emails = db_array('SELECT email FROM users WHERE is_active = 1 ORDER BY email'); $good = $bad = array(); foreach ($emails as $e) { if (!($good[] = format_email($e))) { array_pop($good); $bad[] = $e; } } echo 'good emails:' . draw_list($good); echo '<hr>bad emails:' . draw_list($bad); //email($emails, 'this is some test content', 'this is a test');
} if ($_SERVER['REQUEST_METHOD'] == "POST") { $fUsername = escape_string($_POST['fUsername']); $fPassword = escape_string($_POST['fPassword']); $lang = safepost('lang'); if ($lang != check_language(0)) { # only set cookie if language selection was changed setcookie('lang', $lang, time() + 60 * 60 * 24 * 30); # language cookie, lifetime 30 days # (language preference cookie is processed even if username and/or password are invalid) } $active = db_get_boolean(True); $query = "SELECT password FROM {$table_mailbox} WHERE username='******' AND active={$active}"; $result = db_query($query); if ($result['rows'] == 1) { $row = db_array($result['result']); $password = pacrypt($fPassword, $row['password']); $query = "SELECT * FROM {$table_mailbox} WHERE username='******' AND password='******' AND active={$active}"; $result = db_query($query); if ($result['rows'] != 1) { $error = 1; $tMessage = $PALANG['pLogin_password_incorrect']; $tUsername = $fUsername; } } else { $error = 1; $tMessage = $PALANG['pLogin_username_incorrect']; } if ($error != 1) { session_regenerate_id(); $_SESSION['sessid'] = array();
<?php /* * This is the backend of the AJAXy reports resolve (When you press the shiny submit button). * This page shouldn't output anything except in error. If you do want output, it will be put * straight into the table where the report used to be. Currently output is only given when * a collision occurs or a POST attack is detected. */ if (!check_perms('admin_reports')) { error(403); } authorize(); //Don't escape: Log message, Admin message $Escaped = db_array($_POST, array('log_message', 'admin_message', 'raw_name')); //If we're here from the delete torrent page instead of the reports page. if (!isset($Escaped['from_delete'])) { $Report = true; } elseif (!is_number($Escaped['from_delete'])) { echo 'Hax occurred in from_delete'; } else { $Report = false; } $PMMessage = $_POST['uploader_pm']; if (is_number($Escaped['reportid'])) { $ReportID = $Escaped['reportid']; } else { echo 'Hax occurred in the reportid'; die; } if ($Escaped['pm_type'] != 'Uploader') { $Escaped['uploader_pm'] = '';
/** * Attempt to log a user in. * @param string $username * @param string $password * @return boolean true on successful login (i.e. password matches etc) */ public function login($username, $password) { $username = escape_string($username); $table = table_by_key($this->db_table); $active = db_get_boolean(True); $query = "SELECT password FROM {$table} WHERE " . $this->id_field . "='{$username}' AND active='{$active}'"; $result = db_query($query); if ($result['rows'] == 1) { $row = db_array($result['result']); $crypt_password = pacrypt($password, $row['password']); if ($row['password'] == $crypt_password) { return true; } } return false; }
function addRow($field) { global $_josh; extract($field); $return = ""; if ($type == "hidden") { $return .= draw_form_hidden($name, $value); } else { if ($label) { $return .= '<dt class="' . $type . '">' . $label; if ($additional && $type == "checkboxes") { $return .= $additional; } $return .= '</dt>' . $_josh["newline"]; } $return .= '<dd class="' . $type . '">'; if ($type == "checkbox") { $return .= '<div class="checkbox_option">' . draw_form_checkbox($name, $value) . '<span class="option_name" onclick="javascript:form_checkbox_toggle(\'' . $name . '\');">' . $additional . '</span></div>'; } elseif ($type == "checkboxes") { if ($value) { $options = db_query("SELECT o.id, o.name, (SELECT COUNT(*) FROM {$linking_table} l WHERE l.option_id = o.id AND l.object_id = {$value}) checked FROM {$options_table} o ORDER BY o.name"); } else { $options = db_query("SELECT id, name, 0 checked FROM {$options_table} ORDER BY name"); } while ($o = db_fetch($options)) { $name = "chk_" . str_replace("_", "-", $options_table) . "_" . $o["id"]; $return .= '<div class="checkbox_option">' . draw_form_checkbox($name, $o["checked"]) . '<span class="option_name" onclick="javascript:form_checkbox_toggle(\'' . $name . '\');">' . $o["name"] . '</span></div>'; } } elseif ($type == "date") { $return .= draw_form_date($name, $value, false) . $additional; } elseif ($type == "datetime") { $return .= draw_form_date($name, $value, true) . $additional; } elseif ($type == "note") { $return .= "<div class='note'>" . $additional . "</div>"; } elseif ($type == "password") { $return .= draw_form_password($name, $value, $class, 255, false) . $additional; } elseif ($type == "radio") { if (!$options) { if (!$sql) { $sql = "SELECT id, name FROM options_" . str_replace("_id", "", $name); } $options = db_array($sql); } if ($append) { while (list($addkey, $addval) = each($append)) { $options[$addkey] = $addval; } } foreach ($options as $id => $description) { $return .= '<div class="radio_option">' . draw_form_radio($name, $id, $value == $id, $class) . $description . '</div>'; } } elseif ($type == "select") { if (!$options) { if (!$sql) { $sql = "SELECT id, name FROM options_" . str_replace("_id", "", $name); } $options = db_array($sql); } if ($append) { while (list($addkey, $addval) = each($append)) { $options[$addkey] = $addval; } } $return .= draw_form_select($name, $options, $value, $required, $class, $action); } elseif ($type == "submit") { $return .= draw_form_submit($value, $class) . $additional; } elseif ($type == "text") { $return .= draw_form_text($name, $value, $class, $maxlength, false, false) . $additional; } elseif ($type == "textarea") { $return .= draw_form_textarea($name, $value, $class) . $additional; } $return .= '</dd>' . $_josh["newline"]; } return $return; }
function langUnsetFields($form, $names) { //unset fields for other languages //todo - take multiple names //if (!getOption('languages')) return false; $names = array_separated($names); foreach ($names as $name) { $languages = db_array('SELECT code FROM languages WHERE id <> ' . $_SESSION['language_id']); foreach ($languages as &$l) { $l = $name . langExt($l); } $form->unset_fields(implode(',', $languages)); } }
foreach ($addresses as $lang => $emails) { $topic = db_grab('SELECT t.title' . langExt($lang) . ' title, y.title' . langExt($lang) . ' type, t.created_date FROM bb_topics t LEFT JOIN bb_topics_types y ON t.type_id = y.id WHERE t.id = ' . $_POST['topic_id']); $reply = db_grab('SELECT f.description' . langExt($lang) . ' description, ISNULL(u.nickname, u.firstname) firstname, u.lastname FROM bb_followups f JOIN users u ON f.created_user = u.id WHERE f.id = ' . $id); $channels_text = db_array('SELECT c.title' . langExt($lang) . ' FROM bb_topics_to_channels t2c JOIN channels c ON t2c.channel_id = c.id WHERE t2c.topic_id = ' . $_POST['topic_id']); $channels_text = implode(', ', $channels_text); $message = '<p style="font-weight:bold;">' . $reply['firstname'] . ' ' . $reply['lastname'] . ' ' . getString('bb_followup', $lang) . '</p> <p>' . getString('title', $lang) . ': ' . draw_link(url_base() . '/bb/topic.php?id=' . $id, $topic['title']) . '</p> <p>' . getString('channels_label', $lang) . ': ' . $channels_text . '</p>'; if ($topic['type']) { $message .= '<p>' . getString('category', $lang) . ': ' . $topic['type'] . '</p>'; } $message .= '<div style="color:#555; border-top:1px dotted #555; padding-top:5px; margin-top:5px;">' . $reply['description'] . '</div>'; emailUser($emails, 'RE: ' . $topic['title'], $message); } } bbDrawRss(); url_change(); } elseif (isset($_GET['delete'])) { db_delete('bb_topics');
function do_export() { global $DB, $VERSION; $rt = $_REQUEST['t']; $t = split(",", $rt); $th = array_flip($t); $ct = count($t); $z = db_array("show variables like 'max_allowed_packet'"); $MAXI = floor($z[0]['Value'] * 0.8); if (!$MAXI) { $MAXI = 838860; } if ($ct == 1 && $_REQUEST['et'] == 'csv') { header('Content-type: text/csv'); header("Content-Disposition: attachment; filename=\"{$t['0']}.csv\""); $csv_data = "First Name,Last Name,Email,ClickBank ID,Registered\n"; $sth = db_query("select * from `{$t['0']}`"); $fn = mysql_num_fields($sth); for ($i = 0; $i < $fn; $i++) { $m = mysql_fetch_field($sth, $i); echo qstr($m->name) . ($i < $fn - 1 ? "," : ""); } echo "\n"; while ($row = mysql_fetch_row($sth)) { echo to_csv_row($row); } exit; } header('Content-type: text/plain'); header("Content-Disposition: attachment; filename=\"{$DB['db']}" . ($ct == 1 && $t[0] ? ".{$t['0']}" : ($ct > 1 ? '.' . $ct . 'tables' : '')) . ".sql\""); echo "-- phpMiniAdmin dump {$VERSION}\n-- Datetime: " . date('Y-m-d H:i:s') . "\n-- Host: {$DB['host']}\n-- Database: {$DB['db']}\n\n/*!40030 SET max_allowed_packet={$MAXI} */;\n\n"; $sth = db_query("show tables from {$DB['db']}"); while ($row = mysql_fetch_row($sth)) { if (!$rt || array_key_exists($row[0], $th)) { do_export_table($row[0], 1, $MAXI); } } exit; }
$sql_join .= " LEFT JOIN {$table_quota2} ON {$table_mailbox}.username={$table_quota2}.username "; } if (Config::bool('used_quotas') && !Config::bool('new_quota_table')) { $table_quota = table_by_key('quota'); $sql_select .= ", {$table_quota}.current "; $sql_join .= " LEFT JOIN {$table_quota} ON {$table_mailbox}.username={$table_quota}.username "; $sql_where .= " AND ( {$table_quota}.path='quota/storage' OR {$table_quota}.path IS NULL ) "; } $mailbox_pagebrowser_query = "{$sql_from}\n{$sql_join}\n{$sql_where}\n{$sql_order}"; $query = "{$sql_select}\n{$mailbox_pagebrowser_query}\n{$sql_limit}"; $result = db_query($query); if ($result['rows'] > 0) { $delimiter = preg_quote($CONF['recipient_delimiter'], "/"); $goto_single_rec_del = ""; $tMailbox = array(); while ($row = db_array($result['result'])) { if ($display_mailbox_aliases) { $goto_split = explode(",", $row['goto']); $row['goto_mailbox'] = 0; $row['goto_other'] = array(); foreach ($goto_split as $goto_single) { if (!empty($CONF['recipient_delimiter'])) { $goto_single_rec_del = preg_replace('/' . $delimiter . '[^' . $delimiter . '@]*@/', "@", $goto_single); } if ($goto_single == $row['username'] || $goto_single_rec_del == $row['username']) { # delivers to mailbox $row['goto_mailbox'] = 1; } elseif (Config::bool('vacation') && strstr($goto_single, '@' . $CONF['vacation_domain'])) { # vacation alias - TODO: check for full vacation alias # skip the vacation alias, vacation status is detected otherwise } else {
<?php authorize(); include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); $P = array(); $P = db_array($_POST); if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) { $Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3)); } else { // Get a collage name and make sure it's unique $name = $LoggedUser['Username'] . "'s personal collage"; $P['name'] = db_string($name); $DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'"); $i = 2; while ($DB->has_results()) { $P['name'] = db_string("{$name} no. {$i}"); $DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'"); $i++; } } $Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10)); $Err = $Val->ValidateForm($_POST); if (!$Err && $P['category'] === '0') { $DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'"); list($CollageCount) = $DB->next_record(); if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) { $Err = 'You may not create a personal collage.'; } elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) { $Err = 'Your personal collage\'s title must include your username.'; }
</td> </tr> <?php } ?> <tr> <td class="left"><?php echo getString('permissions'); ?> </td> <td colspan="2"> <?php if ($r['is_admin']) { echo "Site Administrator"; } else { $permissions = array_merge(db_array('SELECT m.title' . langExt() . ' title FROM modules m JOIN users_to_modules a ON m.id = a.module_id WHERE a.user_id = ' . $_GET['id'] . ' AND a.is_admin = 1 ORDER BY m.title'), db_array('SELECT m.title' . langExt() . ' title FROM modulettes m JOIN users_to_modulettes a ON m.id = a.modulette_id WHERE a.user_id = ' . $_GET['id'] . ' ORDER BY m.title')); if (count($permissions)) { sort($permissions); echo draw_list($permissions); } else { echo getString('none'); } } ?> </td> </tr> <?php } if (getOption("staff_showhome")) { ?> <tr class="group">