<?php /** * User Management * * User administration functions * * @package Multiuser * @author Andreas Gohr <*****@*****.**> * @author Andreas Götz <*****@*****.**> * @version $Id: users.php,v 1.23 2013/03/15 16:42:46 andig2 Exp $ */ require_once './core/functions.php'; localnet_or_die(); permission_or_die(PERM_ADMIN); /** * Create user * * @param string $user Username * @param string $pass Password * @param string $perm permission as integer * @return boolean true on success */ function create_user($user, $pass, $perm, $email) { global $config; // acquire next free "real" user-id $SQL = "SELECT (MAX(id)+1) AS id FROM " . TBL_USERS . " WHERE id != " . $config['guestid'] . ";"; $res = runSQL($SQL); $nextid = $res[0]['id']; $SQL = "INSERT INTO " . TBL_USERS . "\n SET id = " . $nextid . ",\n \t name = '" . addslashes($user) . "',\n passwd = '" . md5($pass) . "',\n permissions = {$perm},\n email = '" . addslashes($email) . "'";
* @author Andreas Goetz <*****@*****.**> */ function removeCacheFile($url) { // get extension if (preg_match("/\\.(jpe?g|gif|png)\$/i", $url, $matches)) { // check if file exists if (cache_file_exists($url, $cache_file, CACHE_IMG, $matches[1])) { @unlink($cache_file); } } } // check for localnet localnet_or_die(); // multiuser permission check permission_or_die(PERM_WRITE, get_owner_id($id)); /* // remove old cover image from cache $SQL = 'SELECT imgurl FROM '.TBL_DATA.' WHERE id = '.$id; $res = runSQL($SQL); if (count($res)) { removeCacheFile($res[0]['imgurl']); } */ // remove actual data runSQL('DELETE FROM ' . TBL_DATA . ' WHERE id = ' . $id); runSQL('DELETE FROM ' . TBL_VIDEOGENRE . ' WHERE video_id = ' . $id); //2015-10-6 Alex ADD start runSQL('DELETE FROM ' . TBL_VIDEOSTUDIO . ' WHERE video_id = ' . $id); //2015-10-6 Alex ADD end
/** * Search page * * Database searches for movies * * @package Search * @author parts by Justin Pasher <*****@*****.**> * @author parts by Chinamann <*****@*****.**> * @version $Id: search.php,v 2.61 2013/03/16 14:29:47 andig2 Exp $ */ require_once './core/session.php'; require_once './core/functions.php'; require_once './core/queryparser.php'; require_once './core/output.php'; // multiuser permission check permission_or_die(PERM_READ, PERM_ANY); // set defaults and update session session_default('listcolumns', $config['listcolumns']); session_set('genres', $genres = isset($genres) ? $genres : array()); //2015-10-6 Alex ADD start session_set('studios', $studios = isset($studios) ? $studios : array()); //2015-10-6 Alex ADD end // enable redirects to last list view for delete.php session_set('listview', 'search.php'); /** * Update item list asynchronously * * @author Andreas Goetz <*****@*****.**> */ function ajax_render() {
* @todo Add error message for unknown genres * * @package videoDB * @author Andreas Gohr <*****@*****.**> * @author Chinamann <*****@*****.**> * @version $Id: edit.php,v 2.90 2013/03/11 19:00:26 andig2 Exp $ */ require_once './core/functions.php'; require_once './core/genres.php'; require_once './core/custom.php'; require_once './core/edit.core.php'; require_once './engines/engines.php'; // check for localnet localnet_or_die(); // multiuser permission check permission_or_die(PERM_WRITE, $id ? get_owner_id($id) : PERM_ANY); // clean input data $genres = is_array($genres) ? array_filter($genres) : array(); // ajax autocomplete? if ($ajax_prefetch_id || $ajax_autocomplete_title || $ajax_autocomplete_subtitle) { // add some delay for debugging if ($config['debug'] && $_SERVER['SERVER_ADDR'] == '127.0.0.1') { usleep(rand(200, 1000) * 1000); } // prefetch external data if ($ajax_prefetch_id) { $data = engineGetData($ajax_prefetch_id, engineGetEngine($ajax_prefetch_id)); if (count($data)) { $data['imdbID'] = $ajax_prefetch_id; $data['actors'] = $data['cast']; $data['imgurl'] = $data['coverurl'];
* * (c) 2005 GPL'd * * @package Contrib * @author Chinamann <*****@*****.**> * @meta ACCESS:PERM_ADMIN */ chdir('..'); require_once './core/functions.php'; require_once './core/custom.php'; require_once './core/security.php'; require_once './engines/engines.php'; // check for localnet localnet_or_die(); // multiuser permission check permission_or_die(PERM_WRITE); if (!check_permission(PERM_ADMIN)) { ?> <html> <head> <title>Convert fetch engine (dvdpalace<->dvdb)</title> <meta http-equiv="refresh" content="0; URL=../index.php"> <META http-equiv="Content-Style-Type" content="text/html"> </head> <body> </body> </html> <?php } else { if (isset($submit) && $submit == "Yes") {
chdir('..'); require_once './core/functions.php'; require_once './core/genres.php'; require_once './core/custom.php'; require_once './core/security.php'; require_once './engines/dvdb.php'; $didigits = $GLOBALS['config']['diskid_digits']; if (empty($didigits)) { $didigits = 4; } // change this if you have some fancy naming style $NEXTUSERID = "SELECT lpad(max(diskid)+1, " . $didigits . ", '0') AS max FROM " . TBL_DATA . ' WHERE diskid NOT REGEXP "[^0-9]"'; // check for localnet localnet_or_die(); // multiuser permission check permission_or_die(PERM_WRITE, $_COOKIE['VDBuserid']); if (isset($_GET['process']) && $_GET['process'] != "") { // fetch Media-Types from DB $SELECT = 'SELECT id, name FROM ' . TBL_MEDIATYPES . ' ORDER BY name'; $result = runSQL($SELECT); foreach ($result as $row) { $mediatypes[$row['id']] = $row['name']; } $notFound = -1; if (isset($_GET['barcode']) && $_GET['barcode'] != "") { $data = dvdbSearch($_GET['barcode'], 'ean'); if (count($data) > 0) { // assign automatic disk id if ($config['autoid'] && empty($diskid)) {
// add some delay for debugging if ($config['debug'] && $_SERVER['SERVER_ADDR'] == '127.0.0.1') { usleep(rand(200, 1000) * 1000); } if (isset($seen)) { set_userseen($ajax_update, $seen); header('X-JSON: ' . json_encode(array('result' => $seen > 0))); } elseif (isset($rating)) { // Permission check same as edit.php // check for localnet localnet_or_die(); // multiuser permission check if (empty($id)) { permission_or_die(PERM_WRITE); } else { permission_or_die(PERM_WRITE, get_owner_id($ajax_update)); } runSQL('UPDATE ' . TBL_DATA . ' SET rating=' . $rating . ' WHERE id=' . $ajax_update); } // make sure no artifacts $smarty->clearCache('list.tpl'); exit; } // random view if (empty($id)) { $count = 0; $all = strtoupper($lang['radio_all']); $WHERES = ''; if ($config['multiuser']) { // explicit setting of owner $owner = session_get('owner');
/** * Borrow Manager * * Handles lending of disks * * @package videoDB * @author Andreas Gohr <*****@*****.**> * @version $Id: borrow.php,v 2.21 2013/03/10 16:20:10 andig2 Exp $ */ require_once './core/functions.php'; require_once './core/output.php'; // check for localnet localnet_or_die(); // permission check permission_or_die(PERM_WRITE, PERM_ANY); // borrowmanagement for single disk $editable = false; if (!empty($diskid)) { if (check_permission(PERM_WRITE, get_owner_id($diskid, true))) { $editable = true; if ($return) { $SQL = "DELETE FROM " . TBL_LENT . " WHERE diskid = '" . addslashes($diskid) . "'"; runSQL($SQL); } if (!empty($who)) { $who = addslashes($who); $SQL = "INSERT INTO " . TBL_LENT . " SET who = '" . addslashes($who) . "', diskid = '" . addslashes($diskid) . "'"; runSQL($SQL); } $SQL = "SELECT who, DATE_FORMAT(dt,'%d.%m.%Y') AS dt \n FROM " . TBL_LENT . " \n WHERE diskid = '" . addslashes($diskid) . "'";