function db_enter($table, $fields, $index = "id") { global $editing, $language, $user; $fields = explode(" ", $fields); foreach ($fields as $field) { if ($field == "password") { //binary password if ($editing) { $query1[] = $field . " = PWDENCRYPT('" . $_POST[$field] . "')"; } else { $query1[] = $field; $query2[] = $field . " = PWDENCRYPT('" . $_POST[$field] . "')"; } } elseif (substr($field, 0, 1) == "#") { //numeric $field = substr($field, 1); if (empty($_POST[$field])) { $_POST[$field] = "NULL"; } if ($editing) { $query1[] = $field . " = " . $_POST[$field]; } else { $query1[] = $field; $query2[] = $_POST[$field]; } } elseif (substr($field, 0, 1) == "*") { //date $field = substr($field, 1); if (isset($_POST["no" . $field])) { if ($editing) { $query1[] = $field . " = NULL"; } else { $query1[] = $field; $query2[] = "NULL"; } } else { if ($editing) { $query1[] = $field . " = " . format_post_date($field); } else { $query1[] = $field; $query2[] = format_post_date($field); } } } elseif (substr($field, 0, 1) == "@") { //file $field = substr($field, 1); if (isset($_POST[$field])) { //file posting is optional, from a php point of view if ($editing) { $query1[] = $field . " = " . format_binary($_POST[$field]); } else { $query1[] = $field; $query2[] = format_binary($_POST[$field]); } } } elseif (substr($field, 0, 1) == "|") { //html $field = substr($field, 1); if (isset($_POST[$field])) { if ($editing) { $query1[] = $field . " = " . format_html($_POST[$field]); } else { $query1[] = $field; $query2[] = "'" . format_html($_POST[$field]) . "'"; } } } else { //text $_POST[$field] = trim($_POST[$field]); $_POST[$field] = empty($_POST[$field]) ? "NULL" : "'" . $_POST[$field] . "'"; if ($editing) { $query1[] = $table . '.' . $field . " = " . $_POST[$field]; } else { $query1[] = $table . '.' . $field; $query2[] = $_POST[$field]; } } } if ($editing) { $query1[] = "updatedOn = GETDATE()"; if (isset($_POST["updatedBy"])) { $query1[] = "updatedBy = " . $_POST["updatedBy"]; } else { $query1[] = "updatedBy = " . $user["id"]; } db_query("UPDATE " . $table . " SET " . implode(", ", $query1) . " WHERE " . $index . " = " . $_GET["id"]); return $_GET["id"]; } else { $query1[] = "createdOn"; $query2[] = "GETDATE()"; $query1[] = "createdBy"; $query2[] = isset($_POST["createdBy"]) ? $_POST["createdBy"] : $user["id"]; $query1[] = "isActive"; $query2[] = 1; $r = db_query("INSERT INTO " . $table . " ( " . implode(", ", $query1) . " ) VALUES ( " . implode(", ", $query2) . ")"); return $r; } }
<?php include "../../include.php"; if (url_action("delete")) { db_query("UPDATE press_releases SET \n\t\t\t\tdeleted_date = GETDATE(),\n\t\t\t\tdeleted_user = {$_SESSION["user_id"]},\n\t\t\t\tis_active = 0\n\t\t\tWHERE id = " . $_GET["id"]); url_drop(); } elseif ($posting) { $theuser_id = $page['is_admin'] ? $_POST["created_user"] : $_SESSION["user_id"]; db_query("INSERT INTO press_releases (\n\t\theadline,\n\t\tdetail,\n\t\tlocation,\n\t\treleaseDate,\n\t\ttext,\n\t\tcorporationID,\n\t\tcreated_date,\n\t\tcreated_user,\n\t\tis_active\n\t) VALUES (\n\t\t'" . $_POST["headline"] . "',\n\t\t'" . $_POST["detail"] . "',\n\t\t'" . $_POST["location"] . "',\n\t\t" . format_post_date("releaseDate") . ",\n\t\t'" . format_html($_POST["text"]) . "',\n\t\t" . $_POST["corporationID"] . ",\n\t\tGETDATE(),\n\t\t" . $theuser_id . ",\n\t\t1\n\t)"); url_change(); } echo drawTop(); if (url_id()) { $r = db_grab("SELECT\n\t\t\theadline,\n\t\t\tdetail,\n\t\t\tlocation,\n\t\t\ttext,\n\t\t\treleaseDate\n\t\tFROM press_releases\n\t\tWHERE id = " . $_GET["id"]); ?> <table class="left" cellspacing="1"> <?php if ($page['is_admin']) { echo drawHeaderRow("Press Release", 1, "edit", "edit/?id=" . $_GET["id"]); } else { echo drawHeaderRow("Press Release", 1); } ?> <tr> <td style="padding:20px;" class="text"> <h1><?php echo $r["headline"]; ?> </h1> <b><?php echo $r["detail"];
function get_newsletter($multipart_boundary = null) { require_once __DIR__ . '/../vendor/autoload.php'; $loader = new Twig_Loader_Filesystem(get_template_directory() . '/inc/newsletter'); $twig = new Twig_Environment($loader, array()); $twig->addExtension(new Twig_Extensions_Extension_Intl()); $twig->addExtension(new Twig_Extensions_Extension_Text()); $twig->getExtension('Twig_Extension_Core')->setTimezone('Europe/Paris'); if (have_rows('tb_newsletter_sections', 'option')) { $categories = []; $subcategories = []; $posts = []; while (have_rows('tb_newsletter_sections', 'option')) { the_row(); foreach (get_sub_field('tb_newsletter_sections_items') as $post) { $category = get_post_top_category($post->ID); if ($category) { $subcategory = get_sub_field('tb_newsletter_sections_title'); $categories[$category->term_id] = ['slug' => $category->slug, 'name' => $category->name, 'url' => get_category_link($category)]; $subcategories[$category->term_id][$subcategory->term_id] = $subcategory->name; $posts[$category->term_id][$subcategory->term_id][] = ['post' => $post, 'author' => get_the_author_meta('display_name', $post->post_author), 'link' => get_post_permalink($post->ID), 'thumbnail' => wp_get_attachment_url(get_post_thumbnail_id($post->ID)), 'date_post' => format_post_date($post->post_date), 'event' => get_event_date($post->ID), 'place' => get_event_place($post->ID)]; } } } } $params = ['intro' => get_field('tb_newsletter_introduction', 'option'), 'categories' => $categories, 'subcategories' => $subcategories, 'posts' => $posts, 'outro' => get_field('tb_newsletter_footer', 'option')]; if ($multipart_boundary) { $params['boundary'] = $multipart_boundary; return $twig->render('newsletter-multipart.html', $params); } else { return $twig->render('newsletter-html.html', $params); } }
<?php include "include.php"; if ($posting) { $checkoutStart = format_post_date("checkoutStart"); $checkoutEnd = isset($_POST["noEndDate"]) ? "NULL" : format_post_date("checkoutEnd"); $id = db_query("INSERT INTO it_laptops_checkouts ( \r\n\t\t\tcheckoutUser, \r\n\t\t\tcheckoutStart, \r\n\t\t\tcheckoutEnd, \r\n\t\t\tcheckoutNotes,\r\n\t\t\tcheckoutLaptopID\r\n\t\t) VALUES (\r\n\t\t\t{$_POST["checkoutUser"]},\r\n\t\t\t{$checkoutStart},\r\n\t\t\t{$checkoutEnd},\r\n\t\t\t'{$_POST["checkoutNotes"]}',\r\n\t\t\t{$_GET["id"]})"); db_query("UPDATE it_laptops SET checkoutID = {$id}, laptopStatusID = 1 WHERE laptopID = " . $_GET["id"]); url_change("laptops.php"); } echo drawTop(); ?> <table class="left" cellspacing="1"> <?php echo drawHeaderRow("Check Laptop Out", 2); ?> <form method="post" action="<?php echo $request["path_query"]; ?> "> <tr> <td class="left">Laptop</td> <td><b><a href="laptop.php?id=<?php echo $_GET["id"]; ?> "><?php echo db_grab("SELECT laptopName FROM it_laptops WHERE laptopID = " . $_GET["id"]); ?> </a></b></td> </tr>