function slashes(&$el) { if (is_array($el)) { foreach ($el as $k => $v) { slashes($el[$k]); } } else { $el = stripslashes($el); } }
/** * 主方法 *@param $json 为NULL输出模板。为1时输出列表数据到前端,格式为Json *@param $method 为1时,单独输出记录数 *@examlpe */ public function index($json = NULL, $pid = NULL, $method = NULL) { $Public = A('Index', 'Public'); $Public->check('Log', array('r')); //main if (!is_int((int) $json)) { $json = NULL; } $view = C('DATAGRID_VIEW'); $page_row = C('PAGE_ROW'); $groupid = $_SESSION['login']['se_groupID']; $comyid = $_SESSION['login']['se_comyID']; $comy = M('User_company_table'); if ($json == 1) { $userid = $_SESSION['login']['se_id']; $protype = $comy->where('id=' . $comyid)->getField('type'); if (!$userid) { echo ''; exit; } $notice = D('Log_table'); /* $data = array( 'user_id'=>1, 'title'=>'测试数据', 'content'=>'测试内容', 'status'=>2, 'addtime'=>'2014-12-09' ); for($i=0; $i<2000000; $i++){ $notice->add($data); } exit; */ $result = M(); $Log_table = C('DB_PREFIX') . 'log_table'; $Log_main = C('DB_PREFIX') . 'log_main_table'; $Porject_table = C('DB_PREFIX') . 'project_table'; $Task_table = C('DB_PREFIX') . 'task_table'; $Linkage = C('DB_PREFIX') . 'linkage'; $Reply_main = C('DB_PREFIX') . 'reply_main_table'; $User_table = C('DB_PREFIX') . 'user_table'; $map = array(); if (cookie('aLog')) { $str_map = slashes(cookie('aLog')); $map = unserialize($str_map); unset($str_map); } else { $map['id'] = 'id>0 and type=3'; } if ($pid) { $map['pro_id'] = ' and pro_id=' . $pid; } if ($protype) { $map['client_id'] = ' and client_id=' . $comyid . ' and views=15'; } cookie('aTask', serialize($map)); $map = implode(' ', $map); $get_page = $this->_get('page'); $get_rows = $this->_get('rows'); $page = isset($get_page) ? intval($get_page) : 1; $rows = isset($get_rows) ? intval($get_rows) : $page_row; $now_page = $page - 1; $offset = $now_page * $rows; $arr_flelds = array('id' => 't1.id as id', 'type' => 't1.type as type', 'user_id' => 't1.user_id as user_id', 'task_id' => 't2.task_id as task_id', 'pro_id' => 't2.pro_id as pro_id', 'title' => 'concat_ws(\'\',t3.username,\' 于 \',t1.workdate,\' 执行了 \',t4.val,\'-\',t5.title) as title', 'usages' => 't1.usage as usages', 'status' => 't6.val as status', 'proname' => 'concat_ws(\'\',\'<a href=javascript:showTab("项目-\',t7.title,\'"\\,\',t7.id,\')>\',t7.title,\'</a>\') as proname', 'client_id' => 't7.client_id as client_id', 'views' => 't7.views as views', 'addtime' => 't1.addtime as addtime', 'workdate' => 't1.workdate as workdate'); $fields = implode(',', $arr_flelds); unset($arr_flelds); if (!$view) { $info = $result->table($Log_table . ' as t1')->field('SQL_CALC_FOUND_ROWS ' . $fields)->join(' ' . $Log_main . ' as t2 on t2.log_id = t1.id')->join(' ' . $User_table . ' as t3 on t3.id = t1.user_id')->join(' right join ' . $Task_table . ' as t5 on t5.id = t2.task_id')->join(' ' . $Linkage . ' as t4 on t4.id = t5.type')->join(' ' . $Linkage . ' as t6 on t6.id = t1.status')->join(' right join ' . $Porject_table . ' as t7 on t7.id = t2.pro_id')->having($map)->order('addtime desc')->limit($offset, $rows)->select(); $count = $result->query('SELECT FOUND_ROWS() as total'); $count = $count[0]['total']; } else { $info = $result->table($Log_table . ' as t1')->field($fields)->join(' ' . $Log_main . ' as t2 on t2.log_id = t1.id')->join(' ' . $User_table . ' as t3 on t3.id = t1.user_id')->join(' ' . $Task_table . ' as t5 on t5.id = t2.task_id')->join(' ' . $Linkage . ' as t4 on t4.id = t5.type')->join(' ' . $Linkage . ' as t6 on t6.id = t1.status')->join(' ' . $Porject_table . ' as t7 on t7.id = t2.pro_id')->having($map)->order('addtime desc')->select(); $count = count($info); } //dump($info);exit; $new_info = array(); $items = array(); $new_info['total'] = $count; if ($method == 'total') { echo json_encode($new_info); exit; } elseif ($method == 'excel') { if (!$view) { $info = $result->table($Log_table . ' as t1')->field($fields)->join(' ' . $Log_main . ' as t2 on t2.log_id = t1.id')->join(' ' . $User_table . ' as t3 on t3.id = t1.user_id')->join(' ' . $Task_table . ' as t5 on t5.id = t2.task_id')->join(' ' . $Linkage . ' as t4 on t4.id = t5.type')->join(' ' . $Linkage . ' as t6 on t6.id = t1.status')->join(' ' . $Porject_table . ' as t7 on t7.id = t2.pro_id')->having($map)->order('addtime desc')->select(); } $char = C('CFG_CHARSET'); $filename = '项目:' . strip_tags($info[0]['proname']) . ' 操作记录'; header("Content-type:application/octet-stream"); header("Accept-Ranges:bytes"); header("Content-type:application/vnd.ms-excel"); header("Content-Disposition:attachment;filename=" . $filename . ".xls"); header("Pragma: no-cache"); header("Expires: 0"); //导出xls 开始 $title = array('动态', '耗时', '状态', '更新于'); $title = array_iconv("UTF-8", NULL, $title); $title = implode("\t", $title); echo "{$title}\n"; foreach ($info as $key => $t) { $item = array("title" => $t['title'], "usages" => $t['usages'], "status" => strip_tags($t['status']), "addtime" => $t['addtime']); $data[$key] = implode("\t", array_iconv("UTF-8", NULL, $item)); } echo implode("\n", $data); exit; } $new_info['rows'] = $info ? $info : array(); //dump($new_info); echo json_encode($new_info); unset($new_info, $info, $order, $sort, $count, $items); } else { $this->assign('page_row', $page_row); $this->display(); unset($Public); } }
echo '</td><td>'; if ($login['user_access_useredit']) { echo '<a href="admin_group.php?gid=' . $gid . '&group_add_user='******'">' . _h('Add user to group') . '</a>'; } echo '</td></tr>' . chr(10); } echo '</table>' . chr(10); } } elseif (isset($_POST['add'])) { // Adding if (!$login['user_access_useredit']) { showAccessDenied($day, $month, $year, $area, true); exit; } // Checking input $add = slashes(htmlspecialchars(strip_tags($_POST['add']), ENT_QUOTES)); mysql_query("INSERT INTO `groups` ( `group_id` , `user_ids` , `group_name` ) VALUES ('', '', '" . $add . "');"); header("Location: admin_group.php"); exit; } else { include "include/admin_middel.php"; echo '<h1>' . __('Usergroups') . '</h1>'; // Add echo '<form action="admin_group.php" method="post">' . chr(10); echo '<b>' . __('Add group') . '</b><br>' . chr(10); if ($login['user_access_useredit']) { echo '<input type="text" name="add"><br>' . chr(10); echo '<input type="submit" value="' . __('Add') . '">' . chr(10); } else { echo __('You are not allowed to do this.'); }
<?php } ?> <div class="okbc_box"> <h3> <?php echo $lang['mis_f']; ?> </h3> <?php if (isset($editMoving) && $editMoving == true) { $mov = mysql_query("SELECT * FROM `{$dData['tablec']}` WHERE `category`='" . slashes($_POST['category']) . "';"); $dData['movSubs'] = unserialize(stripslashes(mysql_result($mov, 0, "subcategory"))); ?> <div class="okbc_block"> <form action="<?php echo $_SERVER['PHP_SELF']; ?> " method="post"> <div class="okbc_row"> <strong><?php echo $lang['mis_g']; ?> </strong><br /> <?php echo $lang['mis_h'];
echo " done.<br>Updating repeating entries: "; $sql = "select id,name,description from mrbs_repeat"; $repeats_res = sql_query($sql); for ($i = 0; $row = sql_row($repeats_res, $i); $i++) { $id = $row[0]; $name = slashes(iconv($encoding, "utf-8", $row[1])); $desc = slashes(iconv($encoding, "utf-8", $row[2])); $upd_sql = "update mrbs_repeat set name='{$name}',description='{$desc}' where id={$id}"; sql_command($upd_sql); echo "."; } echo " done.<br>Updating normal entries: "; $sql = "select id,name,description from mrbs_entry"; $entries_res = sql_query($sql); for ($i = 0; $row = sql_row($entries_res, $i); $i++) { $id = $row[0]; $name = slashes(iconv($encoding, "utf-8", $row[1])); $desc = slashes(iconv($encoding, "utf-8", $row[2])); $upd_sql = "update mrbs_entry set name='{$name}',description='{$desc}' where id={$id}"; sql_command($upd_sql); echo "."; } echo 'done.<p> Finished everything, byebye! '; } ?> </body> </html>
for ($i = 0; $i < $nfields; $i++) { if ($field_name[$i] == "id") { $Field[$i] = $Id; } if ($field_name[$i] == "name") { $Field[$i] = strtolower($Field[$i]); } if ($field_name[$i] == "password" && $password0 != "") { $Field[$i] = md5($password0); } /* print "$field_name[$i] = $Field[$i]<br>"; */ if ($i > 0) { $operation = $operation . ", "; } if ($field_istext[$i]) { $operation .= "'" . slashes($Field[$i]) . "'"; } else { if ($field_isnum[$i] && $Field[$i] == "") { $Field[$i] = "0"; } $operation = $operation . $Field[$i]; } } $operation = $operation . ");"; print $operation . "<br>\n"; $r = sql_command($operation); if ($r == -1) { print_header(0, 0, 0, ""); // This is unlikely to happen in normal operation. Do not translate. print "Error updating the {$tbl_users} table.<br>\n"; print sql_error() . "<br>\n";
if (isset($_POST['attachment']) && is_array($_POST['attachment'])) { foreach ($_POST['attachment'] as $att_id) { $att_id = (int) $att_id; $attachment = getAttachment($att_id); if (count($attachment)) { $log_data['att' . $att_id] = $att_id; $attachments[$att_id] = $attachment; } else { $log_data['att_faild' . $att_id] = $att_id; } } } $rev_num = $entry['rev_num'] + 1; mysql_query("UPDATE `entry` SET `confirm_email` = '1', `time_last_edit` = '" . time() . "', `rev_num` = '{$rev_num}' WHERE `entry_id` = '" . $entry['entry_id'] . "' LIMIT 1 ;"); // Insert to get confirmation ID mysql_query("INSERT INTO `entry_confirm` (\n\t\t\t\t`confirm_id` ,\n\t\t\t\t`entry_id` ,\n\t\t\t\t`rev_num` ,\n\t\t\t\t`user_id` ,\n\t\t\t\t`confirm_time` ,\n\t\t\t\t`confirm_to` ,\n\t\t\t\t`confirm_txt` ,\n\t\t\t\t`confirm_tpl` ,\n\t\t\t\t`confirm_pdf` ,\n\t\t\t\t`confirm_pdf_tpl` ,\n\t\t\t\t`confirm_pdf_txt` ,\n\t\t\t\t`confirm_pdffile`,\n\t\t\t\t`confirm_comment`\n\t\t\t)\n\t\t\tVALUES (\n\t\t\t\tNULL , \n\t\t\t\t'" . $entry['entry_id'] . "', \n\t\t\t\t'" . $rev_num . "', \n\t\t\t\t'" . $login['user_id'] . "', \n\t\t\t\t'" . time() . "', \n\t\t\t\t'" . serialize($emails) . "', \n\t\t\t\t'" . slashes(htmlspecialchars($confirm_txt, ENT_QUOTES)) . "', \n\t\t\t\t'" . slashes(htmlspecialchars($confirm_tpl, ENT_QUOTES)) . "', \n\t\t\t\t'" . $confirm_pdf . "',\n\t\t\t\t'" . slashes(htmlspecialchars($confirm_pdf_tpl, ENT_QUOTES)) . "', \n\t\t\t\t'" . slashes(htmlspecialchars($confirm_pdf_txt, ENT_QUOTES)) . "', \n\t\t\t\t'" . $confirm_pdffile . "',\n\t\t\t\t'" . $confirm_comment . "'\n\t\t\t);"); if (mysql_errno()) { echo mysql_error(); exit; } // Generating $log_data $log_data = array(); $log_data['confirm_id'] = mysql_insert_id(); if ($confirm_comment != '') { $log_data['confirm_comment'] = $confirm_comment; } $i = 0; foreach ($emails as $email) { // Sending email if ($confirm_pdf == '1') { if (emailSendConfirmationPDF($entry, $email, $confirm_pdffile, $attachments, $confirm_txt)) {
$txt = slashes(htmlspecialchars($_POST['template_txt'], ENT_QUOTES)); if ($tpl_db) { // Work against DB if (!isset($_POST['template_type']) || !array_key_exists($_POST['template_type'], $template_types)) { include "include/admin_middel.php"; echo '<h1>' . __('Templates') . '</h1>'; echo __('Error: No template type is defined.'); exit; } if (!isset($_POST['template_name']) || $_POST['template_name'] == '') { include "include/admin_middel.php"; echo '<h1>' . __('Templates') . '</h1>'; echo __('Error: No template name is made.'); exit; } $template_name = slashes(htmlspecialchars(strip_tags($_POST['template_name']), ENT_QUOTES)); if ($id == 'new') { // Insert mysql_query("INSERT INTO `template` (\n\t\t\t\t\t`template_id` ,\n\t\t\t\t\t`template` ,\n\t\t\t\t\t`template_name` ,\n\t\t\t\t\t`template_type`,\n\t\t\t\t\t`template_time_last_edit`\n\t\t\t\t)\n\t\t\t\tVALUES (\n\t\t\t\t\tNULL , \n\t\t\t\t\t'{$txt}', \n\t\t\t\t\t'{$template_name}', \n\t\t\t\t\t'" . $_POST['template_type'] . "',\n\t\t\t\t\t'" . time() . "'\n\t\t\t\t);"); } else { // Update mysql_query("UPDATE `template` SET \n\t\t\t\t\t`template` = '{$txt}',\n\t\t\t\t\t`template_name` = '{$template_name}',\n\t\t\t\t\t`template_type` = '" . $_POST['template_type'] . "',\n\t\t\t\t\t`template_time_last_edit` = '" . time() . "'\n\t\t\t\tWHERE `template_id` ={$id} LIMIT 1 ;"); } } else { $fp = @fopen($filename, "w"); if ($fp) { fwrite($fp, htmlspecialchars_decode($txt, ENT_QUOTES)); fclose($fp); } else { include "include/admin_middel.php"; echo '<h1>' . __('Templates') . '</h1>';
along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* * JM-booking * - Edit or add of a customer */ include_once "glob_inc.inc.php"; if (!isset($_GET['id']) || !isset($_GET['name'])) { exit; } if ($_GET['id'] == '' || $_GET['name'] == '') { exit; } $id = slashes(htmlspecialchars($_GET['id'], ENT_QUOTES)); $name = slashes(htmlspecialchars($_GET['name'], ENT_QUOTES)); // Form... echo '<HTML> <HEAD> <TITLE>JM-booking</TITLE><LINK REL="stylesheet" href="css/jm-booking.css" type="text/css"> <META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1"> <script type="text/javascript" src="js/bsn.AutoSuggest_2.1.3_comp-municipal.js"></script> </HEAD> <body> '; echo '<script language="javascript"> function choose_municipal (id, name) {
} if (isset($_GET['forgot_pw']) && $_GET['forgot_pw'] == '1' && $forgot_pw_user != '') { // Forgot password $user = slashes(htmlspecialchars(strip_tags($forgot_pw_user), ENT_QUOTES)); // Username $Q_login = mysql_query("\n\t\t\tselect user_id, deactivated, user_newpassword_key, user_newpassword_validto from `users` where \n\t\t\t\tdeactivated = '0' and \n\t\t\t\t(\n\t\t\t\t\tuser_name_short = '" . $user . "' ||\n\t\t\t\t\tuser_email = '" . $user . "'\n\t\t\t\t)\n\t\t\t\tlimit 1"); if (mysql_num_rows($Q_login) > 0) { $user_id = mysql_result($Q_login, 0, 'user_id'); $forgot_pw_found = true; if (isset($_GET['key'])) { $forgot_pw_keyfound = true; $newpw_failed_msg = ''; $newpw_pw = ''; $newpw_failed = false; $newpw_user = getUser($user_id); $newpw_key = slashes(htmlspecialchars(strip_tags($_GET['key']), ENT_QUOTES)); if (!count($newpw_user)) { echo 'Systemfeil. Arg... Sorry :-('; exit; } if ($newpw_key == mysql_result($Q_login, 0, 'user_newpassword_key') && mysql_result($Q_login, 0, 'user_newpassword_validto') >= time()) { $forgot_pw_keyokey = true; if (!isset($_POST['password_new'])) { // Extend life time of key $valid_to = time() + 60 * 15; // 15 min mysql_query("\n\t\t\t\t\t\t\tupdate `users`\n\t\t\t\t\t\t\tset \n\t\t\t\t\t\t\t\tuser_newpassword_validto = '{$valid_to}'\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tuser_id = '{$user_id}'"); } else { // Setting the new password $newpw_user['user_password_lastchanged'] = time(); // All new
case 'infoscreen_txt': case 'entry_title': case 'user_assigned2': case 'contact_person_name': case 'contact_person_phone': case 'contact_person_email': case 'program_description': case 'service_description': case 'invoice_ref_your': case 'invoice_internal_comment': case 'invoice_email': // Text data is input. (can contain a lot of shit) if (!isset($_POST[$field['var']])) { ${$field}['var'] = ''; } else { ${$field}['var'] = slashes(htmlspecialchars($_POST[$field['var']], ENT_QUOTES)); } addValue($field['var'], ${$field}['var']); break; case 'num_person_child': case 'num_person_adult': if (!isset($_POST[$field['var']])) { ${$field}['var'] = ''; } elseif ($_POST[$field['var']] != '' && !is_numeric($_POST[$field['var']])) { ${$field}['var'] = ''; if ($field['var'] == 'num_person_child') { $form_errors[] = __('Number of children must be a number, if anything.'); } elseif ($field['var'] == 'num_person_adult') { $form_errors[] = __('Number of adults must be a number, if anything.'); } } else {
<?php } ?> <a href="<?php echo $_SERVER['PHP_SELF'] . ($_GET['start'] > 1 ? "?start=" . $_GET['start'] : "") . searchhold($_GET['start'] == 1); ?> "><strong><?php echo $lang['termb']; ?> </strong></a> <?php } else { $buildQry = ($dData['usercat'] ? "AND `category`='" . slashes($dData['usercat']) . "'" : "") . ($dData['usersub'] ? " AND `subcategory`='" . slashes($dData['usersub']) . "'" : ""); $qTbl = sql_query_read("SELECT * FROM `{$dData['tblquest']}` WHERE `online`='Yes' {$buildQry} ORDER BY `visited` DESC;"); if ($_GET['q']) { $keys = explode(" ", strtolower($_GET['q'])); } $qList = array(); for ($i = 0; $i < mysql_numrows($qTbl); $i++) { $qList[$i]['QID'] = mysql_result($qTbl, $i, "QID"); $qList[$i]['category'] = mysql_result($qTbl, $i, "category"); $qList[$i]['question'] = mysql_result($qTbl, $i, "question"); $qList[$i]['answer'] = mysql_result($qTbl, $i, "answer"); $qList[$i]['keywords'] = mysql_result($qTbl, $i, "keywords"); $qList[$i]['score'] = 0; if (isset($keys)) { for ($j = 0; $j < count($keys); $j++) { if (strpos(strtolower($qList[$i]['question']), $keys[$j]) !== false) {
/** * 工具栏搜索控制 *@param $act 传入的字段名 *@param $mode 为like时,模糊搜索 *@examlpe */ public function change($act, $mode = NULL) { if (cookie('Notice')) { $str_map = slashes(cookie('Notice')); $map = unserialize($str_map); } unset($str_map); $id = strval(I('val')); switch ($act) { case 'user_id': $map['user_id'] = " and t1_old_user_id='" . $id . "'"; if (!$id) { unset($map['user_id']); } break; } cookie('All', 0); cookie('Notice', serialize($map)); }
$i++; if ($i != 5) { $thisone['address_line_' . $i] = trim(slashes(htmlspecialchars($line, ENT_QUOTES))); } else { $thisone['address_line_' . $i] = str_replace("\r", '', str_replace("\n", ', ', trim(slashes(htmlspecialchars($line, ENT_QUOTES))))); } } } if (isset($_POST['address_postalnum'])) { if (postalNumber($_POST['address_postalnum'])) { $thisone['address_line_6'] = $_POST['address_postalnum'] . ' ' . slashes(htmlspecialchars(postalNumber($_POST['address_postalnum']), ENT_QUOTES)); $thisone['address_postalnum'] = $_POST['address_postalnum']; } } if (isset($_POST['address_country'])) { $thisone['address_line_7'] = slashes(htmlspecialchars($_POST['address_country'], ENT_QUOTES)); } // Generate address_full $addrline = array(); if ($thisone['address_line_1']) { $addrline[] = $thisone['address_line_1']; } if ($thisone['address_line_2']) { $addrline[] = $thisone['address_line_2']; } if ($thisone['address_line_3']) { $addrline[] = $thisone['address_line_3']; } if ($thisone['address_line_4']) { $addrline[] = $thisone['address_line_4']; }
$subsa = mysql_query("SELECT * FROM `{$dData['tblcateg']}` WHERE `category`='" . slashes($dData['usercat']) . "';"); $subsb = unserialize(stripslashes(mysql_result($subsa, 0, "subcategory"))); $dData['usersub'] = in_array($_POST['subcategory'], $subsb) ? $_POST['subcategory'] : ""; } else { $dData['usersub'] = ""; } } } } } } setcookie("orca_user", base64_encode(serialize(array($dData['usercat'], $dData['usersub']))), time() + 18600, $_SERVER['PHP_SELF']); /* ***** Unpack Subcategories for Selected Category *********** */ $dData['categories'] = mysql_query("SELECT * FROM `{$dData['tblcateg']}` ORDER BY `category`;"); if ($dData['usercat']) { $grabSubs = mysql_query("SELECT * FROM `{$dData['tblcateg']}` WHERE `category`='" . slashes($dData['usercat']) . "';"); $dData['subcategories'] = unserialize(stripslashes(mysql_result($grabSubs, 0, "subcategory"))); } else { $dData['usersub'] = ""; } /* ***** Get Selected Question ******************************** */ if (isset($_GET['qid'])) { $aData['action'] = true; $qQry = mysql_query("SELECT * FROM `{$dData['tblquest']}` WHERE `QID`='{$_GET['qid']}' AND `online`='Yes';"); if (mysql_numrows($qQry) && preg_match("/\\d/", $_GET['qid'])) { $qIncre = mysql_query("UPDATE `{$dData['tblquest']}` SET `visited`='" . (mysql_result($qQry, 0, "visited") + 1) . "' WHERE `QID`='{$_GET['qid']}';"); $aData['question'] = htmlspecialchars(mysql_result($qQry, 0, "question")); $aData['date'] = dateStamp(mysql_result($qQry, 0, "date")); $aData['category'] = htmlspecialchars(mysql_result($qQry, 0, "category")); $aData['subcategory'] = htmlspecialchars(mysql_result($qQry, 0, "subcategory")); $aData['answer'] = www_nl2br(mysql_result($qQry, 0, "answer"));
?> "> <input type=submit name="change_done" value="<?php echo $vocab["backadmin"]; ?> "> </CENTER> </form> <?php } ?> <?php if (!empty($area)) { if (isset($change_area)) { $sql = "UPDATE mrbs_area SET area_name='" . slashes($area_name) . "' WHERE id={$area}"; if (sql_command($sql) < 0) { fatal_error(0, $vocab['update_area_failed'] . sql_error()); } } $res = sql_query("SELECT * FROM mrbs_area WHERE id={$area}"); if (!$res) { fatal_error(0, $vocab['error_area'] . $area . $vocab['not_found']); } $row = sql_row_keyed($res, 0); sql_free($res); ?> <h3 ALIGN=CENTER><?php echo $vocab["editarea"]; ?> </h3>
<?php if (!empty($area)) { !isset($area_admin_email) ? $area_admin_email = '' : ''; $emails = explode(',', $area_admin_email); $valid_email = TRUE; foreach ($emails as $email) { // if no email address is entered, this is OK, even if isValidInetAddress // does not return TRUE if (!get_user_by_email($email) && '' != $area_admin_email) { $valid_email = FALSE; notice(get_string('no_user_with_email', 'block_mrbs', $email)); } } // if (isset($change_area) && FALSE != $valid_email) { $sql = "UPDATE {$tbl_area} SET area_name='" . slashes($area_name) . "', area_admin_email='" . slashes($area_admin_email) . "' WHERE id={$area}"; if (sql_command($sql) < 0) { fatal_error(0, get_string('update_area_failed', 'block_mrbs') . sql_error()); } } $res = sql_query("SELECT * FROM {$tbl_area} WHERE id={$area}"); if (!$res) { fatal_error(0, get_string('error_area', 'block_mrbs') . $area . get_string('not_found', 'block_mrbs')); } $row = sql_row_keyed($res, 0); sql_free($res); ?> <h3 ALIGN=CENTER><?php echo get_string('editarea', 'block_mrbs'); ?> </h3>
} } } } else { $paytime = time() + Time_tdoa; $OrdersPayDetails = 'Payment:paypal|' . 'CurrencyCode:' . $mc_currency . '|' . 'amount:' . $payment_gross . '|' . 'REFERENCEID:' . $tx_token . '|' . 'Remarks:' . $Remarks . '|' . 'time:' . $paytime; $sql = "\tUPDATE `" . TABLE_PREFIX . "orders`\n \t\t\t\t\t\t\t\t\t\tSET `OrdersPay` = ? ,`OrdersPayFeeamt` = ?,`OrdersPayDetails` = ? where OrdersCid= ?"; $sth = $db->Prepare($sql); $res = $db->Execute($sth, array('1', $payment_fee, $OrdersPayDetails, $invoice)); $sql = "\tUPDATE `" . TABLE_PREFIX . "orders`\n\t\t\t\t\t\t\t\t\tSET `OrdersEstate` = ? where OrdersCid= ? "; $sth = $db->Prepare($sql); $res = $db->Execute($sth, array('payConfirm', $invoice)); $sql = "select `OrdersId` from `" . TABLE_PREFIX . "orders` where OrdersCid='{$invoice}'"; $sth = $db->Prepare($sql); $res = $db->Execute($sth); $Orders = slashes($res->FetchRow()); $sql = "INSERT INTO `" . TABLE_PREFIX . "admin_records` (`action`,`username`,`userip`,`action_time`,`OrdersId`) VALUES (?,?,?,?,?)"; $sth = $db->Prepare($sql); $res = $db->Execute($sth, array('支付确认', '系统', '127.0.0.1', time(), $Orders['OrdersId'])); } } } else { if (strcmp($res, "INVALID") == 0) { //todo //Fail to virified //此处可进行错误日志写操作 } } } fclose($fp); }
function processInput_text($var, $input) { return slashes(htmlspecialchars($input, ENT_QUOTES)); }
/** mrbsCreateRepeatEntry() * * Creates a repeat entry in the data base * * $starttime - Start time of entry * $endtime - End time of entry * $rep_type - The repeat type * $rep_enddate - When the repeating ends * $rep_opt - Any options associated with the entry * $room_id - Room ID * $owner - Owner * $name - Name * $type - Type (Internal/External) * $description - Description * * Returns: * 0 - An error occured while inserting the entry * non-zero - The entry's ID */ function mrbsCreateRepeatEntry($starttime, $endtime, $rep_type, $rep_enddate, $rep_opt, $room_id, $owner, $name, $type, $description, $rep_num_weeks) { global $tbl_repeat; $name = slashes($name); $description = slashes($description); $timestamp = time(); // Let's construct the sql statement: $sql_coln = array(); $sql_val = array(); // Mandatory things: $sql_coln[] = 'start_time'; $sql_val[] = $starttime; $sql_coln[] = 'end_time'; $sql_val[] = $endtime; $sql_coln[] = 'rep_type'; $sql_val[] = $rep_type; $sql_coln[] = 'end_date'; $sql_val[] = $rep_enddate; $sql_coln[] = 'room_id'; $sql_val[] = $room_id; $sql_coln[] = 'create_by'; $sql_val[] = '\'' . $owner . '\''; $sql_coln[] = 'type'; $sql_val[] = '\'' . $type . '\''; $sql_coln[] = 'name'; $sql_val[] = '\'' . $name . '\''; $sql_coln[] = 'timestamp'; $sql_val[] = $timestamp; // Optional things, pgsql doesn't like empty strings! if (!empty($rep_opt)) { $sql_coln[] = 'rep_opt'; $sql_val[] = '\'' . $rep_opt . '\''; } else { $sql_coln[] = 'rep_opt'; $sql_val[] = '\'0\''; } if (!empty($description)) { $sql_coln[] = 'description'; $sql_val[] = '\'' . $description . '\''; } if (!empty($rep_num_weeks)) { $sql_coln[] = 'rep_num_weeks'; $sql_val[] = $rep_num_weeks; } $sql = 'INSERT INTO ' . $tbl_repeat . ' (' . implode(', ', $sql_coln) . ') ' . 'VALUES (' . implode(', ', $sql_val) . ')'; if (sql_command($sql) < 0) { return 0; } return sql_insert_id("{$tbl_repeat}", "id"); }
} exit; } } else { // Default values or values from existing customer $errors = array(); if ($customer_id == 0) { $data = array(); $data['customer_name'] = ''; $data['customer_type'] = 'firm'; $data['customer_municipal_num'] = ''; $data['customer_phone'] = array(); $data['customer_address'] = array(); $data['customer_municipal'] = ''; if (isset($_GET['customer_name'])) { $data['customer_name'] = slashes(htmlspecialchars($_GET['customer_name'], ENT_QUOTES)); if (!isset($_GET['customer_add_force'])) { $Q_customer = mysql_query("select customer_id from `customer` where `customer_name` = '" . $data['customer_name'] . "'"); if (mysql_num_rows($Q_customer)) { filterMakeAlternatives(); echo '<HTML> <HEAD> <TITLE>JM-booking</TITLE><LINK REL="stylesheet" href="default/mrbs.css" type="text/css"> <META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1"> </HEAD> <body>'; echo '<h1>Kunde med samme navn eksisterer</h1>'; echo 'Det ble funnet en eller flere kunder i databasen som har samme navn som den du prøver å opprette. Vil du velge en av de?<br><br>'; echo '<script language="javascript">
if (is_array($val) && $val['name'] == 'ReportLine') { $strike = ''; /* if(in_array($val[2]['value'], $varer_som_tasmed)) $strike = ''; else $strike = ' style="text-decoration: line-through;"'; if(array_key_exists($val[2]['value'], $gjorom_vare)) $navn = $gjorom_vare[$val[2]['value']]; else $navn = $val[1]['value']; */ $vare = array(); $vare['vare_nr'] = slashes(htmlspecialchars($val[2]['value'], ENT_QUOTES)); $vare['vare_navn'] = slashes(htmlspecialchars($val[1]['value'], ENT_QUOTES)); $vare['vare_antall'] = (int) $val[5]['value']; if (strlen($val[4]['value']) != strlen('11.06.2008')) { die('Problemer med tolking av filen. Dato er ikke i rett format for ' . $vare['vare_nr'] . ' (dato: ' . $val[4]['value'] . ')'); } else { $vare['dag'] = getTime($val[4]['value'], array('d', 'm', 'y')); if ($vare['dag'] == 0) { die('Problemer med tolking av filen. Dato er ikke i rett format for ' . $vare['vare_nr'] . ' (dato: ' . $val[4]['value'] . ')'); } } /* Determine import */ if (!isset($varer[$vare['vare_nr']])) { if (!isset($unknowns[$vare['vare_nr']])) { $unknowns[$vare['vare_nr']] = $vare; unset($unknowns[$vare['vare_nr']]['dag']); $unknowns[$vare['vare_nr']]['vare_dager'] = 1;
} else { if ($fieldname == "name") { $value = strtolower(get_form_var('Field_name', 'string')); } else { if ($fieldname == "password" && $password0 != "") { $value = md5($password0); } else { $value = get_form_var("Field_{$fieldname}", $field_props[$fieldname]['istext'] ? 'string' : 'int'); } } } if ($i > 0) { $operation = $operation . ", "; } if ($field_props[$fieldname]['istext']) { $operation .= "'" . slashes($value) . "'"; } else { if ($field_props[$fieldname]['isnum'] && $value == "") { $value = "0"; } $operation = $operation . $value; } $i++; } $operation = $operation . ");"; // print $operation . "<br>\n"; // exit; $r = sql_command($operation); if ($r == -1) { print_header(0, 0, 0, "", ""); // This is unlikely to happen in normal operation. Do not translate.
<?php $orderInfo = array(); if (isset($_REQUEST['customerRef']) && !empty($_REQUEST['customerRef'])) { $cid = $_GET['customerRef']; $query = "SELECT `OrdersPay`,`OrdersId`,`OrdersMemberId`,`CurrencyCode`,`OrdersAmount`,`OrdersLogisticsCosts` FROM `" . TABLE_PREFIX . "orders` WHERE `OrdersCid`= ?"; $sth = $db->Prepare($query); $res = $db->Execute($sth, array($cid)); $orderInfo = slashes($res->FetchRow()); $memberid = $orderInfo['OrdersMemberId']; } if (isset($_REQUEST['epacsReference']) && !empty($_REQUEST['epacsReference'])) { $request = new stdClass(); //ENVOY验证信息 $Authentication = new stdClass(); $Authentication->username = '******'; $Authentication->password = '******'; //构造request $request->auth = $Authentication; $request->epacsReference = $_REQUEST['epacsReference']; $client = new SoapClient("MerchantAPI_live.wsdl", array()); $response = $client->payInConfirmation($request); //引用文件链接数据库--START session_name("milanooId"); session_start(); define('in_milanoo', true); require_once '../../extension.inc'; require_once '../../config/config.inc.php'; require_once '../../config/b2cconfig.inc.php'; require_once '../../lib/comm/lib_main.php'; include_once LIB_PATH . 'comm/db.class.' . PHP_EX;
function readFiltersFromGet() { global $alternatives; $filters = array(); if (isset($_GET['rows']) && is_array($_GET['rows']) && isset($_GET['filter']) && is_array($_GET['filter'])) { foreach ($_GET['rows'] as $id) { if (isset($_GET['filter'][$id]) && isset($_GET['filtervalue1_' . $id])) { // Verifing that the type of filter exists: if (isset($alternatives[$_GET['filter'][$id]])) { $filter = $_GET['filter'][$id]; $value = $_GET['filtervalue1_' . $id]; $value2 = ''; $dont_set = false; if (isset($_GET['filtervalue2_' . $id])) { $value2 = $_GET['filtervalue2_' . $id]; } switch ($alternatives[$filter]['type']) { case 'date': if ($value != 'current') { $value = getTime($value, array('y', 'm', 'd', 'h', 'i')); if ($value == 0) { $value = 'current'; } } break; case 'bool': // Must be true or false if ($value == 0) { $value = false; } elseif ($value == 1) { $value = true; } else { $dont_set = true; } break; case 'select': // Need to be one of the alternatives if (!isset($alternatives[$filter]['choice'][$value])) { $dont_set = true; } // Invalid break; case 'id': case 'id2': $value = (int) $value; //if($value == 0) // $dont_set = true; // TODO: Make something that checkes against DB break; case 'text': $value = slashes(htmlspecialchars($value, ENT_QUOTES)); break; case 'num': if (!is_numeric($value)) { $value = 0; } break; } if (!$dont_set) { $filters[] = array($filter, $value, $value2); } } } } } return $filters; }
/** * 显示备份、还原数据库流 *@param $act bak为备份、re为还原 *@param $total 传入表总数 *@param $go 为1时,获取post *@examlpe */ public function show($act, $total = NULL, $go = -1, $page = -1) { $Public = A('Index', 'Public'); $Public->check('Backup', array('c')); $sql = A('Sql', 'Public'); //实例化sql类 //实例化文件系统操作类 import('ORG.Net.FileSystem'); $path = new FileSystem(); $path->root = ITEM; $path->charset = C('CFG_CHARSET'); set_time_limit(1000); //main if ($go >= 0) { if ($act == 'bak') { $str_table = $path->getFile(RUNTIME_PATH . '/database.tmp'); $arr_table = unserialize($str_table); if ($go == count($arr_table['table'])) { cookie('badate', NULL); $path->delFile(RUNTIME_PATH . '/database.tmp'); $path->delFile(RUNTIME_PATH . '/backup.tmp'); cookie('info_step', NULL); cookie('info_page', NULL); echo '所有表已完成备份!|0|0'; exit; } if (cookie('badate')) { $badate = cookie('badate'); } else { $badate = date("Y-m-d_His"); cookie('badate', $badate); } $bak_dir = ROOT . '/Conf/Backup/' . $badate; if (!file_exists($bak_dir)) { $path->putDir($bak_dir, 0777); } $strfile = ''; $table = $arr_table['table'][$go]; $tb = str_replace(C('DB_PREFIX'), '#@_', $table); $result = M(); $str_info = $path->getFile(RUNTIME_PATH . '/backup.tmp'); if ($str_info) { $str_info = slashes($str_info); $info = unserialize($str_info); $page = cookie('info_page') ? cookie('info_page') : 0; $p = cookie('info_step') ? cookie('info_step') : 1; } else { $count = $result->table($table)->count(); $total = ceil($count / 10000); if (cookie('info_page')) { $page = cookie('info_page'); } else { $page = 0; } if ($count > 10000) { $info = $result->table($table)->limit($page * 10000, 10000)->select(); if ($page < $total) { if ($page == 0) { $p = 1; } else { $p = cookie('info_step') ? cookie('info_step') : 1; } $page++; cookie('info_page', $page); if ($p == 1) { $strfile .= "DROP TABLE IF EXISTS `" . $tb . "`;\r\n"; $table_field = $sql->getField($table); //获取表结构 //替换数据表名 $mysql = mysql_get_server_info(); $get_field = preg_replace("/AUTO_INCREMENT=[0-9]+\\s+/", "", $table_field); if ($arr_table['version'] == 4.1 && $mysql > 4.1) { $get_field = preg_replace("/ENGINE=\\b.{2,}\\b DEFAULT CHARSET=\\S+/", 'ENGINE=MyISAM DEFAULT CHARSET=' . $arr_table['charset'], $get_field); } elseif ($arr_table['version'] == 4.1 && $mysql < 4.1) { $get_field = preg_replace("TYPE=\\b.{2,}\\b", 'ENGINE=MyISAM DEFAULT CHARSET=' . $arr_table['charset'], $get_field); } elseif ($arr_table['version'] == 4.0 && $mysql > 4.1) { $get_field = preg_replace("/ENGINE=\\b.{2,}\\b DEFAULT CHARSET=\\S+/", 'TYPE=MyISAM', $get_field); } $strfile .= str_replace('CREATE TABLE `' . C('DB_PREFIX'), 'CREATE TABLE `#@_', $get_field . ";\r\n"); } } else { $page = 0; cookie('info_page', NULL); $p = cookie('info_step') ? cookie('info_step') : 1; } } else { $strfile .= "DROP TABLE IF EXISTS `" . $tb . "`;\r\n"; $table_field = $sql->getField($table); //获取表结构 //替换数据表名 $mysql = mysql_get_server_info(); $get_field = preg_replace("/AUTO_INCREMENT=[0-9]+\\s+/", "", $table_field); if ($arr_table['version'] == 4.1 && $mysql > 4.1) { $get_field = preg_replace("/ENGINE=\\b.{2,}\\b DEFAULT CHARSET=\\S+/", 'ENGINE=MyISAM DEFAULT CHARSET=' . $arr_table['charset'], $get_field); } elseif ($arr_table['version'] == 4.1 && $mysql < 4.1) { $get_field = preg_replace("TYPE=\\b.{2,}\\b", 'ENGINE=MyISAM DEFAULT CHARSET=' . $arr_table['charset'], $get_field); } elseif ($arr_table['version'] == 4.0 && $mysql > 4.1) { $get_field = preg_replace("/ENGINE=\\b.{2,}\\b DEFAULT CHARSET=\\S+/", 'TYPE=MyISAM', $get_field); } $strfile .= str_replace('CREATE TABLE `' . C('DB_PREFIX'), 'CREATE TABLE `#@_', $get_field . ";\r\n"); $info = $result->table($table)->select(); cookie('info_page', NULL); cookie('info_step', NULL); $page = 0; $p = 1; } } if ($info) { while (true) { $t = array_shift($info); $strfile .= $sql->getData($table, $t); if (strlen($strfile) >= $arr_table['filesize'] * 1024) { $filename = $tb . '_' . str_pad($p, 5, "0", STR_PAD_LEFT) . '.bak'; $fie_path = $bak_dir . '/' . $filename; $path->putFile($fie_path, $strfile); $p++; $strfile = ''; cookie('info_step', $p); $path->putFile(RUNTIME_PATH . '/backup.tmp', serialize($info)); echo '<p>表“' . $table . '_' . str_pad($p - 1, 5, "0", STR_PAD_LEFT) . '”备份成功!</p>|1|' . $page; exit; } else { if (count($info)) { continue; } else { break; } } } } if ($p == 1) { $filename = $tb . '.bak'; $fie_path = $bak_dir . '/' . $filename; $path->putFile($fie_path, $strfile); $path->delFile(RUNTIME_PATH . '/backup.tmp'); echo '<p>表“' . $table . '”备份成功!</p>|0|0'; exit; } else { if ($strfile) { $filename = $tb . '_' . str_pad($p, 5, "0", STR_PAD_LEFT) . '.bak'; $fie_path = $bak_dir . '/' . $filename; $path->putFile($fie_path, $strfile); } $path->delFile(RUNTIME_PATH . '/backup.tmp'); if ($page > 0) { cookie('info_step', $p + 1); } echo '<p>表“' . $table . '_' . str_pad($p, 5, "0", STR_PAD_LEFT) . '”备份成功!</p>|0|' . $page; exit; } } elseif ($act == 're') { $str_table = $path->getFile(RUNTIME_PATH . '/database.tmp'); $arr_table = unserialize($str_table); if ($go == count($arr_table['table'])) { $path->delFile(RUNTIME_PATH . '/database.tmp'); echo '所有表已完成还原!|0|0'; exit; } $table = str_replace('#@_', C('DB_PREFIX'), $arr_table['table'][$go]); $tb = str_replace('.bak', '', $table); $tablefile = $arr_table['path'] . '/' . $arr_table['table'][$go]; $info = $path->getFile($tablefile); $arr_info = explode(";\r\n", $info); $result = M(); foreach ($arr_info as $t) { $t = preg_replace("/`#@_(.+)?`/iu", '`' . C('DB_PREFIX') . '$1`', $t); $t = str_replace(';', ';', $t); $char = C('CFG_CHARSET'); if ($char == 'UTF-8') { $char = 'utf8'; } else { $char = 'gb2312'; } $t = preg_replace("/ENGINE=\\b.{2,}\\b DEFAULT CHARSET=\\S+/", 'ENGINE=MyISAM DEFAULT CHARSET=' . $char, $t); $result->execute($t); } echo '<p>表“' . $tb . '”还原成功!</p>|0|0'; exit; } } else { $this->assign('act', $act); $this->assign('total', $total); $this->display(); } }
include "config.inc.php"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; if (!getAuthorised(2)) { showAccessDenied($day, $month, $year, $area); exit; } # This file is for adding new areas/rooms # we need to do different things depending on if its a room # or an area if ($type == "area") { $area_name_q = slashes($name); $sql = "insert into {$tbl_area} (area_name) values ('{$area_name_q}')"; if (sql_command($sql) < 0) { fatal_error(1, "<p>" . sql_error()); } $area = sql_insert_id("{$tbl_area}", "id"); } if ($type == "room") { $room_name_q = slashes($name); $description_q = slashes($description); if (empty($capacity)) { $capacity = 0; } $sql = "insert into {$tbl_room} (room_name, area_id, description, capacity)\n\t values ('{$room_name_q}',{$area}, '{$description_q}',{$capacity})"; if (sql_command($sql) < 0) { fatal_error(1, "<p>" . sql_error()); } } header("Location: admin.php?area={$area}");
function authValidateUser($user, $pass) { global $auth, $users; // Check if we do not have a username/password if (empty($user) || empty($pass)) { return FALSE; } $user = slashes(htmlspecialchars(strip_tags($user), ENT_QUOTES)); // Username $pass = md5($pass); // md5 hash of the password // Checking against database $Q_login = mysql_query("select user_id from `users` where user_name_short = '" . $user . "' and user_password = '******' limit 1"); if (mysql_num_rows($Q_login) > '0') { session_register('WEBAUTH_VALID'); session_register('WEBAUTH_USER'); session_register('WEBAUTH_PW'); $_SESSION['WEBAUTH_VALID'] = true; $_SESSION['WEBAUTH_USER'] = $user; $_SESSION['WEBAUTH_PW'] = $pass; // New variabels (JM-booking) $_SESSION['user_id'] = mysql_result($Q_login, 0, 'user_id'); $_SESSION['user_password'] = $pass; return TRUE; } else { return FALSE; } }
include_once "glob_inc.inc.php"; if (isset($_GET['limit'])) { $limit = (int) $_GET['limit']; } else { $limit = 0; } if ($limit > 0) { $sql_limit = ' limit ' . $limit; } else { $sql_limit = ''; } $aResults = array(); $dynamicPrint = false; if (isset($_GET['customer_name'])) { //$customer_name = slashes(preg_replace('/%([0-9a-f]{2})/ie', 'chr(hexdec($1))', (string) $_GET['customer_name'])); $customer_name = slashes(utf8_decode($_GET['customer_name'])); $sql = mysql_query("select customer_id, customer_name from `customer` where customer_name like '{$customer_name}%' and slettet = '0' order by `customer_name`{$sql_limit}"); //$customer_name = unicode_encode($customer_name, 'ISO-8859-1'); //$customer_name = unichr() //echo strlen($customer_name); //for ($i = 0; $i < strlen($customer_name); $i++) // echo $customer_name{$i}.chr(10); //$aResults[] = array( // 'id' => 0, // 'value' => $customer_name, // 'info' => ''); while ($row = mysql_fetch_assoc($sql)) { $aResults[] = array('id' => $row['customer_id'], 'value' => htmlentities($row['customer_name']), 'info' => ''); } //print_r($aResults); //exit();
/** * Analyze the Datanova data * * Format $data_rows: * array( * 'Butikknr' => '3', * 'Varenavn' => 'ABC', * 'Varenr' => '123321123', * 'Antsolgt' => '123', * 'Transdato' => '12.03.4567' * ) * * @param Array Rows of data * @param Array Shop-area translation (shop_id => area_id) * @return Array Final analyzed data in different categories */ function datanova_analyze_data($data_rows, $shops) { $Q_varer = mysql_query("SELECT varereg.*, kat.kat_navn AS kat_navn\r\n\tFROM import_dn_vareregister varereg LEFT JOIN import_dn_kategori kat\r\n\tON varereg.kat_id = kat.kat_id\r\n\t"); //where varereg.area_id = '$area';"); $areavarer = array(); // vare_nr => array() while ($R_vare = mysql_fetch_assoc($Q_varer)) { $areavarer[$R_vare['area_id'] . '_' . $R_vare['vare_nr']] = $R_vare; } $unknowns = array(); $found = array(); $tall_nye = array(); $tall_update = array(); $tall_ignore = array(); $tall_ignore2 = array(); $tall_allerede = array(); $varer_nye = array(); $varer_update = array(); foreach ($data_rows as $key => $val) { $vare = array(); $vare['vare_nr'] = slashes(htmlspecialchars($val['Varenr'], ENT_QUOTES)); $vare['vare_navn'] = slashes(htmlspecialchars($val['Varenavn'], ENT_QUOTES)); $vare['vare_antall'] = (int) $val['Antsolgt']; if (strlen($val['Transdato']) != strlen('11.06.2008')) { throw new Exception('Problemer med tolking av dato. Dato er ikke i rett format for ' . $vare['vare_nr'] . ' (dato: ' . $val['Transdato'] . '). Vare: ' . print_r($vare, true)); } else { $vare['dag'] = getTime($val['Transdato'], array('d', 'm', 'y')); if ($vare['dag'] == 0) { throw new Exception('Problemer med tolking av dato. Dato er ikke i rett format for ' . $vare['vare_nr'] . ' (dato: ' . $val['Transdato'] . '). Vare: ' . print_r($vare, true)); } } $vare['shop_id'] = $val['Butikknr']; if (isset($shops[$vare['shop_id']])) { $vare['area_id'] = $shops[$vare['shop_id']]; } else { $vare['area_id'] = 0; } $vare_id_primary = $vare['area_id'] . '_' . $vare['vare_nr']; /* Determine import */ if (!isset($areavarer[$vare_id_primary])) { if (!isset($unknowns[$vare_id_primary])) { $unknowns[$vare_id_primary] = $vare; unset($unknowns[$vare_id_primary]['dag']); $unknowns[$vare_id_primary]['vare_dager'] = 1; } else { $unknowns[$vare_id_primary]['vare_antall'] += $vare['vare_antall']; $unknowns[$vare_id_primary]['vare_dager'] += 1; } $tall_ignore[] = $vare; } else { // Varer funnet if (!isset($found[$vare_id_primary])) { $found[$vare_id_primary] = $vare; unset($found[$vare_id_primary]['dag']); $found[$vare_id_primary]['vare_dager'] = 1; } else { $found[$vare_id_primary]['vare_antall'] += $vare['vare_antall']; $found[$vare_id_primary]['vare_dager'] += 1; } $vare_med_kat = $areavarer[$vare_id_primary]; $vare['kat_id'] = $areavarer[$vare_id_primary]['kat_id']; if ($areavarer[$vare_id_primary]['barn'] == 0) { $vare['antall_barn'] = 0; $vare['antall_voksne'] = $vare['vare_antall']; } else { $vare['antall_barn'] = $vare['vare_antall']; $vare['antall_voksne'] = 0; } if ($vare_med_kat['kat_id'] == 0) { $tall_ignore2[] = $vare; } else { // Sjekker mot database $Q_dbsjekk = mysql_query("SELECT * FROM `import_dn_tall` WHERE\r\n\t\t\t\t\tvare_nr = '" . $vare['vare_nr'] . "' AND\r\n\t\t\t\t\tarea_id = '" . $vare['area_id'] . "' AND\r\n\t\t\t\t\tdag = '" . $vare['dag'] . "'\r\n\t\t\t\t\tLIMIT 1;"); if (!mysql_num_rows($Q_dbsjekk)) { $tall_nye[] = $vare; // Nye varer if (!isset($varer_nye[$vare_id_primary])) { $varer_nye[$vare_id_primary] = $vare; unset($varer_nye[$vare_id_primary]['dag']); $varer_nye[$vare_id_primary]['vare_dager'] = 1; } else { $varer_nye[$vare_id_primary]['vare_antall'] += $vare['vare_antall']; $varer_nye[$vare_id_primary]['vare_dager'] += 1; } } else { $tall = mysql_fetch_assoc($Q_dbsjekk); if ($tall['kat_id'] != $vare['kat_id'] || $tall['antall_barn'] != $vare['antall_barn'] || $tall['antall_voksne'] != $vare['antall_voksne']) { $tall_update[] = $vare; // Update av varer if (!isset($varer_update[$vare_id_primary])) { $varer_update[$vare_id_primary] = $vare; unset($varer_update[$vare_id_primary]['dag']); $varer_update[$vare_id_primary]['vare_dager'] = 1; } else { $varer_update[$vare_id_primary]['vare_antall'] += $vare['vare_antall']; $varer_update[$vare_id_primary]['vare_dager'] += 1; } } else { $tall_allerede[] = $vare; } } } } } return array('unknowns' => $unknowns, 'numbers_new' => $tall_nye, 'numbers_update' => $tall_update, 'numbers_ignored_notreged' => $tall_ignore, 'numbers_ignored_reged' => $tall_ignore2, 'numbers_alreadyimported' => $tall_allerede); }