<?php
/**
* User Management
*
* User administration functions
*
* @package Multiuser
* @author Andreas Gohr <*****@*****.**>
* @author Andreas Götz <*****@*****.**>
* @version $Id: users.php,v 1.23 2013/03/15 16:42:46 andig2 Exp $
*/
require_once './core/functions.php';
localnet_or_die();
permission_or_die(PERM_ADMIN);
/**
* Create user
*
* @param string $user Username
* @param string $pass Password
* @param string $perm permission as integer
* @return boolean true on success
*/
function create_user($user, $pass, $perm, $email)
{
global $config;
// acquire next free "real" user-id
$SQL = "SELECT (MAX(id)+1) AS id FROM " . TBL_USERS . " WHERE id != " . $config['guestid'] . ";";
$res = runSQL($SQL);
$nextid = $res[0]['id'];
$SQL = "INSERT INTO " . TBL_USERS . "\n SET id = " . $nextid . ",\n \t name = '" . addslashes($user) . "',\n passwd = '" . md5($pass) . "',\n permissions = {$perm},\n email = '" . addslashes($email) . "'";
* @author Andreas Goetz <*****@*****.**>
*/
function removeCacheFile($url)
{
// get extension
if (preg_match("/\\.(jpe?g|gif|png)\$/i", $url, $matches)) {
// check if file exists
if (cache_file_exists($url, $cache_file, CACHE_IMG, $matches[1])) {
@unlink($cache_file);
}
}
}
// check for localnet
localnet_or_die();
// multiuser permission check
permission_or_die(PERM_WRITE, get_owner_id($id));
/*
// remove old cover image from cache
$SQL = 'SELECT imgurl FROM '.TBL_DATA.' WHERE id = '.$id;
$res = runSQL($SQL);
if (count($res))
{
removeCacheFile($res[0]['imgurl']);
}
*/
// remove actual data
runSQL('DELETE FROM ' . TBL_DATA . ' WHERE id = ' . $id);
runSQL('DELETE FROM ' . TBL_VIDEOGENRE . ' WHERE video_id = ' . $id);
//2015-10-6 Alex ADD start
runSQL('DELETE FROM ' . TBL_VIDEOSTUDIO . ' WHERE video_id = ' . $id);
//2015-10-6 Alex ADD end
/**
* Search page
*
* Database searches for movies
*
* @package Search
* @author parts by Justin Pasher <*****@*****.**>
* @author parts by Chinamann <*****@*****.**>
* @version $Id: search.php,v 2.61 2013/03/16 14:29:47 andig2 Exp $
*/
require_once './core/session.php';
require_once './core/functions.php';
require_once './core/queryparser.php';
require_once './core/output.php';
// multiuser permission check
permission_or_die(PERM_READ, PERM_ANY);
// set defaults and update session
session_default('listcolumns', $config['listcolumns']);
session_set('genres', $genres = isset($genres) ? $genres : array());
//2015-10-6 Alex ADD start
session_set('studios', $studios = isset($studios) ? $studios : array());
//2015-10-6 Alex ADD end
// enable redirects to last list view for delete.php
session_set('listview', 'search.php');
/**
* Update item list asynchronously
*
* @author Andreas Goetz <*****@*****.**>
*/
function ajax_render()
{
* @todo Add error message for unknown genres
*
* @package videoDB
* @author Andreas Gohr <*****@*****.**>
* @author Chinamann <*****@*****.**>
* @version $Id: edit.php,v 2.90 2013/03/11 19:00:26 andig2 Exp $
*/
require_once './core/functions.php';
require_once './core/genres.php';
require_once './core/custom.php';
require_once './core/edit.core.php';
require_once './engines/engines.php';
// check for localnet
localnet_or_die();
// multiuser permission check
permission_or_die(PERM_WRITE, $id ? get_owner_id($id) : PERM_ANY);
// clean input data
$genres = is_array($genres) ? array_filter($genres) : array();
// ajax autocomplete?
if ($ajax_prefetch_id || $ajax_autocomplete_title || $ajax_autocomplete_subtitle) {
// add some delay for debugging
if ($config['debug'] && $_SERVER['SERVER_ADDR'] == '127.0.0.1') {
usleep(rand(200, 1000) * 1000);
}
// prefetch external data
if ($ajax_prefetch_id) {
$data = engineGetData($ajax_prefetch_id, engineGetEngine($ajax_prefetch_id));
if (count($data)) {
$data['imdbID'] = $ajax_prefetch_id;
$data['actors'] = $data['cast'];
$data['imgurl'] = $data['coverurl'];
*
* (c) 2005 GPL'd
*
* @package Contrib
* @author Chinamann <*****@*****.**>
* @meta ACCESS:PERM_ADMIN
*/
chdir('..');
require_once './core/functions.php';
require_once './core/custom.php';
require_once './core/security.php';
require_once './engines/engines.php';
// check for localnet
localnet_or_die();
// multiuser permission check
permission_or_die(PERM_WRITE);
if (!check_permission(PERM_ADMIN)) {
?>
<html>
<head>
<title>Convert fetch engine (dvdpalace<->dvdb)</title>
<meta http-equiv="refresh" content="0; URL=../index.php">
<META http-equiv="Content-Style-Type" content="text/html">
</head>
<body>
</body>
</html>
<?php
} else {
if (isset($submit) && $submit == "Yes") {
chdir('..');
require_once './core/functions.php';
require_once './core/genres.php';
require_once './core/custom.php';
require_once './core/security.php';
require_once './engines/dvdb.php';
$didigits = $GLOBALS['config']['diskid_digits'];
if (empty($didigits)) {
$didigits = 4;
}
// change this if you have some fancy naming style
$NEXTUSERID = "SELECT lpad(max(diskid)+1, " . $didigits . ", '0') AS max FROM " . TBL_DATA . ' WHERE diskid NOT REGEXP "[^0-9]"';
// check for localnet
localnet_or_die();
// multiuser permission check
permission_or_die(PERM_WRITE, $_COOKIE['VDBuserid']);
if (isset($_GET['process']) && $_GET['process'] != "") {
// fetch Media-Types from DB
$SELECT = 'SELECT id, name
FROM ' . TBL_MEDIATYPES . '
ORDER BY name';
$result = runSQL($SELECT);
foreach ($result as $row) {
$mediatypes[$row['id']] = $row['name'];
}
$notFound = -1;
if (isset($_GET['barcode']) && $_GET['barcode'] != "") {
$data = dvdbSearch($_GET['barcode'], 'ean');
if (count($data) > 0) {
// assign automatic disk id
if ($config['autoid'] && empty($diskid)) {
// add some delay for debugging
if ($config['debug'] && $_SERVER['SERVER_ADDR'] == '127.0.0.1') {
usleep(rand(200, 1000) * 1000);
}
if (isset($seen)) {
set_userseen($ajax_update, $seen);
header('X-JSON: ' . json_encode(array('result' => $seen > 0)));
} elseif (isset($rating)) {
// Permission check same as edit.php
// check for localnet
localnet_or_die();
// multiuser permission check
if (empty($id)) {
permission_or_die(PERM_WRITE);
} else {
permission_or_die(PERM_WRITE, get_owner_id($ajax_update));
}
runSQL('UPDATE ' . TBL_DATA . ' SET rating=' . $rating . ' WHERE id=' . $ajax_update);
}
// make sure no artifacts
$smarty->clearCache('list.tpl');
exit;
}
// random view
if (empty($id)) {
$count = 0;
$all = strtoupper($lang['radio_all']);
$WHERES = '';
if ($config['multiuser']) {
// explicit setting of owner
$owner = session_get('owner');
/**
* Borrow Manager
*
* Handles lending of disks
*
* @package videoDB
* @author Andreas Gohr <*****@*****.**>
* @version $Id: borrow.php,v 2.21 2013/03/10 16:20:10 andig2 Exp $
*/
require_once './core/functions.php';
require_once './core/output.php';
// check for localnet
localnet_or_die();
// permission check
permission_or_die(PERM_WRITE, PERM_ANY);
// borrowmanagement for single disk
$editable = false;
if (!empty($diskid)) {
if (check_permission(PERM_WRITE, get_owner_id($diskid, true))) {
$editable = true;
if ($return) {
$SQL = "DELETE FROM " . TBL_LENT . " WHERE diskid = '" . addslashes($diskid) . "'";
runSQL($SQL);
}
if (!empty($who)) {
$who = addslashes($who);
$SQL = "INSERT INTO " . TBL_LENT . " SET who = '" . addslashes($who) . "', diskid = '" . addslashes($diskid) . "'";
runSQL($SQL);
}
$SQL = "SELECT who, DATE_FORMAT(dt,'%d.%m.%Y') AS dt \n FROM " . TBL_LENT . " \n WHERE diskid = '" . addslashes($diskid) . "'";