function getNegocioEnJson($indice)
{
global $dbi;
$result = sql_query("SELECT `id`, `nombre`, `nickfacebook`, `imagen`, `categoria`, `direccion`, `telefono`, `paginaweb`, `latitud`, `longitud` FROM `sitios` WHERE `id`='" . sql_real_escape_string($indice) . "'", $dbi);
//Convierto a json el array de la base de datos y retorno
return convertirArrayAJson(sql_fetch_array($result));
}
function quote_smart($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . sql_real_escape_string($value) . "'";
}
return $value;
}
/**
* Removes a ban from the banlist (correct iprange is needed as argument)
* Returns 1 on success, 0 on error
*/
function removeBan($blogid, $iprange)
{
global $manager;
$blogid = intval($blogid);
$manager->notify('PreDeleteBan', array('blogid' => $blogid, 'range' => $iprange));
$query = 'DELETE FROM ' . sql_table('ban') . " WHERE blogid={$blogid} and iprange='" . sql_real_escape_string($iprange) . "'";
sql_query($query);
$result = sql_affected_rows() > 0;
$manager->notify('PostDeleteBan', array('blogid' => $blogid, 'range' => $iprange));
return $result;
}
/**
* (Static) Method to add a message to the action log
*/
function add($level, $message)
{
global $member, $CONF;
if ($CONF['LogLevel'] < $level) {
return;
}
if ($member && $member->isLoggedIn()) {
$message = "[" . $member->getDisplayName() . "] " . $message;
}
$message = sql_real_escape_string($message);
// add slashes
$timestamp = date("Y-m-d H:i:s", time());
// format timestamp
$query = "INSERT INTO " . sql_table('actionlog') . " (timestamp, message) VALUES ('{$timestamp}', '{$message}')";
sql_query($query);
ACTIONLOG::trimLog();
}
}
if ($tname) {
$blockfields = array('mpassword', 'mcookiekey');
echo '<div class="center">' . "\n";
$op = $opers[$oname];
if ($op == '') {
$op = 'NOT LIKE';
}
$iname = sql_real_escape_string($iname);
if ($op == 'LIKE' || $op == 'NOT LIKE') {
$iname = "%{$iname}%";
}
if ($fname == '') {
$fname = 'id';
}
$dlsql = "SELECT * FROM " . sql_real_escape_string($tname) . " WHERE `" . sql_real_escape_string($fname) . "` {$op} '{$iname}' ORDER BY date DESC";
echo "Your Query: {$dlsql} \n";
$dlresult = sql_query($dlsql);
if (sql_num_rows($dlresult) > 0) {
echo " - Found " . sql_num_rows($dlresult) . " match(es)\n";
while ($row = sql_fetch_assoc($dlresult)) {
echo '<table border="0" cellpadding="3" width="600">' . "\n";
echo '<tr class="h"><th>Field</th><th>Value</th>' . "</tr>\n";
foreach ($row as $key => $value) {
echo "<tr>\n";
echo "<td class=\"e\">" . $key . "</td>\n";
if (in_array($key, $blockfields)) {
$value = "Value not displayed for security reasons";
}
if ($key == 'ip') {
$value = '<a href="http://ip-lookup.net/?' . $value . '" target="_blank">' . $value . '</a>';
function exists($name)
{
$r = sql_query('select * FROM ' . sql_table('blog') . ' WHERE bshortname="' . sql_real_escape_string($name) . '"');
return sql_num_rows($r) != 0;
}
function event_LoginFailed(&$data)
{
if ($this->enable_security == 'yes' && $this->max_failed_login > 0) {
global $_SERVER;
$login = $data['username'];
$ip = $_SERVER['REMOTE_ADDR'];
$lres = sql_query("SELECT * FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
if (sql_num_rows($lres)) {
sql_query("UPDATE " . sql_table('plug_securityenforcer') . " SET fails=fails+1, lastfail=" . time() . " WHERE login='******'");
} else {
sql_query("INSERT INTO " . sql_table('plug_securityenforcer') . " (login,fails,lastfail) VALUES ('" . sql_real_escape_string($login) . "',1," . time() . ")");
}
$lres = sql_query("SELECT * FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
if (sql_num_rows($lres)) {
sql_query("UPDATE " . sql_table('plug_securityenforcer') . " SET fails=fails+1, lastfail=" . time() . " WHERE login='******'");
} else {
sql_query("INSERT INTO " . sql_table('plug_securityenforcer') . " (login,fails,lastfail) VALUES ('" . sql_real_escape_string($ip) . "',1," . time() . ")");
}
}
return;
}
/**
* @static
* @todo document this
*/
function _insertPluginOptions($context, $contextid = 0)
{
// get all current values for this contextid
// (note: this might contain doubles for overlapping contextids)
$aIdToValue = array();
$res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));
while ($o = sql_fetch_object($res)) {
$aIdToValue[$o->oid] = $o->ovalue;
}
// get list of oids per pid
$query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin') . ' WHERE opid=pid and ocontext=\'' . sql_real_escape_string($context) . '\' ORDER BY porder, oid ASC';
$res = sql_query($query);
$aOptions = array();
while ($o = sql_fetch_object($res)) {
if (in_array($o->oid, array_keys($aIdToValue))) {
$value = $aIdToValue[$o->oid];
} else {
$value = $o->odef;
}
array_push($aOptions, array('pid' => $o->pid, 'pfile' => $o->pfile, 'oid' => $o->oid, 'value' => $value, 'name' => $o->oname, 'description' => $o->odesc, 'type' => $o->otype, 'typeinfo' => $o->oextra, 'contextid' => $contextid, 'extra' => ''));
}
global $manager;
$manager->notify('PrePluginOptionsEdit', array('context' => $context, 'contextid' => $contextid, 'options' => &$aOptions));
$iPrevPid = -1;
foreach ($aOptions as $aOption) {
// new plugin?
if ($iPrevPid != $aOption['pid']) {
$iPrevPid = $aOption['pid'];
if (!defined('_PLUGIN_OPTIONS_TITLE')) {
define('_PLUGIN_OPTIONS_TITLE', 'Options for %s');
}
echo '<tr><th colspan="2">' . sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)) . '</th></tr>';
}
$meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']);
if (@$meta['access'] != 'hidden') {
echo '<tr>';
listplug_plugOptionRow($aOption);
echo '</tr>';
}
}
}
function _addKeyword($itemid, $keyword)
{
//check to see if keyword exists
$keywordid = $this->_getKeywordID($keyword);
if ($keywordid == 0) {
$sql = sprintf("INSERT INTO %s (keyword) VALUES ('%s')", sql_table('plug_keywords_keyword'), sql_real_escape_string($keyword));
sql_query($sql);
$keywordid = sql_insert_id();
}
$sql = sprintf('INSERT INTO %s (keyword_id, key_id) VALUES (%d, %d)', sql_table('plug_keywords_relationship'), intval($keywordid), intval($itemid));
sql_query($sql);
}
/**
* Updates the general information about the skin
*/
function updateGeneralInfo($name, $desc, $type = 'text/html', $includeMode = 'normal', $includePrefix = '')
{
$query = 'UPDATE ' . sql_table('skin_desc') . ' SET' . " sdname='" . sql_real_escape_string($name) . "'," . " sddesc='" . sql_real_escape_string($desc) . "'," . " sdtype='" . sql_real_escape_string($type) . "'," . " sdincmode='" . sql_real_escape_string($includeMode) . "'," . " sdincpref='" . sql_real_escape_string($includePrefix) . "'" . " WHERE sdnumber=" . $this->getID();
sql_query($query);
}
/**
* @param $aOptions: array ( 'oid' => array( 'contextid' => 'value'))
* (taken from request using requestVar())
* @param $newContextid: integer (accepts a contextid when it is for a new
* contextid there was no id available at the moment of writing the
* formcontrols into the page (by ex: itemOptions for new item)
* @static
*/
function _applyPluginOptions(&$aOptions, $newContextid = 0)
{
global $manager;
if (!is_array($aOptions)) {
return;
}
foreach ($aOptions as $oid => $values) {
// get option type info
$query = 'SELECT opid, oname, ocontext, otype, oextra, odef FROM ' . sql_table('plugin_option_desc') . ' WHERE oid=' . intval($oid);
$res = sql_query($query);
if ($o = sql_fetch_object($res)) {
foreach ($values as $key => $value) {
// avoid overriding the key used by foreach statement
$contextid = $key;
// retreive any metadata
$meta = NucleusPlugin::getOptionMeta($o->oextra);
// if the option is readonly or hidden it may not be saved
if ($meta['access'] != 'readonly' && $meta['access'] != 'hidden') {
$value = undoMagic($value);
// value comes from request
switch ($o->otype) {
case 'yesno':
if ($value != 'yes' && $value != 'no') {
$value = 'no';
}
break;
default:
break;
}
// check the validity of numerical options
if ($meta['datatype'] == 'numerical' && !is_numeric($value)) {
//the option must be numeric, but the it isn't
//use the default for this option
$value = $o->odef;
}
// decide wether we are using the contextid of newContextid
if ($newContextid != 0) {
$contextid = $newContextid;
}
//trigger event PrePluginOptionsUpdate to give the plugin the
//possibility to change/validate the new value for the option
$manager->notify('PrePluginOptionsUpdate', array('context' => $o->ocontext, 'plugid' => $o->opid, 'optionname' => $o->oname, 'contextid' => $contextid, 'value' => &$value));
// delete the old value for the option
sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid=' . intval($oid) . ' AND ocontextid=' . intval($contextid));
sql_query('INSERT INTO ' . sql_table('plugin_option') . " (oid, ocontextid, ovalue) VALUES (" . intval($oid) . "," . intval($contextid) . ",'" . sql_real_escape_string($value) . "')");
}
}
}
// clear option value cache if the plugin object is already loaded
if (is_object($o)) {
$plugin =& $manager->pidLoaded($o->opid);
if ($plugin) {
$plugin->clearOptionValueCache();
}
}
}
}
function getCatIDFromName($name)
{
return quickQuery('SELECT catid as result FROM ' . sql_table('category') . ' WHERE cname="' . sql_real_escape_string($name) . '"');
}
function boolean_sql_where_jp_short($string, $match)
{
$match_a = explode(',', $match);
$key_a = explode(' ', $string);
for ($ith = 0; $ith < count($match_a); $ith++) {
// $temp_a[$ith] = "(i.$match_a[$ith] LIKE '%" . sql_real_escape_string($key_a[0]) . "%') ";
$binKey = preg_match('/[a-zA-Z]/', $key_a[0]) ? '' : 'BINARY';
$temp_a[$ith] = "(i.{$match_a[$ith]} LIKE " . $binKey . " '%" . sql_real_escape_string($key_a[0]) . "%') ";
}
$like = '(' . implode(' or ', $temp_a) . ')';
for ($kn = 1; $kn < count($key_a); $kn++) {
$binKey = preg_match('/[a-zA-Z]/', $key_a[$kn]) ? '' : 'BINARY';
if (substr($key_a[$kn], 0, 1) == ",") {
for ($ith = 0; $ith < count($match_a); $ith++) {
// $temp_a[$ith] = " (i.$match_a[$ith] LIKE '%" . sql_real_escape_string(substr($key_a[$kn],1)) . "%') ";
$temp_a[$ith] = " (i.{$match_a[$ith]} LIKE " . $binKey . " '%" . sql_real_escape_string(substr($key_a[$kn], 1)) . "%') ";
}
$like .= ' OR (' . implode(' or ', $temp_a) . ')';
} elseif (substr($key_a[$kn], 0, 1) != '-') {
for ($ith = 0; $ith < count($match_a); $ith++) {
// $temp_a[$ith] = " (i.$match_a[$ith] LIKE '%" . sql_real_escape_string($key_a[$kn]) . "%') ";
$temp_a[$ith] = " (i.{$match_a[$ith]} LIKE " . $binKey . " '%" . sql_real_escape_string($key_a[$kn]) . "%') ";
}
$like .= ' AND (' . implode(' or ', $temp_a) . ')';
} else {
for ($ith = 0; $ith < count($match_a); $ith++) {
// $temp_a[$ith] = " NOT(i.$match_a[$ith] LIKE '%" . sql_real_escape_string(substr($key_a[$kn],1)) . "%') ";
$temp_a[$ith] = " NOT(i.{$match_a[$ith]} LIKE " . $binKey . " '%" . sql_real_escape_string(substr($key_a[$kn], 1)) . "%') ";
}
$like .= ' AND (' . implode(' and ', $temp_a) . ')';
}
}
$like = '(' . $like . ')';
return $like;
}
function init_tables()
{
$query = "CREATE TABLE IF NOT EXISTS `" . sql_table('bad_behavior_admin') . "` (";
$query .= "`name` varchar(20) NOT NULL default '', ";
$query .= "`value` varchar(128) default NULL, ";
$query .= "PRIMARY KEY (`name`)";
$query .= ") TYPE=MyISAM;";
sql_query($query);
if (!quickQuery("SELECT COUNT(*) as result FROM " . sql_table('bad_behavior_admin'))) {
$query = "INSERT INTO " . sql_table('bad_behavior_admin') . " VALUES ";
$j = 0;
$this->bbconf['log_table'] = sql_table($this->bbconf['log_table']);
foreach ($this->bbconf as $key => $value) {
$query .= ($j == 0 ? '' : ', ') . "('" . sql_real_escape_string($key) . "','" . sql_real_escape_string($value) . "')";
$j = $j + 1;
}
sql_query($query);
}
}
if (empty($_GET["id"])) {
exit;
}
$browser = get_browser(null, true);
if (!$browser || $browser["ismobiledevice"]) {
$s = "pocketcampus://events.plugin.pocketcampus.org/showEventItem?eventItemId={$_GET["id"]}";
header("Location: {$s}");
exit;
}
$id = $_GET["id"];
include_once "admin/functions.php";
$conn = connect_to_db("pocketcampus");
mysql_set_charset("utf8", $conn);
sql_query("set time_zone = 'Europe/Zurich';", $conn);
$events = sql_query("SELECT * FROM eventitems WHERE eventId='" . sql_real_escape_string($id) . "' ;", $conn);
$event = sql_fetch_array($events);
if (!$event) {
exit;
}
if ($event["isProtected"]) {
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title><?php
function bb2_write_settings($settings)
{
$query = "CREATE TABLE IF NOT EXISTS `" . sql_table('bad_behavior_admin') . "` (";
$query .= "`name` varchar(20) NOT NULL default '', ";
$query .= "`value` varchar(128) default NULL, ";
$query .= "PRIMARY KEY (`name`)";
$query .= ") TYPE=MyISAM;";
sql_query($query);
sql_query("DELETE FROM " . sql_table('bad_behavior_admin'));
$query = "INSERT INTO " . sql_table('bad_behavior_admin') . " VALUES ";
$j = 0;
foreach ($settings as $key => $value) {
$query .= ($j == 0 ? '' : ', ') . "('" . sql_real_escape_string($key) . "','" . sql_real_escape_string($value) . "')";
$j = $j + 1;
}
sql_query($query);
return;
}
function query_delete_participant($userid)
{
$userid = sql_real_escape_string($userid);
return "DELETE FROM `users` where id = '{$userid}';";
}
function SE_unlockLogin($login)
{
sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
}
/**
* Updates an item
*
* @static
*/
function update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp = 0)
{
global $manager;
$itemid = intval($itemid);
// make sure value is 1 or 0
if ($closed != 1) {
$closed = 0;
}
// get destination blogid
$new_blogid = getBlogIDFromCatID($catid);
$old_blogid = getBlogIDFromItemID($itemid);
// move will be done on end of method
if ($new_blogid != $old_blogid) {
$moveNeeded = 1;
}
// add <br /> before newlines
$blog =& $manager->getBlog($new_blogid);
if ($blog->convertBreaks()) {
$body = addBreaks($body);
$more = addBreaks($more);
}
// call plugins
$manager->notify('PreUpdateItem', array('itemid' => $itemid, 'title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$blog, 'closed' => &$closed, 'catid' => &$catid));
// update item itsself
$query = 'UPDATE ' . sql_table('item') . ' SET' . " ibody='" . sql_real_escape_string($body) . "'," . " ititle='" . sql_real_escape_string($title) . "'," . " imore='" . sql_real_escape_string($more) . "'," . " iclosed=" . intval($closed) . "," . " icat=" . intval($catid);
// if we received an updated timestamp in the past, but past posting is not allowed,
// reject that date change (timestamp = 0 will make sure the current date is kept)
if (!$blog->allowPastPosting() && $timestamp < $blog->getCorrectTime()) {
$timestamp = 0;
}
if ($timestamp > $blog->getCorrectTime(time())) {
$isFuture = 1;
$query .= ', iposted=0';
} else {
$isFuture = 0;
$query .= ', iposted=1';
}
if ($wasdraft && $publish) {
// set timestamp to current date only if it's not a future item
// draft items have timestamp == 0
// don't allow timestamps in the past (unless otherwise defined in blogsettings)
$query .= ', idraft=0';
if ($timestamp == 0) {
$timestamp = $blog->getCorrectTime();
}
// send new item notification
if (!$isFuture && $blog->getNotifyAddress() && $blog->notifyOnNewItem()) {
$blog->sendNewItemNotification($itemid, $title, $body);
}
}
// save back to drafts
if (!$wasdraft && !$publish) {
$query .= ', idraft=1';
// set timestamp back to zero for a draft
$query .= ", itime=" . mysqldate($timestamp);
}
// update timestamp when needed
if ($timestamp != 0) {
$query .= ", itime=" . mysqldate($timestamp);
}
// make sure the correct item is updated
$query .= ' WHERE inumber=' . $itemid;
// off we go!
sql_query($query);
$manager->notify('PostUpdateItem', array('itemid' => $itemid));
// when needed, move item and comments to new blog
if ($moveNeeded) {
ITEM::move($itemid, $catid);
}
//update the itemOptions
$aOptions = requestArray('plugoption');
NucleusPlugin::_applyPluginOptions($aOptions);
$manager->notify('PostPluginOptionsUpdate', array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $title, 'body' => $body, 'more' => $more, 'closed' => $closed, 'catid' => $catid)));
}
/**
* Adds a new comment to the database
* @param string $timestamp
* @param array $comment
* @return mixed
*/
function addComment($timestamp, $comment)
{
global $CONF, $member, $manager;
$blogid = getBlogIDFromItemID($this->itemid);
$settings =& $manager->getBlog($blogid);
$settings->readSettings();
// begin if: comments disabled
if (!$settings->commentsEnabled()) {
return _ERROR_COMMENTS_DISABLED;
}
// end if
// begin if: public cannot comment
if (!$settings->isPublic() && !$member->isLoggedIn()) {
return _ERROR_COMMENTS_NONPUBLIC;
}
// end if
// begin if: comment uses a protected member name
if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) {
return _ERROR_COMMENTS_MEMBERNICK;
}
// end if
// begin if: email required, but missing (doesn't apply to members)
if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
return _ERROR_EMAIL_REQUIRED;
}
// end if
## Note usage of mb_strlen() vs strlen() below ##
// begin if: commenter's name is too long
if (mb_strlen($comment['user']) > 40) {
return _ERROR_USER_TOO_LONG;
}
// end if
// begin if: commenter's email is too long
if (mb_strlen($comment['email']) > 100) {
return _ERROR_EMAIL_TOO_LONG;
}
// end if
// begin if: commenter's url is too long
if (mb_strlen($comment['userid']) > 100) {
return _ERROR_URL_TOO_LONG;
}
// end if
$comment['timestamp'] = $timestamp;
$comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
$comment['ip'] = serverVar('REMOTE_ADDR');
// begin if: member is logged in, use that data
if ($member->isLoggedIn()) {
$comment['memberid'] = $member->getID();
$comment['user'] = '';
$comment['userid'] = '';
$comment['email'] = '';
} else {
$comment['memberid'] = 0;
}
// spam check
$continue = FALSE;
$plugins = array();
if (isset($manager->subscriptions['ValidateForm'])) {
$plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
}
if (isset($manager->subscriptions['PreAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
}
if (isset($manager->subscriptions['PostAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
}
$plugins = array_unique($plugins);
while (list(, $plugin) = each($plugins)) {
$p = $manager->getPlugin($plugin);
$continue = $continue || $p->supportsFeature('handleSpam');
}
$spamcheck = array('type' => 'comment', 'body' => $comment['body'], 'id' => $comment['itemid'], 'live' => TRUE, 'return' => $continue);
// begin if: member logged in
if ($member->isLoggedIn()) {
$spamcheck['author'] = $member->displayname;
$spamcheck['email'] = $member->email;
} else {
$spamcheck['author'] = $comment['user'];
$spamcheck['email'] = $comment['email'];
$spamcheck['url'] = $comment['userid'];
}
// end if
$manager->notify('SpamCheck', array('spamcheck' => &$spamcheck));
if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE) {
return _ERROR_COMMENTS_SPAM;
}
// isValidComment returns either "1" or an error message
$isvalid = $this->isValidComment($comment, $spamcheck);
if ($isvalid != 1) {
return $isvalid;
}
// begin if: send email to notification address
if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
$mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
// $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
$temp = parse_url($CONF['Self']);
if ($temp['scheme']) {
$mailto_msg .= createItemLink($this->itemid) . "\n\n";
} else {
$tempurl = $settings->getURL();
if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
$mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
} else {
$mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
}
}
if ($comment['memberid'] == 0) {
$mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
$mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
} else {
$mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
}
$mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
$mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
$mailto_msg .= getMailFooter();
$item =& $manager->getItem($this->itemid, 0, 0);
$mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
$frommail = $member->getNotifyFromMailAddress($comment['email']);
$notify =& new NOTIFICATION($settings->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg, $frommail);
}
$comment = COMMENT::prepare($comment);
$manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck));
$name = sql_real_escape_string($comment['user']);
$url = sql_real_escape_string($comment['userid']);
$email = sql_real_escape_string($comment['email']);
$body = sql_real_escape_string($comment['body']);
$host = sql_real_escape_string($comment['host']);
$ip = sql_real_escape_string($comment['ip']);
$memberid = intval($comment['memberid']);
$timestamp = date('Y-m-d H:i:s', $comment['timestamp']);
$itemid = $this->itemid;
$qSql = 'SELECT COUNT(*) AS result ' . 'FROM ' . sql_table('comment') . ' WHERE ' . 'cmail = "' . $url . '"' . ' AND cmember = "' . $memberid . '"' . ' AND cbody = "' . $body . '"' . ' AND citem = "' . $itemid . '"' . ' AND cblog = "' . $blogid . '"';
$result = (int) quickQuery($qSql);
if ($result > 0) {
return _ERROR_BADACTION;
}
$query = 'INSERT INTO ' . sql_table('comment') . ' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' . "VALUES ('{$name}', '{$url}', '{$email}', {$memberid}, '{$body}', {$itemid}, '{$timestamp}', '{$host}', '{$ip}', '{$blogid}')";
sql_query($query);
// post add comment
$commentid = sql_insert_id();
$manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
// succeeded !
return TRUE;
}
function saveIP()
{
$query = 'INSERT INTO ' . sql_table('karma') . ' (itemid, ip) VALUES (' . $this->itemid . ",'" . sql_real_escape_string(serverVar('REMOTE_ADDR')) . "')";
sql_query($query);
}
if (!isset($csv_data[0][$field])) {
$check = FALSE;
break;
}
}
}
if ($check) {
if (!empty($_POST["deleteFirst"])) {
delete_pool_contents();
}
$inserted_count = 0;
foreach ($csv_data as $record) {
//$newid = sql_fetch_array(sql_query("SELECT MAX(eventId)+1 FROM eventitems WHERE parentPool='$PARENT_POOL'", $conn));
$newid = FALSE;
if ($record["PC_ID"]) {
$newid = sql_real_escape_string($record["PC_ID"]);
}
if ($newid) {
//$newid = $newid[0];
$res = sql_query("INSERT INTO eventitems (eventId, parentPool) VALUES ('{$newid}', '{$PARENT_POOL}');", $conn);
//$picurl = sql_real_escape_string("http://pocketcampus.epfl.ch/backend/parti-pics/$uid.$ext");
if ($res) {
$inserted_count++;
if (!update_eventitem($record, $newid, $conn)) {
$msg .= "<p>Error while setting some event item details.</p>";
}
} else {
$msg .= "<p>Could not insert item in DB (duplicate ID? did you delete first?).</p>";
}
} else {
$msg .= "<p>Could not allocate ID for item / ID is NULL.</p>";
<?php
require_once "functions.php";
require_once "php_headers.php";
// will set $conn to database
if ($_SERVER["REQUEST_METHOD"] == "POST") {
echo "<pre>";
if (!empty($_POST["categs"])) {
$categs = explode("\n", trim($_POST["categs"]));
$details = array();
foreach ($categs as $e) {
$ee = explode("\t", trim($e));
if (intval($ee[0])) {
//echo "{$ee[0]}\n";
//continue;
$succ = sql_query("REPLACE INTO eventcategs (categKey, categValue) VALUES (" . intval($ee[0]) . ", '" . sql_real_escape_string(trim($ee[1])) . "');", $conn);
echo "insert " . intval($ee[0]) . ": succ={$succ} affected_rows=" . mysql_affected_rows($conn) . "\n";
}
//if(count($ee) != 2 || $ee[1] != "epfl.ch") continue;
//$details[] = $ee[0];
}
//$details = array_map("fetch_details_by_email", $details);
//$details = implode("\n", $details);
}
exit;
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php
require_once "functions.php";
require_once "php_headers.php";
// will set $conn to database
if (empty($_GET["parentPool"])) {
die("No parentPool specified");
}
if (empty($_GET["type"])) {
die("No type specified");
}
$PARENT_POOL = sql_real_escape_string($_GET["parentPool"]);
$TYPE = $_GET["type"];
function export_event_items()
{
$t = func_get_args();
global $TYPE;
return call_user_func_array(__FUNCTION__ . "_{$TYPE}", $t);
}
if (!function_exists("export_event_items_{$TYPE}")) {
die("I don't understand this type");
}
$POOL_TITLE = "Pool";
$poool = sql_fetch_array(sql_query("SELECT poolTitle FROM eventpools WHERE poolId='{$PARENT_POOL}'", $conn));
if ($poool) {
$POOL_TITLE = $poool[0];
}
?>
<html>
<head>
/**
* Quote string befor SQL.
* @param mix string, int, or array
* @return mix string or int
*/
private function quote_smart($value)
{
// Escape SQL query strings
if (is_array($value)) {
if (get_magic_quotes_gpc()) {
$value = array_map("stripslashes", $value);
}
if (!array_map("is_numeric", $value)) {
$value = array_map("sql_real_escape_string", $value);
} else {
$value = intval($value);
}
} else {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . sql_real_escape_string($value) . "'";
} else {
$value = intval($value);
}
}
return $value;
}
/**
* Cleans up entries in the activation table. All entries older than 2 days are removed.
* (static)
*
* @author dekarma
*/
function cleanupActivationTable()
{
$actdays = 2;
if (isset($CONF['ActivationDays']) && intval($CONF['ActivationDays']) > 0) {
$actdays = intval($CONF['ActivationDays']);
} else {
$CONF['ActivationDays'] = 2;
}
$boundary = time() - 60 * 60 * 24 * $actdays;
// 1. walk over all entries, and see if special actions need to be performed
$res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\'');
while ($o = sql_fetch_object($res)) {
switch ($o->vtype) {
case 'register':
// delete all information about this site member. registration is undone because there was
// no timely activation
include_once $DIR_LIBS . 'ADMIN.php';
ADMIN::deleteOneMember(intval($o->vmember));
break;
case 'addresschange':
// revert the e-mail address of the member back to old address
list($oldEmail, $oldCanLogin) = explode('/', $o->vextra);
sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin='******', memail=\'' . sql_real_escape_string($oldEmail) . '\' WHERE mnumber=' . intval($o->vmember));
break;
case 'forgot':
// delete the activation link and ignore. member can request a new password using the
// forgot password link
break;
}
}
// 2. delete activation entries for real
sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\'');
}
/**
* Creates a dump of the table content for one table
*/
function _backup_dump_contents($tablename)
{
//
// Grab the data from the table.
//
$result = sql_query("SELECT * FROM {$tablename}");
if (sql_num_rows($result) > 0) {
echo "\n#\n# " . sprintf(_BACKUP_BACKUPFILE_TABLEDATAFOR, $tablename) . "\n#\n";
}
$num_fields = sql_num_fields($result);
//
// Compose fieldname list
//
$tablename_list = $this->_backup_get_field_names($result, $num_fields);
//
// Loop through the resulting rows and build the sql statement.
//
while ($row = sql_fetch_array($result)) {
// Start building the SQL statement.
echo "INSERT INTO `" . $tablename . "` {$tablename_list} VALUES(";
// Loop through the rows and fill in data for each column
for ($j = 0; $j < $num_fields; $j++) {
if (!isset($row[$j])) {
// no data for column
echo ' NULL';
} elseif ($row[$j] != '') {
// data
echo " '" . sql_real_escape_string($row[$j]) . "'";
} else {
// empty column (!= no data!)
echo "''";
}
// only add comma when not last column
if ($j != $num_fields - 1) {
echo ",";
}
}
echo ");\n";
}
echo "\n";
}
function exists($name)
{
$r = sql_query('select * FROM ' . sql_table('template_desc') . ' WHERE tdname="' . sql_real_escape_string($name) . '"');
return sql_num_rows($r) != 0;
}
/**
* (internal method) Generates/returns a ticket (one ticket per page request)
*/
function _generateTicket()
{
if ($this->currentRequestTicket == '') {
// generate new ticket (only one ticket will be generated per page request)
// and store in database
global $member;
// get member id
if (!$member->isLoggedIn()) {
$memberId = -1;
} else {
$memberId = $member->getID();
}
$ok = false;
while (!$ok) {
// generate a random token
srand((double) microtime() * 1000000);
$ticket = md5(uniqid(rand(), true));
// add in database as non-active
$query = 'INSERT INTO ' . sql_table('tickets') . ' (ticket, member, ctime) ';
$query .= 'VALUES (\'' . sql_real_escape_string($ticket) . '\', \'' . intval($memberId) . '\', \'' . date('Y-m-d H:i:s', time()) . '\')';
if (sql_query($query)) {
$ok = true;
}
}
$this->currentRequestTicket = $ticket;
}
return $this->currentRequestTicket;
}