function __construct($pagename)
{
set_error_handler("debug_handler");
if (ini_get("magic_quotes_gpc") !== false and get_magic_quotes_gpc()) {
modify::stripslashes($_REQUEST);
}
if (ini_get("register_globals")) {
modify::dropglobals();
}
@ignore_user_abort(0);
self::$time_start = sys_get_microtime();
if (!sql_connect(SETUP_DB_HOST, SETUP_DB_USER, sys_decrypt(SETUP_DB_PW, sha1(SETUP_ADMIN_USER)), SETUP_DB_NAME)) {
$err = sprintf("{t}Cannot connect to database %s on %s.{/t}\n", SETUP_DB_NAME, SETUP_DB_HOST) . sql_error();
trigger_error($err, E_USER_ERROR);
sys_die($err);
}
session_set_cookie_params(2592000);
// 1 month
session_name(SESSION_NAME);
session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_none", "_login_session_destroy", "_login_session_none");
session_start();
header("Cache-Control: private, max-age=1, must-revalidate");
header("Pragma: private");
$this->template = new template();
$this->pagename = $pagename;
class_exists("modify");
// load class
}
/**
* Exec de la page de destruction des tables de SPIP
**/
function exec_base_delete_all_dist()
{
include_spip('inc/autoriser');
if (!autoriser('detruire')) {
include_spip('inc/minipres');
echo minipres();
} else {
include_spip('base/dump');
$res = base_lister_toutes_tables('', array(), array(), true);
if (!$res) {
include_spip('inc/minipres');
spip_log("Erreur base de donnees");
echo minipres(_T('info_travaux_titre'), _T('titre_probleme_technique') . "<p><tt>" . sql_errno() . " " . sql_error() . "</tt></p>");
} else {
$res = base_saisie_tables('delete', $res);
include_spip('inc/headers');
$res = "\n<ol style='text-align:left'><li>\n" . join("</li>\n<li>", $res) . '</li></ol>';
$admin = charger_fonction('admin', 'inc');
$res = $admin('delete_all', _T('titre_page_delete_all'), $res);
if (!$res) {
redirige_url_ecrire('install', '');
} else {
echo $res;
}
}
}
}
function bb2_db_query($query)
{
$result = sql_query($query);
if (sql_error()) {
return FALSE;
}
return $result;
}
function db_connect()
{
$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
if (!$link_id) {
die("Conexão falhou ao host {$dbhost} base {$default_dbname}.<br>" . sql_error($link_id));
} else {
mysql_select_db($dbname, $link_id);
}
return $link_id;
}
function get_cip_id()
{
$query = "select cip_id from " . TABLE_CIP . " where cip_folder_name='" . $this->contrib . "' ";
$result = cip_db_query($query);
if ($result === false) {
$this->error(sql_error($query));
} else {
$installed = vam_db_fetch_array($result);
return $installed['cip_id'];
}
}
/**
* Action de réparation de la base de données
*
* Tente de réparer les tables, recalcule les héritages et secteurs
* de rubriques. Affiche les erreurs s'il y en a eu.
*
* @pipeline_appel base_admin_repair
* @uses admin_repair_tables()
* @uses calculer_rubriques()
* @uses propager_les_secteurs()
*
* @param string $titre Inutilisé
* @param string $reprise Inutilisé
**/
function base_repair_dist($titre = '', $reprise = '')
{
$res = admin_repair_tables();
if (!$res) {
$res = "<div class='error'>" . _T('avis_erreur_mysql') . ' ' . sql_errno() . ': ' . sql_error() . "</div>\n";
} else {
include_spip('inc/rubriques');
calculer_rubriques();
propager_les_secteurs();
}
include_spip('inc/minipres');
$res .= pipeline('base_admin_repair', $res);
echo minipres(_T('texte_tentative_recuperation'), $res . generer_form_ecrire('accueil', '', '', _T('public:accueil_site')));
}
function db_connect($dbname)
{
global $dbhost, $dbusername, $dbuserpassword, $default_dbname;
global $MYSQL_ERRNO, $MYSQL_ERROR;
$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
if (!$link_id) {
die("Conexão falhou ao host {$dbhost} base {$default_dbname}.<br>");
} elseif (empty($dbname)) {
if (!mysql_select_db($default_dbname, $link_id)) {
die(sql_error($link_id));
}
} elseif (!mysql_select_db($dbname, $link_id)) {
die(sql_error($link_id));
}
return $link_id;
}
function save_config($config, $holder, $redirect, $save_blocks = true)
{
global $form, $lang_system, $lang_admin;
if ($save_blocks) {
$form['blocks'] = $_POST['blocks'] ? count($_POST['blocks']) == $_POST['blocks_count'] ? '' : implode(', ', $_POST['blocks']) : 'NULL';
}
foreach ($form as $key => $value) {
if (isset($config[$key]) && $config[$key] != $value) {
$value ? sql_query('
UPDATE ' . DB_PREFIX . 'config
SET content = ' . (is_numeric($value) ? $value : '"' . $value . '"') . '
WHERE name = "' . $key . '" AND holder = "' . $holder . '"') : sql_query('DELETE FROM ' . DB_PREFIX . 'config WHERE name = "' . $key . '" AND holder = "' . $holder . '"');
} elseif (!isset($config[$key]) && $value) {
sql_query('
INSERT INTO ' . DB_PREFIX . 'config (holder, name, content)
VALUES ("' . $holder . '", "' . $key . '", ' . (is_numeric($value) ? (int) $value : '"' . $value . '"') . ')');
}
}
sql_error() ? negative(array($lang_system['ERROR_SQL'], sql_error())) : positive($lang_admin['SAVED_SUCCESSFUL']) . redirect($redirect);
}
/** mrbsCheckFree()
*
* Check to see if the time period specified is free
*
* $room_id - Which room are we checking
* $starttime - The start of period
* $endtime - The end of the period
* $ignore - An entry ID to ignore, 0 to ignore no entries
* $repignore - A repeat ID to ignore everything in the series, 0 to ignore no series
*
* Returns:
* nothing - The area is free
* something - An error occured, the return value is human readable
*/
function mrbsCheckFree($room_id, $starttime, $endtime, $ignore, $repignore)
{
global $tbl_entry;
global $enable_periods;
global $periods;
# Select any meetings which overlap ($starttime,$endtime) for this room:
$sql = "SELECT id, name, start_time FROM {$tbl_entry} WHERE\n\t\tstart_time < {$endtime} AND end_time > {$starttime}\n\t\tAND room_id = {$room_id}";
if ($ignore > 0) {
$sql .= " AND id <> {$ignore}";
}
if ($repignore > 0) {
$sql .= " AND repeat_id <> {$repignore}";
}
$sql .= " ORDER BY start_time";
$res = sql_query($sql);
if (!$res) {
return sql_error();
}
if (sql_count($res) == 0) {
sql_free($res);
return "";
}
# Get the room's area ID for linking to day, week, and month views:
$area = mrbsGetRoomArea($room_id);
# Build a string listing all the conflicts:
$err = "";
for ($i = 0; $row = sql_row($res, $i); $i++) {
$starts = getdate($row[2]);
$param_ym = "area={$area}&year={$starts['year']}&month={$starts['mon']}";
$param_ymd = $param_ym . "&day={$starts['mday']}";
if ($enable_periods) {
$p_num = $starts['minutes'];
$startstr = userdate($row[2], '%A %d %B %Y, ') . $periods[$p_num];
} else {
$startstr = userdate($row[2], '%A %d %B %Y %H:%M:%S');
}
$err .= "<LI><A HREF=\"view_entry.php?id={$row['0']}\">{$row['1']}</A>" . " ( " . $startstr . ") " . "(<A HREF=\"day.php?{$param_ymd}\">" . get_string('viewday', 'block_mrbs') . "</a>" . " | <A HREF=\"week.php?room={$room_id}&{$param_ymd}\">" . get_string('viewweek', 'block_mrbs') . "</a>" . " | <A HREF=\"month.php?room={$room_id}&{$param_ym}\">" . get_string('viewmonth', 'block_mrbs') . "</a>)";
}
return $err;
}
/**
* fonction appliquee par ecrire/index sur le resultat de la precedente
* en cas de refus de connexion.
* Retourne un message a afficher ou redirige illico.
*
* @param $raison
* @return array|string
*/
function auth_echec($raison)
{
include_spip('inc/minipres');
include_spip('inc/headers');
// pas authentifie. Pourquoi ?
if (is_string($raison)) {
// redirection vers une page d'authentification
// on ne revient pas de cette fonction
// sauf si pb de header
$raison = redirige_formulaire($raison);
} elseif (is_int($raison)) {
// erreur SQL a afficher
$raison = minipres(_T('info_travaux_titre'), _T('titre_probleme_technique') . "<p><tt>" . sql_errno() . " " . sql_error() . "</tt></p>");
} elseif (@$raison['statut']) {
// un simple visiteur n'a pas acces a l'espace prive
spip_log("connexion refusee a " . @$raison['id_auteur']);
$raison = minipres(_T('avis_erreur_connexion'), _T('avis_erreur_visiteur'));
} else {
// auteur en fin de droits ...
$h = $raison['site'];
$raison = minipres(_T('avis_erreur_connexion'), "<br /><br /><p>" . _T('texte_inc_auth_1', array('auth_login' => $raison['login'])) . " <a href='{$h}'>" . _T('texte_inc_auth_2') . "</a>" . _T('texte_inc_auth_3'));
}
return $raison;
}
function base_admin_repair_dist($titre='', $reprise='') {
$f = sql_repair('repair', NULL, true);
if ($f) {
$res = admin_repair_tables();
} else {
if ($titre)
spip_log("Pas d'instruction REPAIR dans ce serveur SQL");
$res = ' ';
}
if (!$res) {
$res = "<br /><br /><span style='color: red; font-weight: bold;'><tt>"._T('avis_erreur_mysql').' '.sql_errno().': '.sql_error() ."</tt></span><br /><br /><br />\n";
} else {
include_spip('inc/rubriques');
calculer_rubriques();
propager_les_secteurs();
}
include_spip('inc/minipres');
$res .= pipeline('base_admin_repair',$res);
$res .= admin_repair_plat();
echo minipres(_T('texte_tentative_recuperation'),
$res . generer_form_ecrire('accueil', '','',_T('public:accueil_site')));
}
include "config.inc.php";
include "functions.inc";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
if (!getAuthorised(2)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
# This file is for adding new areas/rooms
# we need to do different things depending on if its a room
# or an area
if ($type == "area") {
$area_name_q = slashes($name);
$sql = "insert into {$tbl_area} (area_name) values ('{$area_name_q}')";
if (sql_command($sql) < 0) {
fatal_error(1, "<p>" . sql_error());
}
$area = sql_insert_id("{$tbl_area}", "id");
}
if ($type == "room") {
$room_name_q = slashes($name);
$description_q = slashes($description);
if (empty($capacity)) {
$capacity = 0;
}
$sql = "insert into {$tbl_room} (room_name, area_id, description, capacity)\n\t values ('{$room_name_q}',{$area}, '{$description_q}',{$capacity})";
if (sql_command($sql) < 0) {
fatal_error(1, "<p>" . sql_error());
}
}
header("Location: admin.php?area={$area}");
function sql_connect_slave($id)
{
global $opt, $db;
if ($id == -1) {
sql_connect_master_as_slave();
return;
}
// the right slave is connected
if ($db['dblink_slave'] !== false) {
// TODO: disconnect if other slave is connected
if ($db['slave_id'] != $id) {
sql_error();
}
return;
}
$db['slave_id'] = $id;
$slave = $opt['db']['slaves'][$id];
// for display in SQL debugger
$db['slave_server'] = $slave['server'];
if ($opt['db']['pconnect'] == true) {
$db['dblink_slave'] = @mysql_pconnect($slave['server'], $slave['username'], $slave['password']);
} else {
$db['dblink_slave'] = @mysql_connect($slave['server'], $slave['username'], $slave['password']);
}
if ($db['dblink_slave'] !== false) {
if (mysql_select_db($opt['db']['placeholder']['db'], $db['dblink_slave']) == false) {
sql_error();
}
mysql_query("SET NAMES '" . mysql_real_escape_string($opt['charset']['mysql'], $db['dblink_slave']) . "'", $db['dblink_slave']);
// initialize temp tables on slave server
$rs = sqlf_slave("SELECT `threadid`, `name` FROM `sys_temptables` WHERE `threadid`='&1'", mysql_thread_id($db['dblink_slave']));
while ($r = sql_fetch_assoc($rs)) {
sqlf_slave("DROP TEMPORARY TABLE IF EXISTS &tmpdb.`&1`", $r['name']);
}
sql_free_result($rs);
sqlf_slave("DELETE FROM &db.`sys_temptables` WHERE `threadid`='&1'", mysql_thread_id($db['dblink_slave']));
} else {
sql_error();
}
}
$q['SETD'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = sort+1 WHERE sort = '" . $_GET['setsort'] . "' ";
$sql['SETD'] = mysql_query($q['SETD']) or sql_error("db-query", mysql_error());
$db->closedb();
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$q['SETU'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = '" . $_GET['setsort'] . "' WHERE id = '" . $_GET['id'] . "' ";
$sql['SETU'] = mysql_query($q['SETU']) or sql_error("db-query", mysql_error());
$db->closedb();
}
if ($_GET['move'] == "down") {
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$q['SETD'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = sort-1 WHERE sort = '" . $_GET['setsort'] . "' ";
$sql['SETD'] = mysql_query($q['SETD']) or sql_error("db-query", mysql_error());
$db->closedb();
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$q['SETU'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = '" . $_GET['setsort'] . "' WHERE id = '" . $_GET['id'] . "' ";
$sql['SETU'] = mysql_query($q['SETU']) or sql_error("db-query", mysql_error());
$db->closedb();
}
$ProcessOutput = "<BR><BR>";
$ProcessOutput .= "<CENTER><A HREF=\"?name=admin&file=main\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>";
$ProcessOutput .= "<FONT COLOR=\"#336600\"><B>" . _ADMIN_KNOWLEDGE_MESSAGE_CAT_EDIT . "</B></FONT><BR><BR>";
$ProcessOutput .= "<A HREF=\"?name=admin&file=knowledge_category\"><B>" . _ADMIN_KNOWLEDGE_MESSAGE_CAT_GOBACK . "</B></A>";
$ProcessOutput .= "</CENTER>";
$ProcessOutput .= "<BR><BR>";
} else {
//¡Ã³ÕäÁè¼èÒ¹
$ProcessOutput = $PermissionFalse;
}
echo $ProcessOutput;
} else {
if ($op == "articlecat_edit") {
/**
* Effectue une requête de selection
*
* Fonction de selection (SELECT), retournant la ressource interrogeable par sql_fetch.
*
* @api
* @see sql_fetch() Pour boucler sur les resultats de cette fonction
*
* @param array|string $select
* Liste des champs a recuperer (Select)
* @param array|string $from
* Tables a consulter (From)
* @param array|string $where
* Conditions a remplir (Where)
* @param array|string $groupby
* Critere de regroupement (Group by)
* @param array|string $orderby
* Tableau de classement (Order By)
* @param string $limit
* Critere de limite (Limit)
* @param array $having
* Tableau des des post-conditions a remplir (Having)
* @param string $serveur
* Le serveur sollicite (pour retrouver la connexion)
* @param bool|string $option
* Peut avoir 3 valeurs :
*
* - false -> ne pas l'exécuter mais la retourner,
* - continue -> ne pas echouer en cas de serveur sql indisponible,
* - true|array -> executer la requête.
* Le cas array est, pour une requete produite par le compilateur,
* un tableau donnnant le contexte afin d'indiquer le lieu de l'erreur au besoin
*
*
* @return mixed
* Ressource SQL
*
* - Ressource SQL pour sql_fetch, si la requete est correcte
* - false en cas d'erreur
* - Chaine contenant la requete avec $option=false
*
* Retourne false en cas d'erreur, apres l'avoir denoncee.
* Les portages doivent retourner la requete elle-meme en cas d'erreur,
* afin de disposer du texte brut.
*
**/
function sql_select($select = array(), $from = array(), $where = array(), $groupby = array(), $orderby = array(), $limit = '', $having = array(), $serveur = '', $option = true)
{
$f = sql_serveur('select', $serveur, $option === 'continue' or $option === false);
if (!is_string($f) or !$f) {
return false;
}
$debug = (defined('_VAR_MODE') and _VAR_MODE == 'debug');
if ($option !== false and !$debug) {
$res = $f($select, $from, $where, $groupby, $orderby, $limit, $having, $serveur, is_array($option) ? true : $option);
} else {
$query = $f($select, $from, $where, $groupby, $orderby, $limit, $having, $serveur, false);
if (!$option) {
return $query;
}
// le debug, c'est pour ce qui a ete produit par le compilateur
if (isset($GLOBALS['debug']['aucasou'])) {
list($table, $id, ) = $GLOBALS['debug']['aucasou'];
$nom = $GLOBALS['debug_objets']['courant'] . $id;
$GLOBALS['debug_objets']['requete'][$nom] = $query;
}
$res = $f($select, $from, $where, $groupby, $orderby, $limit, $having, $serveur, true);
}
// en cas d'erreur
if (!is_string($res)) {
return $res;
}
// denoncer l'erreur SQL dans sa version brute
spip_sql_erreur($serveur);
// idem dans sa version squelette (prefixe des tables non substitue)
$contexte_compil = sql_error_backtrace(true);
erreur_squelette(array(sql_errno($serveur), sql_error($serveur), $res), $contexte_compil);
return false;
}
// Order the list by level, dragonkills, name so that the ordering is total!
// Without this, some users would show up on multiple pages and some users
// wouldn't show up
if ($_GET['page']=="" && $_GET['op']==""){
output("`c`bWarriors Currently Online`b`c");
$sql = "SELECT name,login,alive,location,sex,level,laston,loggedin,lastip,uniqueid FROM accounts WHERE locked=0 AND loggedin=1 AND laston>'".date("Y-m-d H:i:s",strtotime("-".getsetting("LOGINTIMEOUT",900)." seconds"))."' ORDER BY level DESC, dragonkills DESC, login ASC";
}else{
output("`c`bWarriors in the realm (Page ".($pageoffset/$playersperpage+1).": $from-$to of $totalplayers)`b`c");
$sql = "SELECT name,login,alive,location,sex,level,laston,loggedin,lastip,uniqueid FROM accounts WHERE locked=0 $search ORDER BY level DESC, dragonkills DESC, login ASC $limit";
}
if ($session[user][loggedin]){
output("<form action='list.php?op=search' method='POST'>Search by name: <input name='name'><input type='submit' class='button' value='Search'></form>",true);
addnav("","list.php?op=search");
}
$result = db_query($sql) or die(sql_error($sql));
$max = db_num_rows($result);
if ($max>100) {
output("`\$Too many names match that search. Showing only the first 100.`0`n");
}
output("<table border=0 cellpadding=2 cellspacing=1 bgcolor='#999999'>",true);
output("<tr class='trhead'><td><b>Alive</b></td><td><b>Level</b></td><td><b>Name</b></td><td><b>Location</b></td><td><b>Sex</b></td><td><b>Last on</b></tr>",true);
for($i=0;$i<$max;$i++){
$row = db_fetch_assoc($result);
output("<tr class='".($i%2?"trdark":"trlight")."'><td>",true);
output($row[alive]?"`1Yes`0":"`4No`0");
output("</td><td>",true);
output("`^$row[level]`0");
output("</td><td>",true);
if ($session[user][loggedin]) output("<a href=\"mail.php?op=write&to=".rawurlencode($row['login'])."\" target=\"_blank\" onClick=\"".popup("mail.php?op=write&to=".rawurlencode($row['login'])."").";return false;\"><img src='images/newscroll.GIF' width='16' height='16' alt='Write Mail' border='0'></a>",true);
function generate_search_criteria(&$vars)
{
global $booking_types, $select_options;
global $private_somewhere, $approval_somewhere, $confirmation_somewhere;
global $user_level, $tbl_entry, $tbl_area, $tbl_room;
global $field_natures, $field_lengths;
global $report_search_field_order;
echo "<fieldset>\n";
echo "<legend>" . get_vocab("search_criteria") . "</legend>\n";
foreach ($report_search_field_order as $key) {
switch ($key) {
case 'report_start':
echo "<div id=\"div_report_start\">\n";
echo "<label>" . get_vocab("report_start") . ":</label>\n";
genDateSelector("from_", $vars['from_day'], $vars['from_month'], $vars['from_year']);
echo "</div>\n";
break;
case 'report_end':
echo "<div id=\"div_report_end\">\n";
echo "<label>" . get_vocab("report_end") . ":</label>\n";
genDateSelector("to_", $vars['to_day'], $vars['to_month'], $vars['to_year']);
echo "</div>\n";
break;
case 'areamatch':
$options = sql_query_array("SELECT area_name FROM {$tbl_area} ORDER BY area_name");
if ($options === FALSE) {
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
}
echo "<div id=\"div_areamatch\">\n";
$params = array('label' => get_vocab("match_area") . ':', 'name' => 'areamatch', 'options' => $options, 'force_indexed' => TRUE, 'value' => $vars['areamatch']);
generate_datalist($params);
echo "</div>\n";
break;
case 'roommatch':
// (We need DISTINCT because it's possible to have two rooms of the same name
// in different areas)
$options = sql_query_array("SELECT DISTINCT room_name FROM {$tbl_room} ORDER BY room_name");
if ($options === FALSE) {
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
}
echo "<div id=\"div_roommatch\">\n";
$params = array('label' => get_vocab("match_room") . ':', 'name' => 'roommatch', 'options' => $options, 'force_indexed' => TRUE, 'value' => $vars['roommatch']);
generate_datalist($params);
echo "</div>\n";
break;
case 'typematch':
echo "<div id=\"div_typematch\">\n";
$options = array();
foreach ($booking_types as $type) {
$options[$type] = get_type_vocab($type);
}
$params = array('label' => get_vocab("match_type") . ':', 'name' => 'typematch[]', 'id' => 'typematch', 'options' => $options, 'force_assoc' => TRUE, 'value' => $vars['typematch'], 'multiple' => TRUE, 'attributes' => 'size="5"');
generate_select($params);
echo "<span>" . get_vocab("ctrl_click_type") . "</span>\n";
echo "</div>\n";
break;
case 'namematch':
echo "<div id=\"div_namematch\">\n";
$params = array('label' => get_vocab("match_entry") . ':', 'name' => 'namematch', 'value' => $vars['namematch']);
generate_input($params);
echo "</div>\n";
break;
case 'descrmatch':
echo "<div id=\"div_descrmatch\">\n";
$params = array('label' => get_vocab("match_descr") . ':', 'name' => 'descrmatch', 'value' => $vars['descrmatch']);
generate_input($params);
echo "</div>\n";
break;
case 'creatormatch':
echo "<div id=\"div_creatormatch\">\n";
$params = array('label' => get_vocab("createdby") . ':', 'name' => 'creatormatch', 'value' => $vars['creatormatch']);
generate_input($params);
echo "</div>\n";
break;
case 'match_private':
// Privacy status
// Only show this part of the form if there are areas that allow private bookings
if ($private_somewhere) {
// If they're not logged in then there's no point in showing this part of the form because
// they'll only be able to see public bookings anyway (and we don't want to alert them to
// the existence of private bookings)
if (empty($user_level)) {
echo "<input type=\"hidden\" name=\"match_private\" value=\"" . PRIVATE_NO . "\">\n";
} else {
echo "<div id=\"div_privacystatus\">\n";
$options = array(PRIVATE_BOTH => get_vocab("both"), PRIVATE_NO => get_vocab("default_public"), PRIVATE_YES => get_vocab("default_private"));
$params = array('label' => get_vocab("privacy_status") . ':', 'name' => 'match_private', 'options' => $options, 'value' => $vars['match_private']);
generate_radio_group($params);
echo "</div>\n";
}
}
break;
case 'match_confirmed':
// Confirmation status
// Only show this part of the form if there are areas that require approval
if ($confirmation_somewhere) {
echo "<div id=\"div_confirmationstatus\">\n";
$options = array(CONFIRMED_BOTH => get_vocab("both"), CONFIRMED_YES => get_vocab("confirmed"), CONFIRMED_NO => get_vocab("tentative"));
$params = array('label' => get_vocab("confirmation_status") . ':', 'name' => 'match_confirmed', 'options' => $options, 'value' => $vars['match_confirmed']);
generate_radio_group($params);
echo "</div>\n";
}
break;
case 'match_approved':
// Approval status
// Only show this part of the form if there are areas that require approval
if ($approval_somewhere) {
echo "<div id=\"div_approvalstatus\">\n";
$options = array(APPROVED_BOTH => get_vocab("both"), APPROVED_YES => get_vocab("approved"), APPROVED_NO => get_vocab("awaiting_approval"));
$params = array('label' => get_vocab("approval_status") . ':', 'name' => 'match_approved', 'options' => $options, 'value' => $vars['match_approved']);
generate_radio_group($params);
echo "</div>\n";
}
break;
default:
// Must be a custom field
$var = "match_{$key}";
global ${$var};
$params = array('label' => get_loc_field_name($tbl_entry, $key) . ':', 'name' => $var, 'value' => isset(${$var}) ? ${$var} : NULL);
echo "<div>\n";
// Output a checkbox if it's a boolean or integer <= 2 bytes (which we will
// assume are intended to be booleans)
if ($field_natures[$key] == 'boolean' || $field_natures[$key] == 'integer' && isset($field_lengths[$key]) && $field_lengths[$key] <= 2) {
generate_checkbox($params);
} else {
// If $select_options is defined we want to force a <datalist> and not a
// <select>. That's because if we have options such as
// ('tea', 'white coffee', 'black coffee') we want the user to be able to type
// 'coffee' which will match both 'white coffee' and 'black coffee'.
if (isset($select_options["entry.{$key}"]) && !empty($select_options["entry.{$key}"])) {
$params['options'] = $select_options["entry.{$key}"];
// We force the values to be used and not the keys. We will convert
// back to values when we construct the SQL query.
$params['force_indexed'] = TRUE;
generate_datalist($params);
} else {
$params['field'] = "entry.{$key}";
generate_input($params);
}
}
echo "</div>\n";
break;
}
// switch
}
echo "</fieldset>\n";
}
echo FALSE == $valid_room_name ? get_vocab('invalid_room_name') : "";
?>
</span>
</fieldset>
<fieldset>
<legend></legend>
<input type="hidden" name="room" value="<?php
echo $row["id"];
?>
">
<?php
$res = sql_query("SELECT id, area_name FROM {$tbl_area}");
if (!$res) {
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
}
if (sql_count($res) == 0) {
fatal_error(FALSE, get_vocab('noareas'));
// should not happen
}
// The area select box
echo "<div>\n";
$options = array();
for ($i = 0; $row_area = sql_row_keyed($res, $i); $i++) {
$options[$row_area['id']] = $row_area['area_name'];
}
$params = array('label' => get_vocab("area") . ":", 'name' => 'new_area', 'options' => $options, 'force_assoc' => TRUE, 'value' => $row['area_id'], 'disabled' => $disabled, 'create_hidden' => FALSE);
generate_select($params);
echo "<input type=\"hidden\" name=\"old_area\" value=\"" . $row['area_id'] . "\">\n";
$intext[2] = "E";
mt_srand((double) microtime() * 1000000);
// Lets do stuff for days 5 days in the past to 55 days in the future
for ($day = date("d") - 5; $day < date("d") + 55; $day++) {
$month = date("m");
$year = date("Y");
$dayt = date("D", mktime(0, 0, 0, $month, $day, $year));
if ($dayt != "Sat" and $dayt != "Sun") {
$sql = "select id from {$tbl_area}";
$area_res = sql_query($sql);
for ($i = 0; list($area) = sql_row($area_res, $i); $i++) {
// We know the area we want to add appointments in
$sql = "select id from {$tbl_room} where area_id = {$area}";
$room_res = sql_query($sql);
if (!$room_res) {
echo sql_error();
}
for ($j = 0; list($room) = sql_row($room_res, $j); $j++) {
// Now we know room and area
// We have to add some appointments to the day
// four in each room seems good enough
for ($a = 1; $a < 5; $a++) {
// Pick a random hour 8-5
$starthour = mt_rand(7, 16);
$length = mt_rand(1, 5) * 30;
$starttime = mktime($starthour, 0, 0, $month, $day, $year);
$endtime = mktime($starthour, $length, 0, $month, $day, $year);
// Check that this isnt going to overlap
$sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))";
$counte = sql_query1($sql);
if ($counte == 0) {
<IMG SRC="images/menu/textmenu_video.gif" BORDER="0"><br>
<TABLE width="740" align=center cellSpacing=2 cellPadding=2 border=0 class="tablex">
<?php
empty($_GET['id']) ? $id = "" : ($id = $_GET['id']);
//áÊ´§ video
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$res['video'] = $db->select_query("SELECT * FROM " . TB_VIDEO . " WHERE id='" . $id . "' ");
$arr['video'] = $db->fetch($res['video']);
$db->closedb();
if (!$arr['video']['id']) {
echo "<BR><BR><BR><BR><CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\" ><BR><BR><B>äÁèÁÕÃÒ¡Òà video ¹Õé</B></CENTER><BR><BR><BR><BR>";
} else {
//·Ó¡ÒÃà¾ÔèÁ¨Ó¹Ç¹¤¹à¢éÒªÁ
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$q['Pageview'] = "UPDATE " . TB_VIDEO . " SET pageview = pageview+1 WHERE id = '" . $id . "' ";
$sql['Pageview'] = mysql_query($q['Pageview']) or sql_error("db-query", mysql_error());
//ª×èÍËÁÇ´ËÁÙè
$res['category'] = $db->select_query("SELECT * FROM " . TB_VIDEO_CAT . " WHERE id='" . $arr['video']['category'] . "' ");
$arr['category'] = $db->fetch($res['category']);
$CAT = $arr['category']['post_date'];
$db->closedb();
?>
<TR>
<TD valign="top" colspan="2" align="center" ><br>
<table cellspacing=0 cellpadding=0 border=0 class='iconframe'>
<tr>
<td border=0 align="center" class='imageframe'>
<!-- player container without nested content -->
<?php
if ($arr['video']['youtube'] == 0) {
# un-authenticated users can only report on
# items which are not marked private
$sql .= " AND e.private=0";
}
}
if ($sortby == "r") {
// Order by Area, Room, Start date/time
$sql .= " ORDER BY 9,10,2";
} else {
// Order by Start date/time, Area, Room
$sql .= " ORDER BY 2,9,10";
}
// echo "<p>DEBUG: SQL: <tt> $sql </tt></p>\n";
$res = sql_query($sql);
if (!$res) {
fatal_error(0, sql_error());
}
$nmatch = sql_count($res);
if ($nmatch == 0) {
echo "<p class=\"report_entries\">" . get_vocab("nothing_found") . "</p>\n";
sql_free($res);
} else {
$last_area_room = "";
$last_date = "";
echo "<p class=\"report_entries\">" . $nmatch . " " . ($nmatch == 1 ? get_vocab("entry_found") : get_vocab("entries_found")) . "</p>\n";
for ($i = 0; $row = sql_row_keyed($res, $i); $i++) {
if ($summarize & 1) {
reporton($row, $last_area_room, $last_date, $sortby, $display);
}
if ($summarize & 2) {
empty($enable_periods) ? accumulate($row, $count, $hours, $report_start, $report_end, $room_hash, $name_hash) : accumulate_periods($row, $count, $hours, $report_start, $report_end, $room_hash, $name_hash);
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$query = $db->select_query("SELECT * FROM " . TB_KNOWLEDGE . " WHERE id='" . $_GET['id'] . "' ");
$item = $db->fetch($query);
$enable_comment = (int) $item['enable_comment'];
$db->closedb();
if (!$item['id']) {
echo "<BR><BR><BR><BR><CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\" ><BR><BR><B>ไม่มีรายการสาระน่ารู้นี้</B></CENTER><BR><BR><BR><BR>";
} else {
$FileNewsTopic = "knowledgedata/" . $item['post_date'] . ".txt";
$file_open = @fopen($FileNewsTopic, "r");
$content = @fread($file_open, @filesize($FileNewsTopic));
$Detail = stripslashes(FixQuotes($content));
//ทำการเพิ่มจำนวนคนเข้าชม
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$query = "UPDATE " . TB_KNOWLEDGE . " SET pageview = pageview+1 WHERE id = '" . $_GET['id'] . "' ";
mysql_query($query) or sql_error("db-query", mysql_error());
//ชื่อหมวดหมู่
$query = $db->select_query("SELECT * FROM " . TB_KNOWLEDGE_CAT . " WHERE id='" . $item['category'] . "' ");
$category = $db->fetch($query);
$db->closedb();
?>
<TR>
<TD>
<B><FONT COLOR="#990000"><?php
echo $category['category_name'];
?>
<BR><?php
echo $item['topic'];
?>
</FONT></B>
<BR>
$description = $row[2];
$start_day = strftime('%d', $row[3]);
$start_month = strftime('%m', $row[3]);
$start_year = strftime('%Y', $row[3]);
$start_hour = strftime('%H', $row[3]);
$start_min = strftime('%M', $row[3]);
$duration = $row[4] - $row[3] - cross_dst($row[3], $row[4]);
$type = $row[5];
$room_id = $row[6];
$entry_type = $row[7];
$rep_id = $row[8];
if ($entry_type >= 1) {
$sql = "SELECT rep_type, start_time, end_date, rep_opt, rep_num_weeks\n\t\t FROM {$tbl_repeat} WHERE id={$rep_id}";
$res = sql_query($sql);
if (!$res) {
fatal_error(1, sql_error());
}
if (sql_count($res) != 1) {
fatal_error(1, get_vocab("repeat_id") . $rep_id . get_vocab("not_found"));
}
$row = sql_row($res, 0);
sql_free($res);
$rep_type = $row[0];
if ($edit_type == "series") {
$start_day = (int) strftime('%d', $row[1]);
$start_month = (int) strftime('%m', $row[1]);
$start_year = (int) strftime('%Y', $row[1]);
$rep_end_day = (int) strftime('%d', $row[2]);
$rep_end_month = (int) strftime('%m', $row[2]);
$rep_end_year = (int) strftime('%Y', $row[2]);
switch ($rep_type) {
function get_area_name($user, $all = FALSE)
{
$sql = "SELECT name\n FROM users\n WHERE code='{$user}'";
if (empty($all)) {
$sql .= " AND disabled=0";
}
$sql .= " LIMIT 1";
$res = sql_query($sql);
if ($res === FALSE) {
trigger_error(sql_error(), E_USER_WARNING);
return FALSE;
}
if (sql_count($res) == 0) {
return NULL;
}
$row = sql_row($res, 0);
return $row[0];
}
if ($_GET['pay'] == 2) {
$fee = getsetting("innfee", "5%");
if (strpos($fee, "%")) {
$expense += round($expense * $fee / 100, 0);
} else {
$expense += $fee;
}
$goldline = ",goldinbank=goldinbank-{$expense}";
} else {
$goldline = ",gold=gold-{$expense}";
}
$goldline .= ",boughtroomtoday=1";
}
debuglog("spent {$expense} gold on an inn room");
$sql = "UPDATE accounts SET loggedin=0,location=1 {$goldline} WHERE acctid = " . $session['user'][acctid];
db_query($sql) or die(sql_error($sql));
}
$session = array();
redirect("index.php");
} else {
output("\"Aah, so that's how it is,\" Cedrik says as he puts the key he had retrieved back on to its hook ");
output("behind his counter. Perhaps you'd like to get sufficient funds before you attempt to engage in ");
output("local commerce.");
}
}
} else {
if ($session['user']['boughtroomtoday']) {
output("You already paid for a room for the day.");
addnav("Go to room", "inn.php?op=room&pay=1");
} else {
if ($config['innstays'] > 0) {
emptyvalue($repass);
emptyvalue($day);
emptyvalue($month);
emptyvalue($year);
emptyvalue($secques);
emptyvalue($secans);
if ($pass === $repass) {
$pass = hashword($pass, $hash);
} else {
$error++;
}
//Checking the email address
if ($error === 0) {
$check = 0;
$regsql = "SELECT * \n\t\t\t\t\t\t\t\t\t\t\tFROM tbl_members\n\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\temail = '{$email}'";
$regqry = mysql_query($regsql) or sql_error();
$numRows = mysql_num_rows($regqry);
if ($numRows > 0) {
$check++;
}
if ($check === 0) {
echo 'unique';
//Adding the user
$addsql = "";
}
} else {
echo 'An error occured';
}
} else {
echo '<form class="reg" action="/Register.php" method="post" onSubmit="return regcheck()">
<label for="fname">Name:</label><input type="text" name="fname" id="fname" placeholder="First Name" value=""/><input type="text" name="sname" id="sname" placeholder="Surname" value=""/>
function nmig_WriteBloc($blocs, $posbloc)
{
include "header.php";
global $ModInstall, $display;
global $NPDS_Prefix;
$display = '<div class="">';
if ($posbloc) {
if ($blocs[2] == "") {
$blocs[2] = $blocs[3];
}
if ($posbloc == "l") {
$posblocM = "L";
}
if ($posbloc == "r") {
$posblocM = "R";
}
for ($i = 0; $i < count($blocs[0]) && !isset($erreur); $i++) {
sql_query("INSERT INTO " . $NPDS_Prefix . $posbloc . "blocks (`id`, `title`, `content`, `member`, `" . $posblocM . "index`, `cache`, `actif`, `aide`) VALUES ('', '" . $blocs[0][$i] . "', '" . $blocs[1][$i] . "', '" . $blocs[2][$i] . "', '" . $blocs[4][$i] . "', '" . $blocs[5][$i] . "', '" . $blocs[6][$i] . "', '" . $blocs[7][$i] . "');") or $erreur = sql_error();
}
if (isset($erreur)) {
$display .= adm_translate("Une erreur est survenue lors de la configuration automatique du(des) bloc(s). Mysql a répondu :");
ob_start();
highlight_string($erreur);
$display .= ob_get_contents();
ob_end_clean();
$display .= adm_translate("Veuillez configurer manuellement le(s) bloc(s).") . "<br /><br />\n";
$display .= adm_translate("Voici le code du(des) bloc(s) :") . "<br /><br />\n";
ob_start();
for ($i = 0; $i < count($blocs[0]); $i++) {
echo "Bloc n° " . $i . "<br />";
highlight_string($blocs[1][$i]);
echo "<br />\n";
}
$display .= ob_get_contents();
ob_end_clean();
} else {
$display .= '<p class="text-success"><strong>' . adm_translate("La configuration du(des) bloc(s) a réussi !") . '</strong></p>';
$display .= "<br />\n";
}
} else {
$display .= '<p><strong>' . adm_translate("Vous avez choisi de configurer manuellement vos blocs. Voici le contenu de ceux-ci :") . '</strong></p>';
ob_start();
for ($i = 0; $i < count($blocs[0]); $i++) {
echo 'Bloc n° ' . $i . '<br />
<code>' . $blocs[1][$i] . '</code>
<br />';
}
$display .= ob_get_contents();
ob_end_clean();
}
$display .= '
</div><br />
<div style="text-align: center;">
<a href="admin.php?op=Module-Install&ModInstall=' . $ModInstall . '&nmig=e9" class="btn btn-primary">' . adm_translate("Etape suivante") . '</a><br />
</div><br />
' . nmig_copyright();
}
function sql_escape_string($string, $link = null)
{
$string = sqlite_escape_string($string);
if ($string === false) {
output_error("SQL Error: " . sql_error(), E_USER_ERROR);
return false;
}
return $string;
}
}
// you can't delete a user if you're not some kind of admin, and then you can't
// delete someone higher than you
if ($level < $min_user_editing_level || $level < $target_level) {
showAccessDenied(0, 0, 0, "", "");
exit;
}
$r = sql_command("delete from {$tbl_users} where id={$Id};");
if ($r == -1) {
print_header(0, 0, 0, "", "");
// This is unlikely to happen in normal operation. Do not translate.
print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n";
print " <fieldset>\n";
print " <legend></legend>\n";
print " <p class=\"error\">Error deleting entry {$Id} from the {$tbl_users} table.</p>\n";
print " <p class=\"error\">" . sql_error() . "</p>\n";
print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n";
print " </fieldset>\n";
print "</form>\n";
// Print footer and exit
print_footer(TRUE);
}
/* Success. Do not display a message. Simply fall through into the list display. */
}
/*---------------------------------------------------------------------------*\
| Display the list of users |
\*---------------------------------------------------------------------------*/
/* Print the standard MRBS header */
print_header(0, 0, 0, "", "");
print "<h2>" . get_vocab("user_list") . "</h2>\n";
if ($level >= $min_user_editing_level) {
/**
* return the array of consumers realted to a given event class
* @param int $class_id the id of the event class
* @return array an array of the consumer related to $class_id
* any element of the array is
* consumer_id => array( consumer_class, consumer_file )
* @static
* @access public
**/
function listConsumerFromClassId($class_id)
{
$query = "SELECT DISTINCT ev.idConsumer, ev.consumer_class, ev.consumer_file " . " FROM " . $GLOBALS['prefix_fw'] . "_event_consumer AS ev" . " JOIN " . $GLOBALS['prefix_fw'] . "_event_consumer_class AS ecc" . " WHERE ecc.idClass = '" . $class_id . "'" . " AND ev.idConsumer = ecc.idConsumer";
$rs = sql_query($query);
$result = array();
if ($rs === FALSE) {
echo $query;
echo " Errore: " . sql_error();
return FALSE;
}
if (sql_num_rows($rs) > 0) {
while (list($id, $class, $file) = sql_fetch_row($rs)) {
$result[$id] = array($class, $file);
}
}
return $result;
}
