function postmessage($ar) { $cn = connect_db(); $sql = "insert into `message` (touserid,fromuserid,subject,message,name) values ('" . $ar['touserid'] . "','" . $ar['fromuserid'] . "','" . magicquotes(htmlspecialchars($ar['subject'])) . "','" . formattext(htmlspecialchars(magicquotes($ar['message']))) . "','" . htmlspecialchars($ar['name']) . "')"; $result = mysql_query($sql, $cn) or die("ERROR :" . mysql_error()); disconnect_db($cn); }
document.getElementById('txtspan').style.display="block"; // document.getElementById('div_servicesubmenu').innerHTML=""; } </script> <?php $cn = connectdb(); if (isset($_GET['action']) == "add" && $_GET['type'] == "newpage") { $sqladd = "INSERT INTO contentmanager(page_title,meta_description,meta_keywords,menu_name,page_tpl,page_type) VALUES ('" . seofilter_title(magicquotes($_POST['pagetitle'])) . "','" . seofilter_meta(magicquotes($_POST['metadesc'])) . "','" . seofilter_meta(magicquotes($_POST['metakeywords'])) . "','" . magicquotes($_POST['menuname']) . "','" . urlencode($_POST['FCKeditor1']) . "','newpage')"; $linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error()); echo "<script>alert('Menu Added...'); window.location='contentmanager.php';</script>"; } if (isset($_GET['action']) == "add" && $_GET['type'] == "linkpage") { $sqladd = "INSERT INTO contentmanager(menu_name,ex_url,page_type) VALUES ('" . magicquotes($_POST['txtexmenuname']) . "','" . magicquotes($_POST['txtexurl']) . "','linkpage')"; $linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error()); echo "<script>alert('Menu Added...'); window.location='contentmanager.php';</script>"; } ?> <table align="center" > <tr> <td><img src="images/contentman.gif" /></td> <td style="color:#003399; font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:18px;" align="center" valign="middle"> Content Manager</td> </tr> </table> <br /><br />
Edit Content Manager</td> </tr> </table> <br /><br /> <?php $cn = connectdb(); if ($_GET['action'] != "" && $_GET['pageid'] != "") { // action update type newpage if ($_GET['action'] == "update" && $_GET['type'] == "newpage") { $sqladd = "UPDATE contentmanager set page_title='" . seofilter_title(magicquotes($_POST['pagetitle'])) . "',meta_description='" . seofilter_meta(magicquotes($_POST['metadesc'])) . "',meta_keywords='" . seofilter_meta(magicquotes($_POST['metakeywords'])) . "',menu_name='" . $_POST['menuname'] . "',page_tpl='" . urlencode($_POST['FCKeditor1']) . "' where id='" . $_GET['pageid'] . "'"; $linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error()); echo "<script>alert('Menu Updated...'); window.location='contentmanager.php';</script>"; } // action update type linkpage if ($_GET['action'] == "update" && $_GET['type'] == "linkpage") { $sqladd = "UPDATE contentmanager set menu_name='" . magicquotes($_POST['txtexmenuname']) . "',ex_url='" . magicquotes($_POST['txtexurl']) . "' where id='" . $_GET['pageid'] . "'"; $linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error()); echo "<script>alert('Menu Updated...'); window.location='contentmanager.php';</script>"; } // delete page if ($_GET['action'] == "delete") { $sql1 = "delete from contentmanager where id='" . $_GET['pageid'] . "'"; $link1 = mysql_query($sql1, $cn) or die("Error : " . mysql_error()); echo "<script>alert('Menu Deleted...'); window.location='contentmanager.php';</script>"; } // block page if ($_GET['action'] == "block") { $sql2 = "update contentmanager set block='1' where id='" . $_GET['pageid'] . "'"; $link2 = mysql_query($sql2, $cn) or die("Error : " . mysql_error()); echo "<script>alert('Menu Blocked...'); window.location='contentmanager.php';</script>"; }
function image_update($id, $date, $title, $description, $rotate) { $cn = connect_db(); if ($title == "") { $title = "No Title"; } if ($description == "") { $description = "No Description"; } $sql = "SELECT * FROM `photo` WHERE id='" . $id . "'"; $link = mysql_query($sql, $cn) or die("Error : " . mysql_error()); $data = mysql_fetch_assoc($link); $path1 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['original_url']); $path2 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['medium_url']); $path3 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['thumb_url']); if ($rotate == "CW") { rotateImage($path1, "CW"); rotateImage($path2, "CW"); rotateImage($path3, "CW"); } if ($rotate == "CCW") { rotateImage($path1, "CCW"); rotateImage($path2, "CCW"); rotateImage($path3, "CCW"); } $d1 = date("Y-m-d", strtotime($date)); $d1 .= date(" H:i:s", time()); $sql = "update `photo` set upload_time='" . $d1 . "', title='" . formattext(htmlspecialchars(magicquotes($title))) . "', description='" . formattext(magicquotes(htmlspecialchars($description))) . "' where id='" . $id . "'"; $link = mysql_query($sql, $cn) or die("Error : " . mysql_error()); disconnect_db($cn); }
function update_user($ar) { $cn = connect_db(); // print_r($ar); if ($ar['hidedob'] == "on") { $hidedob = 1; } else { $hidedob = 0; } if ($ar['hidegender'] == "on") { $hidegender = 1; } else { $hidegender = 0; } $sql = "update `users` set firstname='" . magicquotes($ar['firstname']) . "', lastname='" . magicquotes($ar['lastname']) . "', email='" . magicquotes($ar['email']) . "', photoid='" . $ar['photoid'] . "',title='" . magicquotes($ar['title']) . "', sitetype='" . $ar['sitetype'] . "', themecolor='" . $ar['color'] . "', description='" . formattext(magicquotes(htmlspecialchars($ar['sitedesc']))) . "', allowprint='" . $ar['allowprint'] . "',pictureview='" . $ar['pictureview'] . "',hidegender='" . $hidegender . "',hidedob='" . $hidedob . "' where userid='" . $_SESSION['gallery_userid'] . "'"; $link = mysql_query($sql, $cn) or die("Error : " . mysql_error()); disconnect_db($cn); }