Example #1
0
 function loadsession($user_id, $ip, $checkip = 1)
 {
     $session = array();
     $sql = "select m.userpass,af.last_login,af.last_ip,af.first_name,af.last_name,af.member_id,af.permissions from {$this->table_prefix}members m,{$this->table_prefix}adminfields af WHERE m.id='" . $user_id . "' " . ($checkip ? "AND af.last_ip='{$ip}'" : '') . " AND m.id=af.member_id";
     $result = $this->dbstuff->GetRow($sql);
     $this->info = $result;
     if (empty($result) || !$result) {
         echo "<script language='javascript'>top.location.href='login.php';</script>";
         exit;
     } elseif ($checkip && !pb_strcomp($this->info['last_ip'], $ip)) {
         echo "<script language='javascript'>top.location.href='login.php';</script>";
         exit;
     }
 }
Example #2
0
            break;
        default:
            break;
    }
    $result = $pdb->Execute($sql);
    if (!$result) {
        flash();
    }
}
if (isset($_POST['save'])) {
    if (isset($_POST['id'])) {
        $member_id = $_POST['id'];
    }
    $vals = $_POST['data']['member'];
    if (!empty($_POST['data']['userpass'])) {
        if (!pb_strcomp($_POST['data']['userpass'], $_POST['data']['re_userpass'])) {
            flash("invalid_password");
        } else {
            $vals['userpass'] = $member->authPasswd($_POST['data']['userpass']);
        }
    }
    if (!empty($_POST['data']['trusttype'])) {
        $vals['trusttype_ids'] = implode(",", $_POST['data']['trusttype']);
    }
    if (isset($_POST['data']['service_start_date'])) {
        $vals['service_start_date'] = Times::dateConvert($_POST['data']['service_start_date']);
    }
    if (isset($_POST['data']['service_end_date'])) {
        $vals['service_end_date'] = Times::dateConvert($_POST['data']['service_end_date']);
    }
    if (!empty($member_id)) {
Example #3
0
 function updateSpaceName($member_info, $new_space_name)
 {
     if (empty($member_info) || !$member_info || !is_array($member_info)) {
         return false;
     }
     if (!empty($member_info['id'])) {
         $this->id = $member_info['id'];
         $data = $this->dbstuff->GetRow("SELECT id,space_name FROM {$this->table_prefix}members WHERE id='" . $member_info['id'] . "'");
     } elseif (!empty($member_info['username'])) {
         $data = $this->dbstuff->GetRow("SELECT id,space_name FROM {$this->table_prefix}members WHERE username='******'username'] . "'");
         $this->id = $data['id'];
     }
     if (pb_strcomp($new_space_name, $data['space_name']) || empty($data)) {
         return;
     } else {
         $if_exists = $this->dbstuff->GetOne("SELECT id FROM {$this->table_prefix}members WHERE space_name='" . $new_space_name . "'");
         if ($if_exists) {
             flash("space_name_exists");
         }
         $return = $this->dbstuff->Execute("UPDATE {$this->table_prefix}members m SET m.space_name='" . $new_space_name . "' WHERE m.id=" . $this->id);
         $return = $this->dbstuff->Execute("UPDATE {$this->table_prefix}companies c SET c.cache_spacename='" . $new_space_name . "' WHERE c.member_id=" . $this->id);
         $return = $this->dbstuff->Execute("UPDATE {$this->table_prefix}jobs j SET j.cache_spacename='" . $new_space_name . "' WHERE j.member_id=" . $this->id);
         return true;
     }
 }
Example #4
0
setvar("CheckStatus", $typeoption->get_cache_type("common_status"));
setvar("BooleanVars", $typeoption->get_cache_type("common_option"));
setvar("ProductSorts", $_PB_CACHE['productsort']);
if (isset($_POST['save']) && !empty($_POST['data']['product']['name'])) {
    $result = false;
    $vals = array();
    $vals = $_POST['data']['product'];
    if (isset($_POST['data']['company_name'])) {
        if (!pb_strcomp($_POST['data']['company_name'], $_POST['company_name'])) {
            $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['data']['company_name'] . "'");
        } else {
            $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['company_name'] . "'");
        }
    }
    if (isset($_POST['data']['username'])) {
        if (!pb_strcomp($_POST['data']['username'], $_POST['username'])) {
            $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'data']['username'] . "'");
        } else {
            $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'username'] . "'");
        }
    }
    $attachment->rename_file = "product-" . $time_stamp;
    if (isset($_POST['id'])) {
        $id = intval($_POST['id']);
    }
    if (!empty($id)) {
        $attachment->rename_file = "product-" . $id;
    }
    if (!empty($vals['content'])) {
        $vals['content'] = stripcslashes($vals['content']);
    }
Example #5
0
    $updated = false;
    $updated = $setting->replace($_POST['data']['setting']);
    if ($updated) {
        $cache->writeCache("setting", "setting");
        pheader("location:setting.php?do=registerfile");
    } else {
        flash();
    }
}
if (isset($_POST['saveregister'])) {
    $updated = false;
    if (isset($_POST['data']['setting']['register_type']) && $_POST['data']['setting']['register_type'] != "close_register") {
        if (!empty($_POST['data']['setting']['reg_filename']) && !pb_strcomp($_POST['data']['setting']['reg_filename'], $_POST['data']['reg_filename'])) {
            $renameResult = rename(PHPB2B_ROOT . 'register.php', PHPB2B_ROOT . $_POST['data']['setting']['reg_filename']);
        }
        if (!empty($_POST['data']['setting']['post_filename']) && !pb_strcomp($_POST['data']['setting']['post_filename'], $_POST['data']['post_filename'])) {
            $renameResult = rename(PHPB2B_ROOT . 'post.php', PHPB2B_ROOT . $_POST['data']['setting']['post_filename']);
        }
    }
    if (!empty($_POST['data']['forbid_ip'])) {
        $datas = $string->txt2array($_POST['data']['forbid_ip']);
        if (!empty($datas)) {
            foreach ($datas as $val) {
                list($ip1, $ip2, $ip3, $ip4) = explode(".", $val);
                $tmp_ip[] = "('" . $ip1 . "','" . $ip2 . "','" . $ip3 . "','" . $ip4 . "')";
            }
            $values = implode(",", $tmp_ip);
            if (!empty($tmp_ip)) {
                $pdb->Execute("INSERT INTO {$tb_prefix}banned (ip1,ip2,ip3,ip4) VALUES " . $values);
            }
        }
Example #6
0
 }
 if ($do == "admingroup") {
     if ($action == "edit") {
         $tpl_file = "adminrole.edit";
         if (!empty($id)) {
             setvar("item", $result = $pdb->GetRow("SELECT * FROM {$tb_prefix}adminroles ag WHERE id=" . $id));
         }
     } else {
         setvar("Items", $result = $pdb->GetArray("SELECT * FROM {$tb_prefix}adminroles ag"));
         $tpl_file = "adminrole";
     }
     template($tpl_file);
     exit;
 }
 if ($do == "del" && !empty($id)) {
     if (pb_strcomp($id, $current_adminer_id) || pb_strcomp($id, $administrator_id)) {
         flash();
     } else {
         $adminer->primaryKey = "member_id";
         $result = $adminer->del(intval($id));
     }
 }
 if ($do == "profile") {
     $res = $pdb->GetRow("SELECT m.*,af.* FROM {$tb_prefix}adminfields af LEFT JOIN {$tb_prefix}members m ON m.id=af.member_id WHERE af.member_id={$current_adminer_id}");
     $res['member_id'] = $res['id'];
     setvar("item", $res);
     $tpl_file = "adminer.edit";
     template($tpl_file);
     exit;
 }
 if ($do == "edit") {
Example #7
0
         ajax_exit($return);
     }
     break;
 case "attachment":
     uses("attachment");
     //check permission
     $fileElementName = 'fileToUpload';
     $attachment = new Attachment($fileElementName);
     $authed = false;
     if (!empty($_COOKIE[$cookiepre . 'admin'])) {
         $tAdminInfo = authcode($_COOKIE[$cookiepre . 'admin'], "DECODE");
         $tAdminInfo = explode("\n", $tAdminInfo);
         if (!empty($tAdminInfo)) {
             //check admin password
             $adminPasswd = $member->field("userpass", array("username" => $tAdminInfo['username']));
             if (pb_strcomp($tAdminInfo[2], $adminPasswd)) {
                 $authed = true;
             }
         }
     }
     if (!empty($pb_user['pb_userid'])) {
         //if logined, check upload limit
         $attachment->is_image = true;
         $authed = true;
     }
     $attachment->if_thumb_large = false;
     $attachment->upload_dir = "swfupload" . DS . gmdate("Y") . gmdate("m") . DS . gmdate("d");
     $str = $_FILES[$fileElementName]['name'];
     if (!empty($_FILES[$fileElementName]['name']) && $authed) {
         $attachment->if_thumb = false;
         $attachment->if_watermark = false;
Example #8
0
}
if (isset($_POST['save']) && !empty($_POST['data'])) {
    if (isset($_POST['id'])) {
        $id = intval($_POST['id']);
    }
    $vals = array();
    $vals = $_POST['data'];
    if (isset($_POST['brand']['company_name'])) {
        if (!pb_strcomp($_POST['brand']['company_name'], $_POST['company_name'])) {
            $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['brand']['company_name'] . "'");
        } else {
            $vals['company_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}companies WHERE name='" . $_POST['company_name'] . "'");
        }
    }
    if (isset($_POST['brand']['username'])) {
        if (!pb_strcomp($_POST['brand']['username'], $_POST['username'])) {
            $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'brand']['username'] . "'");
        } else {
            $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'username'] . "'");
        }
    }
    $attachment->rename_file = "brand-" . ($brand->getMaxId() + 1);
    if (!empty($id)) {
        $attachment->rename_file = "brand-" . $id;
    }
    $vals['letter'] = L10n::getinitial($vals['name']);
    if (!empty($vals['description'])) {
        $vals['description'] = stripcslashes($vals['description']);
    }
    if (!empty($_FILES['pic']['name'])) {
        $attachment->upload_process();
Example #9
0
 function updateCachename($id, $new_name)
 {
     $old_name = $this->dbstuff->GetOne("SELECT name FROM {$this->table_prefix}companies WHERE id=" . $id);
     if (pb_strcomp($old_name, $new_name)) {
         return;
     }
     $this->dbstuff->Execute("UPDATE {$this->table_prefix}products p SET p.cache_companyname='" . $new_name . "' WHERE p.company_id=" . $id);
     $this->dbstuff->Execute("UPDATE {$this->table_prefix}trades t SET t.cache_companyname='" . $new_name . "' WHERE t.company_id=" . $id);
 }
Example #10
0
 pb_submit_check("data");
 $checked = true;
 $login_name = trim($_POST['data']['username']);
 $user_email = trim($_POST['data']['email']);
 if (!pb_check_email($user_email)) {
     setvar("ERRORS", L("wrong_email_format"));
     $checked = false;
 } else {
     $member->setInfoByUserName($login_name);
     $member_info = $member->getInfo();
     if (!$member_info || empty($member_info)) {
         setvar("ERRORS", L('member_not_exists'));
         setvar("postLoginName", $login_name);
         setvar("postUserEmail", $user_email);
         $checked = false;
     } elseif (!pb_strcomp($user_email, $member_info['email'])) {
         setvar("ERRORS", L("please_input_email"));
         $checked = false;
     }
     if (!pb_check_email($member_info['email'])) {
         $checked = false;
     }
     if ($checked) {
         $exp_time = $time_stamp + 86400;
         $hash = authcode(addslashes($member_info['username']) . "\t" . $exp_time, "ENCODE");
         setvar("hash", rawurlencode($hash));
         setvar("expire_date", date("Y-m-d H:i", strtotime("+1 day")));
         $sended = pb_sendmail(array($member_info['email'], $login_name), L("pls_reset_passwd"), "getpasswd");
         if (!$sended) {
             flash("email_send_false");
         } else {
Example #11
0
 if (isset($_POST['price']['username'])) {
     if (!pb_strcomp($_POST['price']['username'], $_POST['username'])) {
         $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'price']['username'] . "'");
     } else {
         $vals['member_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}members WHERE username='******'username'] . "'");
     }
 }
 if (isset($_POST['price']['brand_name'])) {
     if (!pb_strcomp($_POST['price']['brand_name'], $_POST['brand_name'])) {
         $vals['brand_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}brands WHERE name='" . $_POST['price']['brand_name'] . "'");
     } else {
         $vals['brand_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}brands WHERE name='" . $_POST['brand_name'] . "'");
     }
 }
 if (isset($_POST['price']['product_name'])) {
     if (!pb_strcomp($_POST['price']['product_name'], $_POST['product_name'])) {
         $vals['product_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}products WHERE name='" . $_POST['price']['product_name'] . "'");
     } else {
         $vals['product_id'] = $pdb->GetOne("SELECT id FROM {$tb_prefix}products WHERE name='" . $_POST['product_name'] . "'");
     }
 }
 //$vals['industry_id'] = PbController::getMultiId($_POST['industry']['id']);
 $vals['area_id'] = PbController::getMultiId($_POST['area']['id']);
 if (!empty($id)) {
     $vals['modified'] = $time_stamp;
     $result = $productprices->save($vals, "update", $id);
 } else {
     $vals['created'] = $vals['modified'] = $time_stamp;
     $result = $productprices->save($vals);
 }
 if (!$result) {