function loadsession($user_id, $ip, $checkip = 1) { $session = array(); $sql = "select m.userpass,af.last_login,af.last_ip,af.first_name,af.last_name,af.member_id,af.permissions from {$this->table_prefix}members m,{$this->table_prefix}adminfields af WHERE m.id='" . $user_id . "' " . ($checkip ? "AND af.last_ip='{$ip}'" : '') . " AND m.id=af.member_id"; $result = $this->dbstuff->GetRow($sql); $this->info = $result; if (empty($result) || !$result) { echo "<script language='javascript'>top.location.href='login.php';</script>"; exit; } elseif ($checkip && !pb_strcomp($this->info['last_ip'], $ip)) { echo "<script language='javascript'>top.location.href='login.php';</script>"; exit; } }
break; default: break; } $result = $pdb->Execute($sql); if (!$result) { flash(); } } if (isset($_POST['save'])) { if (isset($_POST['id'])) { $member_id = $_POST['id']; } $vals = $_POST['data']['member']; if (!empty($_POST['data']['userpass'])) { if (!pb_strcomp($_POST['data']['userpass'], $_POST['data']['re_userpass'])) { flash("invalid_password"); } else { $vals['userpass'] = $member->authPasswd($_POST['data']['userpass']); } } if (!empty($_POST['data']['trusttype'])) { $vals['trusttype_ids'] = implode(",", $_POST['data']['trusttype']); } if (isset($_POST['data']['service_start_date'])) { $vals['service_start_date'] = Times::dateConvert($_POST['data']['service_start_date']); } if (isset($_POST['data']['service_end_date'])) { $vals['service_end_date'] = Times::dateConvert($_POST['data']['service_end_date']); } if (!empty($member_id)) {
function updateSpaceName($member_info, $new_space_name) { if (empty($member_info) || !$member_info || !is_array($member_info)) { return false; } if (!empty($member_info['id'])) { $this->id = $member_info['id']; $data = $this->dbstuff->GetRow("SELECT id,space_name FROM {$this->table_prefix}members WHERE id='" . $member_info['id'] . "'"); } elseif (!empty($member_info['username'])) { $data = $this->dbstuff->GetRow("SELECT id,space_name FROM {$this->table_prefix}members WHERE username='******'username'] . "'"); $this->id = $data['id']; } if (pb_strcomp($new_space_name, $data['space_name']) || empty($data)) { return; } else { $if_exists = $this->dbstuff->GetOne("SELECT id FROM {$this->table_prefix}members WHERE space_name='" . $new_space_name . "'"); if ($if_exists) { flash("space_name_exists"); } $return = $this->dbstuff->Execute("UPDATE {$this->table_prefix}members m SET m.space_name='" . $new_space_name . "' WHERE m.id=" . $this->id); $return = $this->dbstuff->Execute("UPDATE {$this->table_prefix}companies c SET c.cache_spacename='" . $new_space_name . "' WHERE c.member_id=" . $this->id); $return = $this->dbstuff->Execute("UPDATE {$this->table_prefix}jobs j SET j.cache_spacename='" . $new_space_name . "' WHERE j.member_id=" . $this->id); return true; } }
setvar("CheckStatus", $typeoption->get_cache_type("common_status")); setvar("BooleanVars", $typeoption->get_cache_type("common_option")); setvar("ProductSorts", $_PB_CACHE['productsort']); if (isset($_POST['save']) && !empty($_POST['data']['product']['name'])) { $result = false; $vals = array(); $vals = $_POST['data']['product']; if (isset($_POST['data']['company_name'])) { if (!pb_strcomp($_POST['data']['company_name'], $_POST['company_name'])) { $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['data']['company_name'] . "'"); } else { $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['company_name'] . "'"); } } if (isset($_POST['data']['username'])) { if (!pb_strcomp($_POST['data']['username'], $_POST['username'])) { $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'data']['username'] . "'"); } else { $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'username'] . "'"); } } $attachment->rename_file = "product-" . $time_stamp; if (isset($_POST['id'])) { $id = intval($_POST['id']); } if (!empty($id)) { $attachment->rename_file = "product-" . $id; } if (!empty($vals['content'])) { $vals['content'] = stripcslashes($vals['content']); }
$updated = false; $updated = $setting->replace($_POST['data']['setting']); if ($updated) { $cache->writeCache("setting", "setting"); pheader("location:setting.php?do=registerfile"); } else { flash(); } } if (isset($_POST['saveregister'])) { $updated = false; if (isset($_POST['data']['setting']['register_type']) && $_POST['data']['setting']['register_type'] != "close_register") { if (!empty($_POST['data']['setting']['reg_filename']) && !pb_strcomp($_POST['data']['setting']['reg_filename'], $_POST['data']['reg_filename'])) { $renameResult = rename(PHPB2B_ROOT . 'register.php', PHPB2B_ROOT . $_POST['data']['setting']['reg_filename']); } if (!empty($_POST['data']['setting']['post_filename']) && !pb_strcomp($_POST['data']['setting']['post_filename'], $_POST['data']['post_filename'])) { $renameResult = rename(PHPB2B_ROOT . 'post.php', PHPB2B_ROOT . $_POST['data']['setting']['post_filename']); } } if (!empty($_POST['data']['forbid_ip'])) { $datas = $string->txt2array($_POST['data']['forbid_ip']); if (!empty($datas)) { foreach ($datas as $val) { list($ip1, $ip2, $ip3, $ip4) = explode(".", $val); $tmp_ip[] = "('" . $ip1 . "','" . $ip2 . "','" . $ip3 . "','" . $ip4 . "')"; } $values = implode(",", $tmp_ip); if (!empty($tmp_ip)) { $pdb->Execute("INSERT INTO {$tb_prefix}banned (ip1,ip2,ip3,ip4) VALUES " . $values); } }
} if ($do == "admingroup") { if ($action == "edit") { $tpl_file = "adminrole.edit"; if (!empty($id)) { setvar("item", $result = $pdb->GetRow("SELECT * FROM {$tb_prefix}adminroles ag WHERE id=" . $id)); } } else { setvar("Items", $result = $pdb->GetArray("SELECT * FROM {$tb_prefix}adminroles ag")); $tpl_file = "adminrole"; } template($tpl_file); exit; } if ($do == "del" && !empty($id)) { if (pb_strcomp($id, $current_adminer_id) || pb_strcomp($id, $administrator_id)) { flash(); } else { $adminer->primaryKey = "member_id"; $result = $adminer->del(intval($id)); } } if ($do == "profile") { $res = $pdb->GetRow("SELECT m.*,af.* FROM {$tb_prefix}adminfields af LEFT JOIN {$tb_prefix}members m ON m.id=af.member_id WHERE af.member_id={$current_adminer_id}"); $res['member_id'] = $res['id']; setvar("item", $res); $tpl_file = "adminer.edit"; template($tpl_file); exit; } if ($do == "edit") {
ajax_exit($return); } break; case "attachment": uses("attachment"); //check permission $fileElementName = 'fileToUpload'; $attachment = new Attachment($fileElementName); $authed = false; if (!empty($_COOKIE[$cookiepre . 'admin'])) { $tAdminInfo = authcode($_COOKIE[$cookiepre . 'admin'], "DECODE"); $tAdminInfo = explode("\n", $tAdminInfo); if (!empty($tAdminInfo)) { //check admin password $adminPasswd = $member->field("userpass", array("username" => $tAdminInfo['username'])); if (pb_strcomp($tAdminInfo[2], $adminPasswd)) { $authed = true; } } } if (!empty($pb_user['pb_userid'])) { //if logined, check upload limit $attachment->is_image = true; $authed = true; } $attachment->if_thumb_large = false; $attachment->upload_dir = "swfupload" . DS . gmdate("Y") . gmdate("m") . DS . gmdate("d"); $str = $_FILES[$fileElementName]['name']; if (!empty($_FILES[$fileElementName]['name']) && $authed) { $attachment->if_thumb = false; $attachment->if_watermark = false;
} if (isset($_POST['save']) && !empty($_POST['data'])) { if (isset($_POST['id'])) { $id = intval($_POST['id']); } $vals = array(); $vals = $_POST['data']; if (isset($_POST['brand']['company_name'])) { if (!pb_strcomp($_POST['brand']['company_name'], $_POST['company_name'])) { $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['brand']['company_name'] . "'"); } else { $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['company_name'] . "'"); } } if (isset($_POST['brand']['username'])) { if (!pb_strcomp($_POST['brand']['username'], $_POST['username'])) { $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'brand']['username'] . "'"); } else { $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'username'] . "'"); } } $attachment->rename_file = "brand-" . ($brand->getMaxId() + 1); if (!empty($id)) { $attachment->rename_file = "brand-" . $id; } $vals['letter'] = L10n::getinitial($vals['name']); if (!empty($vals['description'])) { $vals['description'] = stripcslashes($vals['description']); } if (!empty($_FILES['pic']['name'])) { $attachment->upload_process();
function updateCachename($id, $new_name) { $old_name = $this->dbstuff->GetOne("SELECT name FROM {$this->table_prefix}companies WHERE id=" . $id); if (pb_strcomp($old_name, $new_name)) { return; } $this->dbstuff->Execute("UPDATE {$this->table_prefix}products p SET p.cache_companyname='" . $new_name . "' WHERE p.company_id=" . $id); $this->dbstuff->Execute("UPDATE {$this->table_prefix}trades t SET t.cache_companyname='" . $new_name . "' WHERE t.company_id=" . $id); }
pb_submit_check("data"); $checked = true; $login_name = trim($_POST['data']['username']); $user_email = trim($_POST['data']['email']); if (!pb_check_email($user_email)) { setvar("ERRORS", L("wrong_email_format")); $checked = false; } else { $member->setInfoByUserName($login_name); $member_info = $member->getInfo(); if (!$member_info || empty($member_info)) { setvar("ERRORS", L('member_not_exists')); setvar("postLoginName", $login_name); setvar("postUserEmail", $user_email); $checked = false; } elseif (!pb_strcomp($user_email, $member_info['email'])) { setvar("ERRORS", L("please_input_email")); $checked = false; } if (!pb_check_email($member_info['email'])) { $checked = false; } if ($checked) { $exp_time = $time_stamp + 86400; $hash = authcode(addslashes($member_info['username']) . "\t" . $exp_time, "ENCODE"); setvar("hash", rawurlencode($hash)); setvar("expire_date", date("Y-m-d H:i", strtotime("+1 day"))); $sended = pb_sendmail(array($member_info['email'], $login_name), L("pls_reset_passwd"), "getpasswd"); if (!$sended) { flash("email_send_false"); } else {
if (isset($_POST['price']['username'])) { if (!pb_strcomp($_POST['price']['username'], $_POST['username'])) { $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'price']['username'] . "'"); } else { $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'username'] . "'"); } } if (isset($_POST['price']['brand_name'])) { if (!pb_strcomp($_POST['price']['brand_name'], $_POST['brand_name'])) { $vals['brand_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}brands WHERE name='" . $_POST['price']['brand_name'] . "'"); } else { $vals['brand_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}brands WHERE name='" . $_POST['brand_name'] . "'"); } } if (isset($_POST['price']['product_name'])) { if (!pb_strcomp($_POST['price']['product_name'], $_POST['product_name'])) { $vals['product_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}products WHERE name='" . $_POST['price']['product_name'] . "'"); } else { $vals['product_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}products WHERE name='" . $_POST['product_name'] . "'"); } } //$vals['industry_id'] = PbController::getMultiId($_POST['industry']['id']); $vals['area_id'] = PbController::getMultiId($_POST['area']['id']); if (!empty($id)) { $vals['modified'] = $time_stamp; $result = $productprices->save($vals, "update", $id); } else { $vals['created'] = $vals['modified'] = $time_stamp; $result = $productprices->save($vals); } if (!$result) {