function quote() { global $viewhelper, $pos; $this->loadModel("quote"); $condition = $joins = $id = null; $conditions = array(); $tpl_file = "market/quote"; $viewhelper->setTitle(L("price_quotes", "tpl")); $viewhelper->setPosition(L("price_quotes", "tpl"), "index.php?do=market&action=quote"); if (isset($_GET['id'])) { $id = intval($_GET['id']); } if (isset($_GET['catid'])) { $type_id = intval($_GET['catid']); $conditions[] = "Quote.type_id='" . $type_id . "'"; $viewhelper->setTitle("The industry " . $type_id); } if (!empty($_GET['title'])) { $conditions[] = "title LIKE '%" . pb_addslashes($_GET['title']) . "%'"; } $this->quote->setCondition($conditions); $amount = $this->quote->findCount(null, $conditions); $fields = "Quote.*,Quote.created AS pubdate,ROUND((Quote.min_price+Quote.max_price)/2,2) AS price"; $result = $this->quote->findAll($fields, $joins, $conditions, "Quote.id DESC", $pos, $this->displaypg); setvar("items", pb_lang_split_recursive($result)); uaAssign(array("QuoteSearchFrom" => date("Y-m-d", strtotime("last month")), "QuoteSearchTo" => date("Y-m-d"))); setvar("paging", array('total' => $amount)); render($tpl_file); }
function write($sid, $sess_data) { $sess_data = pb_addslashes($sess_data); $expiry = $this->time + $this->lifetime; $sql = "SELECT * FROM {$this->sess_table} WHERE sesskey='{$sid}'"; $result = $this->db->GetRow($sql); if (!empty($result)) { $sql = "UPDATE {$this->sess_table} SET data='{$sess_data}',expiry='{$expiry}',modified='{$this->time}' WHERE sesskey='{$sid}'"; $this->db->Execute($sql); } else { $this->db->Execute("INSERT INTO {$this->sess_table} (sesskey,data,expiry,expireref,created,modified) VALUES('{$sid}', '{$sess_data}', '{$expiry}', '" . pb_getenv('PHP_SELF') . "', '{$this->time}', '{$this->time}')"); } return true; }
function setParams($extra = array()) { $params = array(); if (isset($_POST)) { $params['form'] = $_POST; if (ini_get('magic_quotes_gpc') === '1') { $params['form'] = pb_addslashes($params['form']); } if (pb_getenv('HTTP_X_HTTP_METHOD_OVERRIDE')) { $params['form']['_method'] = pb_getenv('HTTP_X_HTTP_METHOD_OVERRIDE'); } if (isset($params['form']['_method'])) { if (isset($_SERVER) && !empty($_SERVER)) { $_SERVER['REQUEST_METHOD'] = $params['form']['_method']; } else { $_ENV['REQUEST_METHOD'] = $params['form']['_method']; } unset($params['form']['_method']); } } $params = array_merge($extra, $params); if (isset($_GET)) { if (ini_get('magic_quotes_gpc') === '1') { $url = stripslashes_deep($_GET); } else { $url = $_GET; } if (isset($params['url'])) { $params['url'] = array_merge($params['url'], $url); } else { $params['url'] = $url; } } if (isset($params['action']) && strlen($params['action']) === 0) { $params['action'] = 'list'; } if (isset($params['form']['data'])) { $params['data'] = $params['form']['data']; unset($params['form']['data']); } $this->params = $params; }
$time_offset = isset($_PB_CACHE['setting']['time_offset']) ? $_PB_CACHE['setting']['time_offset'] : 0; $date_format = isset($_PB_CACHE['setting']['date_format']) ? $_PB_CACHE['setting']['date_format'] : "Y-m-d"; $time_now = array('time' => gmdate("{$date_format} H:i", $time_stamp + 3600 * $time_offset), 'offset' => $time_offset >= 0 ? $time_offset == 0 ? '' : '+' . $time_offset : $time_offset); if (PHP_VERSION > '5.1') { //@date_default_timezone_set('Etc/GMT'.($time_offset > 0 ? '-' : '+').(abs($time_offset))); } else { //@putenv("TZ=GMT".$time_now['offset']); } $viewhelper = new PbView(); $conditions = null; $pb_userinfo = pb_get_member_info(); if ($pb_userinfo) { $pb_user = $pb_userinfo; $pb_user = pb_addslashes($pb_user); uaAssign($pb_userinfo); } uaAssign(array('SiteUrl' => URL, 'Charset' => $charset, 'AppLanguage' => $app_lang)); uaAssign($_PB_CACHE['setting']); $pre_length = strlen($cookiepre); foreach ($_COOKIE as $key => $val) { if (substr($key, 0, $pre_length) == $cookiepre) { $_UCOOKIE[substr($key, $pre_length)] = MAGIC_QUOTES_GPC ? $val : pb_addslashes($val); } } $pre_refer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; if ($gzipcompress && function_exists('ob_gzhandler')) { ob_start('ob_gzhandler'); } else { $gzipcompress = 0; ob_start(); }
$file_cls = new Files(); $pb_protocol = 'http'; if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') { $pb_protocol = 'https'; } $PHP_SELF = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : preg_replace("/(.*)\\.php(.*)/i", "\\1.php", $_SERVER['PHP_SELF']); $BASESCRIPT = basename($PHP_SELF); list($BASEFILENAME) = explode('.', $BASESCRIPT); $install_url = htmlspecialchars($pb_protocol . "://" . pb_getenv('HTTP_HOST') . preg_replace("/\\/+(api|wap)?\\/*\$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))) . '/'); $siteUrl = substr($install_url, 0, -(strlen($BASEFILENAME) + 1)); $time_stamp = TIME; if ($_REQUEST) { if (!MAGIC_QUOTES_GPC) { $_REQUEST = pb_addslashes($_REQUEST); if ($_COOKIE) { $_COOKIE = pb_addslashes($_COOKIE); } } extract($_REQUEST, EXTR_SKIP); } if (!isset($_GET['step'])) { $step = '1'; } else { $step = intval($_GET['step']); } if (isset($_GET['do'])) { $do = trim($_GET['do']); if ($do == "complete") { include "step" . $step . ".inc.php"; exit; }
function pb_addslashes($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = pb_addslashes($val); } } else { $string = addslashes($string); } return $string; }
break; case "chart": if (empty($id)) { flash("pls_input_product_name", "market/quote.php"); } $info = $pdb->GetRow("SELECT * FROM " . $tb_prefix . "quotes WHERE id=" . $id); $pdb->Execute("UPDATE " . $tb_prefix . "quotes SET hits=hits+1 WHERE id=" . $id); $info['pubdate'] = df($info['created']); $info['clicked'] = $info['hits']; setvar("item", $info); $tpl_file = "detail.default"; render($tpl_file, true); break; case "search": if (!empty($_GET['title'])) { $conditions[] = "title LIKE '%" . pb_addslashes($_GET['title']) . "%'"; } break; default: break; } } if (isset($_GET['catid'])) { $type_id = intval($_GET['catid']); $conditions[] = "Quote.type_id='" . $type_id . "'"; $viewhelper->setTitle("The industry " . $type_id); } $quote->setCondition($conditions); $amount = $quote->findCount(null, $conditions); $fields = "Quote.*,Quote.created AS pubdate,ROUND((Quote.min_price+Quote.max_price)/2,2) AS price"; $result = $quote->findAll($fields, $joins, $conditions, "Quote.id DESC", $pos, $limit);
} $js_language = $app_lang; if ($show_ajax) { $show_ajax = 1; } $_G = array('SiteUrl' => URL, 'show_ajax' => $show_ajax, 'charset' => $charset, 'AppLanguage' => $app_lang, 'WebRootUrl' => $absolute_uri, 'TemplateDir' => 'templates', 'JsLanguage' => $js_language, 'cookiepre' => $cookiepre, 'cookiedomain' => $cookiedomain, 'cookiepath' => $cookiepath); uaAssign($_G); if (!empty($_PB_CACHE['setting']['site_theme_styles'])) { $_PB_CACHE['setting']['site_theme_styles'] = unserialize($_PB_CACHE['setting']['site_theme_styles']); } //at c, use $G;v, $_G. $G['setting'] = pb_lang_split_recursive($_PB_CACHE['setting']); $G['setting']['nav_id'] = ''; //Todo: setvar("_G", $G['setting']); uaAssign($G['setting']); if (!MAGIC_QUOTES_GPC) { $_GET = pb_addslashes($_GET); $_POST = pb_addslashes($_POST); $_COOKIE = pb_addslashes($_COOKIE); $_SERVER = pb_addslashes($_SERVER); } $G = am($G, $_GET, $_POST); $viewhelper = new PbView(); $pre_refer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; if ($gzipcompress && function_exists('ob_gzhandler')) { ob_start('ob_gzhandler'); } else { $gzipcompress = 0; ob_start(); }