function checkClassPower($modulename, $classid) { global $admin_classid, $admin_id, $config; if ($config['classpower'] == 1) { if ($admin_classid > 2) { if (!class_exists('user_classpower')) { include_once WEB_MOD . 'users_classpower.class.php'; } $users_classpower = new Users_classpower(); $info = array(); $info = $users_classpower->GetInfo('', " userid = " . $admin_id . " and modulename = '" . $modulename . "' "); if (!empty($info)) { if (isset($info['classpower'])) { $power = array(); $power = explode(",", $info['classpower']); if (!in_array($classid, $power)) { errorInfo('用户权限不足(代码:c)', ''); } } } else { errorInfo('用户权限不足(代码:cnone)', ''); } } } }
public function getMovieByID($id) { $sql = "select * from movies where ID like '{$id}'"; $stmt = $this->conn->prepare($sql); $success = $stmt->execute(array($id)); if (!$success) { trigger_error($stmt_ > errorInfo()); return false; } else { return $stmt->fetchAll(); } }
public function search($q) { $sql = 'select * from messages where message=? or primary_city=?'; $stmt = $this->conn->prepare($sql); $success = $stmt->execute(array($q, $q)); if (!$success) { trigger_error($stmt_ > errorInfo()); return false; } else { return $stmt->fetchAll(); } }
<ul> <li><a href="./">Accueil</a></li> <li><a href="">Catégories</a> <ul> <?php $req = "SELECT * FROM rubriques ORDER BY lintitule ASC"; $rub_pics = $bdd->prepare($req) or die(print_r(errorInfo())); $rub_pics->execute(); while ($rubriques = $rub_pics->fetch()) { $sous_categories = $rubriques['lintitule']; $id_rub = $rubriques['id']; echo "<li><a href='categories?idrubriques=" . $id_rub . "'>{$sous_categories}</a></li>"; } ?> </ul> </li> <li><a href="contact.php">Nous Contacter</a></li> </ul>
// puis suppression dans la table photo $sql_30 = "DELETE FROM photo WHERE id = {$idphoto} AND utilisateur_id = {$idutil};"; $sql3 = $bdd->prepare($sql_30) or die(print_r(errorInfo())); $sql3->execute(); #echo $dossier_ori.$nom_photo['lenom'].".".$nom_photo['lextension']; // supression physique des fichiers unlink($dossier_ori . $nom_photo['lenom'] . "." . $nom_photo['lextension']); unlink($dossier_gd . $nom_photo['lenom'] . ".jpg"); unlink($dossier_mini . $nom_photo['lenom'] . ".jpg"); } #recuperation des images de l'utilisateurs $sql = "SELECT p.*, GROUP_CONCAT(r.id) AS idrub, GROUP_CONCAT(r.lintitule SEPARATOR '|||' ) AS lintitule\r\n FROM photo p\r\n\tLEFT JOIN photo_has_rubriques h ON h.photo_id = p.id\r\n LEFT JOIN rubriques r ON h.rubriques_id = r.id\r\n WHERE p.utilisateur_id = " . $_SESSION['id'] . "\r\n GROUP BY p.id\r\n ORDER BY p.id DESC LIMIT {$debut},{$elements_par_page_membre};\r\n "; $recup_sql = $bdd->query($sql) or die(print_r($bdd->erroInfo())); // récupération de toutes les rubriques pour le formulaire d'insertion $sql = "SELECT * FROM rubriques ORDER BY lintitule ASC;"; $recup_section = $bdd->prepare($sql) or die(print_r(errorInfo())); $recup_section->execute(); ?> <!DOCTYPE html> <html> <?php include "includes/head.php"; ?> <body> <div class="wrap"> <?php include 'includes/header.php'; ?> <div class="content"> Vous êtes connecté en tant que <span><?php
$pagetitle = '基本信息'; $pagepower = 'sys'; //基本部分 require 'checkpower.inc.php'; //功能部分 include_once WEB_INC . 'file.class.php'; include_once WEB_INC . 'string.class.php'; if (isset($submit)) { $FS = new files(); $STR = new C_STRING(); $info = array('isclose' => $isclose, 'closeinfo' => $closeinfo, 'webtitle' => $webtitle, 'indextitle' => $indextitle, 'webkeywords' => $webkeywords, 'webdescription' => $webdescription, 'webcopyright' => $webcopyright, 'webbeian' => $webbeian, 'templates' => $systemplates); $rs_msg = $STR->safe($info); if ($FS->file_Write($rs_msg, WEB_INC . 'sys.inc.php', 'sys')) { errorInfo('编辑成功'); } else { errorInfo(); } } else { $rs_sys = $sys; $templatesList = array(); function getTemplatesList() { global $config; $handler = opendir(WEB_ROOT . $config['defaultTemplates']); while (($filename = readdir($handler)) !== false) { //务必使用!==,防止目录下出现类似文件名“0”等情况 if ($filename != "." && $filename != "..") { $files[] = $filename; } } closedir($handler);
function doService() { global $db; $errMsgArr = array(); $errNum = 0; //MAKE SURE THEY PASSED US CREDENTIALS if (!isset($_POST['u']) || $_POST['u'] == '') { $errMsgArr[] = "No username provided for authentication"; $errNum++; } if (!isset($_POST['key']) || $_POST['key'] == '') { $errMsgArr[] = "No key provided for authentication"; $errNum++; } if ($errNum != 0) { return outputXML($errNum, $errMsgArr, ''); } //USE CREDENTIALS AND AUTHENTICATE $user = $_POST['u']; $recKey = $_POST['key']; $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;"); $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user)); //failed to access database for user info if (!$userInfoSuccess) { $errMsgArr[] = "DATABASE ERROR ONE"; $errNum++; return outputXML($errNum, $errMsgArr, ''); } $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC); $currKey = $memberInfo['CurrentKey']; $trustString = "xolJXj25jlk56LJkk5677LS"; $trustedKey = md5($currKey . $trustString); if (($recKey == $trustedKey || $recKey == $currKey) && $memberInfo['Type'] > 1) { //ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED //FIGURE OUT IF WE'RE ADDING A NEW ONE OR OLD $medIsSet = isset($_POST['med']); if (!isset($_POST['medication']) || $_POST['medication'] == '') { $errMsgArr[] = "No medication provided"; $errNum++; } if (!isset($_POST['dosage']) || $_POST['dosage'] == '') { $errMsgArr[] = "No dosage provided"; $errNum++; } if (!isset($_POST['startdate']) || $_POST['startdate'] == '') { $errMsgArr[] = "No start date provided"; $errNum++; } else { if (!preg_match('/^(2[0-9][0-9][0-9])-([1-9]|0[1-9]|1[0-2])-([1-9]|0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['startdate'])) { $errMsgArr[] = "Improper date format: start"; $errNum++; } } if (!isset($_POST['enddate']) || $_POST['enddate'] == '') { $errMsgArr[] = "No end date provided"; $errNum++; } else { if (!preg_match('/^(2[0-9][0-9][0-9])-([1-9]|0[1-9]|1[0-2])-([1-9]|0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['enddate'])) { $errMsgArr[] = "Improper date format : end"; $errNum++; } } if (!isset($_POST['pat']) || $_POST['pat'] == '') { $errMsgArr[] = "No patient provided"; $errNum++; } $med = $_POST['med']; $medication = $_POST['medication']; $dosage = $_POST['dosage']; $start = $_POST['startdate']; $end = $_POST['enddate']; $patient = $_POST['pat']; //update database with new appt info if ($errNum == 0) { if ($medIsSet) { $str = "UPDATE Medications SET `Medication`='{$medication}', `Dosage`='{$dosage}', `StartDate`='{$start}', `EndDate`='{$end}' WHERE `PK_MedicationsID`='{$med}';"; $update = $db->prepare($str); $success = $update->execute(); if (!$success) { $sqlError = $update > errorInfo(); $errMsgArr[] = $sqlError[2]; $errNum++; } } else { $str = "INSERT INTO Medications (`FK_PatientID`, `Medication`, `Dosage`, `StartDate`, `EndDate`) \r\n\t\t\t\t\t\tVALUES ('{$patient}', '{$medication}', '{$dosage}', '{$start}', '{$end}');"; $insert = $db->prepare($str); $success = $insert->execute(); if (!$success) { $sqlError = $insert->errorInfo(); $errMsgArr[] = $sqlError[2]; $errNum++; } else { $getID = $db->prepare("SELECT @@IDENTITY"); $success = $getID->execute(); if (!$success) { $sqlError = $getID->errorInfo(); $errMsgArr[] = $sqlError[2]; $errNum++; } else { $apptIDArray = $getID->fetch(PDO::FETCH_ASSOC); $_POST['med'] = $apptIDArray['@@IDENTITY']; } } } } } else { $errMsgArr[] = "Unauthorized to change medication information"; $errNum++; } $retVal = outputXML($errNum, $errMsgArr, $memberInfo); return $retVal; }
function doService() { global $db; $errMsgArr = array(); $errNum = 0; //MAKE SURE THEY PASSED US CREDENTIALS if (!isset($_POST['u']) || $_POST['u'] == '') { $errMsgArr[] = "No username provided for authentication"; $errNum++; } if (!isset($_POST['key']) || $_POST['key'] == '') { $errMsgArr[] = "No key provided for authentication"; $errNum++; } if ($errNum != 0) { return outputXML($errNum, $errMsgArr, ''); } //USE CREDENTIALS AND AUTHENTICATE $user = $_POST['u']; $recKey = $_POST['key']; $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;"); $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user)); //failed to access database for user info if (!$userInfoSuccess) { $errMsgArr[] = "DATABASE ERROR ONE"; $errNum++; return outputXML($errNum, $errMsgArr, ''); } $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC); $currKey = $memberInfo['CurrentKey']; $trustString = "xolJXj25jlk56LJkk5677LS"; $trustedKey = md5($currKey . $trustString); if (($recKey == $trustedKey || $recKey == $currKey) && $memberInfo['Type'] > 1) { //ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED //FIGURE OUT IF WE'RE ADDING A NEW ONE OR OLD $precIsSet = isset($_POST['prec']); if (!isset($_POST['desc']) || $_POST['desc'] == '') { $errMsgArr[] = "No description provided"; $errNum++; } if (!isset($_POST['pat']) || $_POST['pat'] == '') { $errMsgArr[] = "No patient provided"; $errNum++; } $prec = $_POST['prec']; $desc = $_POST['desc']; $patient = $_POST['pat']; //update database with new appt info if ($errNum == 0) { if ($precIsSet) { $str = "UPDATE Precondition SET `Description`='{$desc}' WHERE `PK_ConditionID`='{$prec}';"; $update = $db->prepare($str); $success = $update->execute(); if (!$success) { $sqlError = $update > errorInfo(); $errMsgArr[] = $sqlError[2]; $errNum++; } } else { $str = "INSERT INTO Precondition (`FK_PatientID`, `Description`) VALUES ('{$patient}', '{$desc}');"; $insert = $db->prepare($str); $success = $insert->execute(); if (!$success) { $sqlError = $insert->errorInfo(); $errMsgArr[] = $sqlError[2]; $errNum++; } else { $getID = $db->prepare("SELECT @@IDENTITY"); $success = $getID->execute(); if (!$success) { $sqlError = $getID->errorInfo(); $errMsgArr[] = $sqlError[2]; $errNum++; } else { $apptIDArray = $getID->fetch(PDO::FETCH_ASSOC); $_POST['prec'] = $apptIDArray['@@IDENTITY']; } } } } } else { $errMsgArr[] = "Unauthorized to change precondition information"; $errNum++; } $retVal = outputXML($errNum, $errMsgArr, $memberInfo); return $retVal; }
// si on confirme la suppression if (isset($_GET['delete']) && ctype_digit($_GET['delete'])) { $idphoto = $_GET['delete']; $idutil = $_SESSION['id']; // récupération du nom de la photo $sql_10 = "SELECT lenom, lextension FROM photo WHERE id={$idphoto};"; $sql1 = $bdd->prepare($sql_10) or die(print_r($bdd->erroInfo())); $sql1->execute(); $nom_photo = $sql1->fetch(); #suppression de la clef etrangere $sql_20 = "DELETE FROM photo_has_rubriques WHERE photo_id = {$idphoto};"; $sql2 = $bdd->prepare($sql_20) or die(print_r(errorInfo())); $sql2->execute(); // puis suppression dans la table photo $sql_30 = "DELETE FROM photo WHERE id = {$idphoto} AND utilisateur_id = {$idutil};"; $sql3 = $bdd->prepare($sql_30) or die(print_r(errorInfo())); $sql3->execute(); #echo $dossier_ori.$nom_photo['lenom'].".".$nom_photo['lextension']; // supression physique des fichiers unlink($dossier_ori . $nom_photo['lenom'] . "." . $nom_photo['lextension']); unlink($dossier_gd . $nom_photo['lenom'] . ".jpg"); unlink($dossier_mini . $nom_photo['lenom'] . ".jpg"); } #recuperation des images de l'utilisateurs $sql = "SELECT p.*, GROUP_CONCAT(r.id) AS idrub, GROUP_CONCAT(r.lintitule SEPARATOR '|||' ) AS lintitule\r\n FROM photo p\r\n\tLEFT JOIN photo_has_rubriques h ON h.photo_id = p.id\r\n LEFT JOIN rubriques r ON h.rubriques_id = r.id \r\n\tGROUP BY p.id\r\n\tORDER BY p.id DESC LIMIT {$debut},{$elements_par_page};\r\n "; $recup_sql = $bdd->query($sql) or die(print_r($bdd->erroInfo())); ?> <!DOCTYPE html> <html> <?php include "includes/head.php";
/** * Create a new post. */ function newPost($title, $content) { $stmt = $this->db->prepare("insert into post (title, content, user_id, datetime, picture, picture_id)\n\t\t\t values (:title, :content, 2, NOW(), 0,0)") or print_r("F**K ERROR" . $stmt . errorInfo()) && die; $stmt->bindValue(":title", $title); $stmt->bindValue(":content", $content); $stmt->execute(); }