Example #1
0
 public function edit_pass()
 {
     $this->load->library('form_validation');
     $this->form_validation->set_rules('current_pass', 'Clave Actual', 'trim|required|xss_clean');
     $this->form_validation->set_rules('new_pass', 'Nueva Clave', 'trim|required|xss_clean');
     $this->form_validation->set_rules('confirm_pass', 'Confirme Nueva Clave', 'trim|required|xss_clean');
     $this->form_validation->set_error_delimiters('<br /><span class="text-danger">', '</span>');
     $form_validation = $this->form_validation->run();
     if ($form_validation == FALSE) {
         $this->res_message = validation_errors();
         //              echo tagcontent('script', "window.location.replace('".  base_url('user_conf/editprofile/index')."')");
     } else {
         $form_validation2 = $this->check_current_pass();
         $form_validation = $this->confirm_pass();
         if ($form_validation and $form_validation2) {
             $data_set = array('clave' => md5(set_value('new_pass') . get_settings('PASSWORDSALTMAIN')));
             $res = $this->generic_model->update('billing_empleado', $data_set, array('id' => $this->user->id));
             if ($res) {
                 $this->res_message .= success_msg(', clave actualizada.');
             }
         } else {
             $this->res_message .= validation_errors();
         }
     }
     echo $this->res_message;
 }
Example #2
0
        foreach ($needles as $needle) {
            if (!(strpos($haystack, $needle) === false)) {
                $found = 1;
                break;
            }
        }
        if ($found == 1) {
            die("Upload not permitted");
        } else {
            if (move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) {
                $uid = $CURUSER['uid'];
                @chmod("{$THIS_BASEPATH}/{$target_path}", 0777);
            }
        }
        mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$TABLE_PREFIX}subtitles` (`id`, `name`, `hash`, `file`, `imdb`, `pic`, `Framerate`, `cds`, `uploader`, `downloaded`, `author`, `flag`) VALUES ('', '{$nume}', '{$hash}', '{$x}', '{$link}', '{$pic}', '{$frame}', '{$cds}', {$uid}, 0, '{$autor}',{$idflag}); ") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
        success_msg("Success", "The subtitle was added to the database!<br><a href=index.php?page=subtitles>Back To Subtitles!</a>");
        stdfoot(false, false, true);
        die;
    } else {
        stderr("Error", "There was an error while uploading, please try again!");
        stdfoot(false, false, true);
        die;
    }
} else {
    $fres = flag_list();
    $option = "\n<select name=\"flag\" size=\"1\">\n<option value='0'>---</option>";
    $thisip = $_SERVER["REMOTE_ADDR"];
    $remotedns = gethostbyaddr($thisip);
    if ($remotedns != $thisip) {
        $remotedns = strtoupper($remotedns);
        preg_match('/^(.+)\\.([A-Z]{2,3})$/', $remotedns, $tldm);
Example #3
0
if ($del > 0) {
    stderr("Confirm", "<b>Are you sure you wish to delete the team? ({$team}) ( <b><a href='index.php?page=admin&user={$CURUSER['uid']}&code={$CURUSER['random']}&do=teams&del={$del}&team={$team}&sure=yes'>Yes!</a></b> / <b><a href='index.php?page=admin&user={$CURUSER['uid']}&code={$CURUSER['random']}&do=teams'>No!</a></b> )");
    stdfoot();
    exit;
}
//$admintpl->set("sure",$sure);
//Edit Team
if ($edited == 1) {
    $aa = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT id FROM {$TABLE_PREFIX}users WHERE username='******'");
    $ar = mysqli_fetch_assoc($aa);
    $team_owner = $ar["id"];
    $query = "UPDATE {$TABLE_PREFIX}teams SET\tname = '{$team_name}', info = '{$team_info}', owner = '{$team_owner}', image = '{$team_image}' WHERE id=" . sqlesc($id);
    $sql = mysqli_query($GLOBALS["___mysqli_ston"], $query);
    mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET team = '{$id}' WHERE id= '{$team_owner}'");
    if ($sql) {
        success_msg("Success", "Updated Team!<br><a href=\"index.php?page=admin&user={$CURUSER['uid']}&code={$CURUSER['random']}&do=teams\">Back</a>");
        write_log("has edited team ({$team_name})", "edit");
        stdfoot();
        exit;
    }
}
$edity = textbbcode("smolf3d1", "team_info", $info);
if ($editid > 0) {
    $editt = "<form name='smolf3d1' method='get' action='index.php'>\n\t<CENTER><table cellspacing=0 cellpadding=5 width=50%>\n\t<div align='center'><input type='hidden' name='edited' value='1'></div>\n\t<br>\n         <input type='hidden' name='page' value='admin'>\n         <input type='hidden' name='user' value='{$CURUSER['uid']}'>\n         <input type='hidden' name='code' value='{$CURUSER['random']}'>\n         <input type='hidden' name='do' value='teams'>\n         <input type='hidden' name='id' value='{$editid}'><table class=main cellspacing=0 cellpadding=5 width=50%><tr>\n         <td class=header colspan=2 align=center>" . $language['TEAM_EDIT'] . "</td></tr>\n\t<tr><td class=header>" . $language['TEAM_NAME'] . "</td><td align='right' class=lista><input type='text' size=50 name='team_name' value='{$name}'></td></tr>\n\t<tr><td class=header>" . $language['TEAM_LOGO'] . "</td><td align='right' class=lista><input type='text' size=50 name='team_image' value='{$image}'></td></tr>\n\t<tr><td class=header>" . $language['TEAM_OWNER'] . "</td><td align='right' class=lista><input type='text' size=50 name='team_owner' value='{$owner}'>" . $language['TEAM_ONE'] . "</td></tr>\n\t<tr><td valign=top class=header>" . $language['TEAM_DESC'] . "</td><td align='right' class=lista>{$edity}</td></tr>\n\t<tr><td class=header colspan=2><div align='center'><input type='Submit' value=Update></div></td></tr>\n\t</table></CENTER></form><br><br><hr><br><br>";
}
$admintpl->set("edit", $editt);
//Add Team
if ($add == 'true') {
    $ping = do_sqlquery("select * from {$TABLE_PREFIX}teams order by name");
    while ($pong = mysqli_fetch_array($ping)) {
        if ($pong["name"] == $team_name) {
Example #4
0
if ($action == "edit") {
    $isbool = false;
    if (file_exists('../configs/web.xml')) {
        $xml = simplexml_load_file('../configs/web.xml');
        foreach ($xml->xpath("/web/info/add") as $val) {
            $val['value'] = $_POST['' . $val['filed'] . ''];
        }
        $xml->saveXML('../configs/web.xml');
        $isbool = true;
    } else {
        info_sysadmin_error('读取站点配置文件失败');
    }
    if ($isbool) {
        success_msg('修改成功', prev_url());
    } else {
        success_msg('修改失败', 'back');
    }
}
if ($action == '') {
    if (file_exists('../configs/web.xml')) {
        $webinfo = array();
        $xml = simplexml_load_file('../configs/web.xml');
        foreach ($xml->xpath('/web/info/add') as $value) {
            $webinfo[] = $value;
        }
        $smarty->assign('webinfo', $webinfo);
    } else {
        info_sysadmin_error('读取站点配置文件失败');
    }
}
$smarty->assign("action", $action);
Example #5
0
    die("non direct access!");
}
include load_language("lang_peers.php");
$admintpl->set('language', $language);
isset($_GET["id"]) ? $id = 0 + $_GET["id"] : ($id = "");
isset($_GET["returnto"]) ? $url = urldecode($_GET["returnto"]) : ($url = "");
isset($_POST["confirm"]) ? $confirm = $_POST["confirm"] : ($confirm = "");
if ($_POST["confirm"]) {
    if ($confirm == $language["YES"]) {
        if ($XBTT_USE) {
            $dr = mysqli_fetch_array(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT peer_id_ascii FROM `{$TABLE_PREFIX}bannedclient` WHERE `id`=" . $id));
            @mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM xbt_deny_from_clients WHERE peer_id=" . sqlesc($dr['peer_id_ascii']));
            unset($dr);
        }
        @mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM `{$TABLE_PREFIX}bannedclient` WHERE `id`=" . $id);
        success_msg($language["SUCCESS"], $language["CLIENT_REMOVED"] . "<a href='{$url}'>" . $language["RETURN"] . "</a>");
        stdfoot();
        exit;
    } else {
        redirect($url);
    }
}
$res = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM `{$TABLE_PREFIX}bannedclient` WHERE `id`={$id}");
if (@mysqli_num_rows($res) > 0) {
    $client = array();
    $i = 0;
    while ($row = mysqli_fetch_assoc($res)) {
        $client[$i]["client_name"] = $row["client_name"];
        $client[$i]["user_agent"] = $row["user_agent"];
        $client[$i]["peer_id"] = $row["peer_id"];
        $client[$i]["peer_id_ascii"] = $row["peer_id_ascii"];
Example #6
0
            stdfoot();
            exit;
        } elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) {
            err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
            stdfoot();
            exit;
        } else {
            $respwd = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE id={$uid} AND password='******' AND username="******"username"]) . "");
            if (!$respwd || mysql_num_rows($respwd) == 0) {
                err_msg($language["ERROR"], $language["ERR_RETR_DATA"]);
            } else {
                $arr = mysql_fetch_assoc($respwd);
                do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='******' WHERE id={$uid} AND password='******' AND username="******"username"]) . "") or die(mysql_error());
                if ($GLOBALS["FORUMLINK"] == "smf") {
                    $passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]);
                    do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]) or die(mysql_error());
                }
                success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>");
                stdfoot(true, false);
            }
        }
        break;
    case '':
    case 'change':
    default:
        $pwdtpl = array();
        $pwdtpl["frm_action"] = "index.php?page=usercp&amp;do=pwd&amp;action=post&amp;uid=" . $uid . "";
        $pwdtpl["frm_cancel"] = "index.php?page=usercp&amp;uid=" . $uid . "";
        $usercptpl->set("pwd", $pwdtpl);
        break;
}
Example #7
0
            $isbool = $db->delete($table, "id=" . $id[$i]);
        }
        if ($isbool !== false) {
            success_msg('删除成功', '?');
        } else {
            error_msg('删除失败', 'back');
        }
    }
}
if ($action == "bj") {
    $id = $_GET['id'];
    $result = $db->query_by_id($table, $id);
    $row = $db->fetch($result);
    $smarty->assign('user', $row);
}
if ($action == "edit") {
    $id = $_POST['id'];
    $state = $_POST['state'];
    $mod_content = "state={$state}";
    $where = 'id=' . $id;
    $isbool = $db->update($table, $mod_content, $where);
    if ($isbool !== false) {
        success_msg('修改成功', '?');
    } else {
        error_msg('修改失败', 'back');
    }
}
$smarty->assign("action", $action);
$smarty->assign("keyword", @$_GET["keyword"]);
$smarty->display('sysadmin/yuyue.html');
require_once 'footer.php';
<?php

include_once 'include/util.php';
$query = "\n        INSERT INTO fondos_debitos (\n            fecha,\n            fondo,\n            monto,\n            concepto\n        )\n        VALUES (\n            now(),\n            " . $_REQUEST['fondo'] . ",\n            " . $_REQUEST['monto'] . ",\n            '" . verificar_sql($_REQUEST['concepto']) . "'\n        )";
if (!mysql_query($query)) {
    sql_error_msg();
    return;
}
$Codigo = mysql_insert_id();
$query = "\n        UPDATE\n            fondos\n        SET\n            saldo = saldo - " . $_REQUEST['monto'] . "\n        WHERE\n            codigo = " . $_REQUEST['fondo'];
if (!mysql_query($query)) {
    sql_error_msg();
    return;
}
/*
 * AGREGAR LA OPERACION EN LOS MOVIMIENTOS:
 */
if (!registrar_movimiento(4, $Codigo, $_REQUEST['monto'])) {
    sql_error_msg();
    return;
}
success_msg("Se ha debitado el monto del fondo!");
<?php

include 'include/util.php';
$query = "INSERT INTO\n            talonarios (\n                codigo,\n                descripcion,\n                fecha,\n                inicio,\n                actual \n            ) VALUES (\n                " . $_REQUEST['codigo'] . ",\n                '" . verificar_sql($_REQUEST['descripcion']) . "',\n                now(),\n                " . verificar_sql($_REQUEST['inicio']) . ",\n                " . verificar_sql($_REQUEST['actual']) . "\n            )";
if (!mysql_query($query)) {
    sql_error_msg();
    return;
}
if (!registrar_movimiento(46, $_REQUEST['codigo'])) {
    sql_error_msg();
    return;
}
success_msg("Se ha agregado el talonario!");
Example #10
0
         } elseif ($case == 8) {
             $msg = $language["ERR_NICK_NOT_ALLOWED"];
         } elseif ($case == 9) {
             $msg = $language["ERR_USER_ALREADY_EXISTS"];
         }
         err_msg($language["ERROR"], $msg);
         stdfoot();
         exit;
     }
     do_sqlquery("UPDATE {$TABLE_PREFIX}users SET username='******' WHERE id=" . $CURUSER["uid"]);
     if ($GLOBALS["FORUMLINK"] == "smf") {
         do_sqlquery("UPDATE {$db_prefix}members SET memberName='{$nick1}', realName='{$nick1}' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]);
         do_sqlquery("UPDATE {$db_prefix}messages SET posterName='{$nick1}' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]);
     }
     write_log($language["CHANGED_THEIR_NICK"] . $nick1, "modify");
     success_msg($language["SUCCESS"], $language["NICK_CHANGE_SUCCESS"] . $nick1);
     stdfoot();
     exit;
     break;
 case '':
 case 'change':
 default:
     $rentpl = array();
     $rentpl["username"] = $CURUSER["username"];
     // -----------------------------
     // Captcha hack
     // -----------------------------
     if ($USE_IMAGECODE) {
         if (extension_loaded('gd')) {
             $arr = gd_info();
             if ($arr['FreeType Support'] == 1) {
Example #11
0
         exit;
     }
     // Update their tracker member record with the now verified email address
     do_sqlquery("UPDATE {$TABLE_PREFIX}users SET email='" . mysqli_real_escape_string($DBDT, $newmail) . "' WHERE id='" . $id . "'", true);
     // If using SMF, update their record on that too.
     if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") {
         $basedir = substr(str_replace("\\", "/", dirname(__FILE__)), 0, strrpos(str_replace("\\", "/", dirname(__FILE__)), '/'));
         $language2 = $language;
         require_once $basedir . "/smf/Settings.php";
         $language = $language2;
         do_sqlquery("UPDATE `{$db_prefix}members` SET `email" . ($GLOBALS["FORUMLINK"] == "smf" ? "A" : "_a") . "ddress`='" . mysqli_real_escape_string($DBDT, $newmail) . "' WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $getacc["smf_fid"], true);
     } elseif ($GLOBALS["FORUMLINK"] == "ipb") {
         IPSMember::save($getacc["ipb_fid"], array("members" => array("email" => "{$newmail}")));
     }
     // Print a message stating that their email has been successfully changed
     success_msg($language["SUCCESS"], $language["REVERIFY_CONGRATS1"] . " " . $oldmail . " " . $language["REVERIFY_CONGRATS2"] . " " . $newmail . " " . $language["REVERIFY_CONGRATS3"] . "<a href=\"" . $BASEURL . "\">" . $language["MNU_INDEX"] . "</a>");
     stdfoot(true, false);
     // If the member clicking the link is validating...
     if ($idlevel == 2) {
         // ...we may as well upgrade their rank to member whilst we're at it.
         do_sqlquery("UPDATE {$TABLE_PREFIX}users SET id_level=3 WHERE id='" . $id . "'");
         if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") {
             do_sqlquery("UPDATE {$db_prefix}members SET " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_GROUP`" : "`id_group`") . "=" . ($getacc["smf_group_mirror"] > 0 ? $getacc["smf_group_mirror"] : "13") . " WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $getacc["smf_fid"]);
         } elseif ($GLOBALS["FORUMLINK"] == "ipb") {
             $ipblev = $getacc["ipb_group_mirror"] > 0 ? $getacc["ipb_group_mirror"] : "3";
             IPSMember::save($getacc["ipb_fid"], array("members" => array("member_group_id" => "{$ipblev}")));
         }
     }
 } else {
     err_msg($language["REVERIFY_FAILURE"] . "<a href=\"" . $BASEURL . "\">" . $language["MNU_INDEX"] . "</a>");
     stdfoot();
<?php

$iva = 0;
$discrimina = 0;
if (isset($_REQUEST['iva'])) {
    if ($_REQUEST['iva'] == 1 || strtolower($_REQUEST['iva']) == 'true' || strtolower($_REQUEST['iva']) == 'on' || strtolower($_REQUEST['iva']) == 'checked') {
        $iva = 1;
    }
}
if (isset($_REQUEST['discrimina'])) {
    if ($_REQUEST['discrimina'] == 1 || strtolower($_REQUEST['discrimina']) == 'true' || strtolower($_REQUEST['discrimina']) == 'on' || strtolower($_REQUEST['discrimina']) == 'checked') {
        $discrimina = 1;
    }
}
include 'include/util.php';
$query = "\n        UPDATE\n            facturas_tipo\n        SET\n            descripcion = '" . verificar_sql($_REQUEST['descripcion']) . "',\n            iva = " . $iva . ",\n            discrimina = " . $discrimina . "\n        WHERE\n            codigo = " . $_REQUEST['codigo'];
if (!mysql_query($query)) {
    sql_error_msg();
    return;
}
if (!registrar_movimiento(29, $_REQUEST['codigo'])) {
    sql_error_msg();
    return;
}
success_msg("Se ha editado el tipo de factura!");
<?php

include 'include/util.php';
$Articulos = $_REQUEST['articulos'];
if (!isset($Articulos)) {
    alert_msg("No se han seleccionado artículos!");
    return;
}
foreach ($Articulos as $Articulo) {
    $query = "\n            INSERT INTO\n                listas_precio_detalle (lista, articulo, precio) \n            VALUES (\n                " . $_REQUEST['lista'] . ",\n                " . $Articulo . ",\n                (SELECT costo FROM articulos WHERE codigo = " . $Articulo . ")\n            )";
    if (!mysql_query($query)) {
        sql_error_msg();
        return;
    }
}
if (!registrar_movimiento(53, 0)) {
    sql_error_msg();
    return;
}
success_msg("Se han agregado los artículos a la lista!");
Example #14
0
}
$admintpl->set("add_new", false, true);
switch ($action) {
    case 'delete':
        $id = max(0, $_GET["id"]);
        // controle if this level can be cancelled
        $rcanc = do_sqlquery("SELECT can_be_deleted FROM {$TABLE_PREFIX}users_level WHERE id={$id}");
        if (!$rcanc || mysql_num_rows($rcanc) == 0) {
            err_msg($language["ERROR"], $language["ERR_CANT_FIND_GROUP"]);
            stdfoot(false, false, true);
            die;
        }
        $rcancanc = mysql_fetch_array($rcanc);
        if ($rcancanc["can_be_deleted"] == "yes") {
            do_sqlquery("DELETE FROM {$TABLE_PREFIX}users_level WHERE id={$id}", true);
            success_msg($language["SUCCESS"], $language["GROUP_DELETED"] . "<br />\n<a href=\"index.php?page=admin&amp;user="******"uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=groups\">" . $language["ACP_USER_GROUP"] . "</a>");
            stdfoot(false, false, true);
            die;
        } else {
            err_msg($language["ERROR"], $language["CANT_DELETE_GROUP"]);
            stdfoot(false, false, true);
            die;
        }
        break;
    case 'edit':
        $block_title = $language["GROUP_EDIT_GROUP"];
        $gid = max(0, $_GET["id"]);
        $admintpl->set("list", false, true);
        $admintpl->set("frm_action", "index.php?page=admin&amp;user="******"uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=groups&amp;action=save&amp;id={$gid}");
        $admintpl->set("language", $language);
        $rgroup = get_result("SELECT * FROM {$TABLE_PREFIX}users_level WHERE id={$gid}", true);
Example #15
0
<?php

require_once 'inc.php';
$table = 'cn_login_log';
$action = empty($_GET["action"]) ? '' : $_GET["action"];
if ($action == "delete") {
    $id = $_POST['id'];
    $isbool = true;
    if (!empty($id)) {
        for ($i = 0; $i < count($id); $i++) {
            $isbool = $db->delete($table, "id=" . $id[$i]);
        }
        if ($isbool !== false) {
            success_msg('删除成功', prev_url());
        } else {
            error_msg('删除失败', 'back');
        }
    }
}
if ($action == '') {
    $where = @$_GET['keyword'] != '' ? " AND userId LIKE '%" . @$_GET['keyword'] . "%'" : '';
    $order = ' ORDER BY id DESC';
    $page_size = 20;
    $current_page = !@$_GET['p'] ? 1 : @$_GET['p'];
    $nums = $db->query_count($table, $where);
    $logList = array();
    $result = $db->query_page_list($table, $page_size, $current_page, $order, $where);
    while ($row = $db->fetch($result)) {
        $logList[] = $row;
    }
    $pager = new Pager($page_size, $nums, $current_page, 8);
Example #16
0
    }
    $typeList = array();
    display_type($db, $typeList, $id, 0);
    if (!empty($typeList)) {
        foreach ($typeList as $item) {
            $type_array[] = $item['id'];
        }
        if (in_array($_POST['parent_id'], $type_array)) {
            info_sysadmin_error('上级分类不能是自己的子类');
        }
    }
    $mod_content = "name='{$name}',sort={$sort},parent_id={$parent_id},description='{$description}',image='{$image}'";
    $where = 'id=' . $id;
    $isbool = $db->update($table, $mod_content, $where);
    if ($isbool !== false) {
        success_msg('修改成功', "?");
    } else {
        error_msg('修改失败', 'back');
    }
}
/*
 * 递归所有分类
 */
function display_type($db, &$typeList, $parent_id, $level)
{
    $result = $db->query("SELECT * FROM cn_course_type WHERE parent_id=" . $parent_id . " ORDER BY sort ASC,id ASC");
    while ($row = $db->fetch($result)) {
        $product_count = $db->query_count("cn_course", "and type_id=" . $row['id']);
        $typeList[] = array('id' => $row['id'], 'name' => $row['name'], 'sort' => $row['sort'], 'parent_id' => $row['parent_id'], 'product_count' => $product_count, 'level' => str_repeat("&nbsp;&nbsp;&nbsp;", $level));
        display_type($db, $typeList, $row['id'], $level + 1);
    }
Example #17
0
     } elseif (isset($_GET["add_hack_folder"])) {
         $hack_folder = urldecode($_GET["add_hack_folder"]);
     }
     // used to define the current path (hack path)
     $CURRENT_FOLDER = "{$THIS_BASEPATH}/hacks/{$hack_folder}";
     // create object
     $newhack = new update_hacks();
     // we open the work definition file
     $hstring = $newhack->open_hack("{$THIS_BASEPATH}/hacks/{$hack_folder}/modification.xml");
     // all structure is now in an array
     $new_hack_array = $newhack->hack_to_array($hstring);
     // we will test again, then if ok, we install the hack
     if ($newhack->install_hack($new_hack_array, true)) {
         if ($newhack->install_hack($new_hack_array)) {
             do_sqlquery("INSERT INTO {$TABLE_PREFIX}hacks SET " . sprintf("title=%s,version=%s,author=%s,added=UNIX_TIMESTAMP(),folder=%s", sqlesc($new_hack_array[0]["title"]), sqlesc($new_hack_array[0]["version"]), sqlesc($new_hack_array[0]["author"]), sqlesc($hack_folder)), true);
             success_msg($language["SUCCESS"], $language["HACK_INSTALLED_OK"]);
             stdfoot(true, false);
             die;
         }
     } else {
         stderr($language["ERROR"], join("<br />\n", $newhack->errors));
     }
     break;
 case 'test':
     include "{$THIS_BASEPATH}/include/class.update_hacks.php";
     if (isset($_POST["add_hack_folder"])) {
         $hack_folder = $_POST["add_hack_folder"];
     } elseif (isset($_GET["add_hack_folder"])) {
         $hack_folder = urldecode($_GET["add_hack_folder"]);
     }
     // used to define the current path (hack path)
Example #18
0
     }
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         $body = $_POST['body'];
         if ($body == "") {
             stderr($language["ERROR"], $language["ERR_BODY_EMPTY"]);
         }
         $body = sqlesc($body);
         $editedat = sqlesc(time());
         do_sqlquery("UPDATE {$TABLE_PREFIX}posts SET body={$body}, editedat={$editedat}, editedby=" . intval($CURUSER["uid"]) . " WHERE id={$postid}", true);
         $returnto = urldecode($_POST["returnto"]);
         if ($returnto != "") {
             $returnto .= "#{$postid}";
             redirect("{$returnto}");
             die;
         } else {
             success_msg($language["SUCCESS"], $language["SUC_POST_SUC_EDIT"]);
             stdfoot();
             die;
         }
     }
     $block_title = $language["EDIT_POST"];
     $forumtpl->set("frm_action", "index.php?page=forum&amp;action=editpost&amp;postid={$postid}");
     $forumtpl->set("return_to", htmlspecialchars($_SERVER["HTTP_REFERER"]));
     $forumtpl->set("post_body", textbbcode("edit", "body", htmlspecialchars(unesc($arr["body"]))));
     break;
 case 'reply':
 case 'quotepost':
     if ($action == "quotepost") {
         $quote = true;
     } else {
         $quote = false;
Example #19
0
$admintpl->set("uid", $CURUSER["uid"]);
$admintpl->set("random", $CURUSER["random"]);
$admintpl->set("opt1", $delete != 'false' && $confirm == 'false' ? true : false, true);
$admintpl->set("opt2", $delete != 'false' && $confirm == 'true' ? true : false, true);
if ($delete != 'false' && $confirm == 'true') {
    do_sqlquery("DELETE FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $delete . "' LIMIT 1", true);
}
if ($addcheapmail == "" && $additthen == "Submit") {
    stderr($language["ERROR"], $language["ERR_CHEAP_SUBMIT"]);
} elseif ($addcheapmail != "" && $additthen == "Submit") {
    $isthere = mysqli_fetch_assoc(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $addcheapmail . "'"));
    $wildcard = "@" . strrrchr($addcheapmail, ".");
    $wildthere = mysqli_fetch_assoc(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $wildcard . "'"));
    if (!$isthere && !$wildthere) {
        mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$TABLE_PREFIX}cheapmail` VALUES ('" . $addcheapmail . "', UNIX_TIMESTAMP(), '" . $CURUSER["username"] . "')");
        success_msg("Success!", "<span style='color:#CC0000'><b>{$addcheapmail}</span><span style='color:#000000'>" . $language["CHEAP_ADDED"] . "</span></b>");
    } elseif (!$isthere && $wildthere) {
        stderr($language["ERROR"], "<span style='color:#000000'>" . $language["ERR_WILDCARD_1"] . "<span style='color:#CC0000'><b>{$wildcard}</b></span>" . $language["ERR_WILDCARD_2"] . "<span style='color:#CC0000'><b>{$addcheapmail}</b></span>" . $language["ERR_WILDCARD_3"] . "</span>");
    } else {
        stderr($language["ERROR"], "<span style='color:#CC0000'>{$addcheapmail} </span><span style='color:#000000'>" . $language["ERR_CHEAP_DUPE"] . "</span>");
    }
}
$i = 0;
$loop = array();
$list = get_result("SELECT `c`.`domain`, `c`.`added`, `c`.`added_by`, `ul`.`prefixcolor`, `ul`.`suffixcolor` FROM `{$TABLE_PREFIX}cheapmail` `c` LEFT JOIN `{$TABLE_PREFIX}users` `u` ON `c`.`added_by`=`u`.`username` LEFT JOIN `{$TABLE_PREFIX}users_level` `ul` ON `u`.`id_level`=`ul`.`id` ORDER BY `c`.`domain` ASC", true, $btit_settings["cache_duration"]);
if (isset($list[0])) {
    $admintpl->set("haveloop", true, true);
    foreach ($list as $cheapmail) {
        $loop[$i]["domain"] = $cheapmail["domain"];
        $loop[$i]["added"] = $cheapmail["added"] == 0 ? $language["UNKNOWN"] : date('M j Y \\a\\t h:i A', $cheapmail["added"]);
        $loop[$i]["added_by"] = $cheapmail["added_by"] == "Unknown" ? $language["UNKNOWN"] : unesc($cheapmail["prefixcolor"] . $cheapmail["added_by"] . $cheapmail["suffixcolor"]);
Example #20
0
    //$type_id = $_POST['type_id'];
    $keywords = $_POST['keywords'];
    $image2 = $_POST['image2'];
    $description = $_POST['description'];
    $contents = $_POST['contents'];
    $description = str_replace("'", "\\'", $description);
    $contents = str_replace("'", "\\'", $contents);
    $sort = $_POST['sort'];
    $url = $_POST['url'];
    $ziliao = $_POST['ziliao'];
    $mokuai = $_POST['mokuai'];
    $mod_content = "title='{$title}',yuliu2='{$image2}',keywords='{$keywords}',image='{$ziliao}',\r\n\t\t\t\t\t\tdescription='{$description}',contents='{$contents}',sort={$sort},url='{$url}',guishu='{$mokuai}'\r\n\t\t\t\t\t\t";
    $where = 'id=' . $id;
    $isbool = $db->update($table, $mod_content, $where);
    if ($isbool !== false) {
        success_msg('修改成功', '?type_id=' . @$_GET['type_id']);
    } else {
        error_msg('修改失败', 'back');
    }
}
/*
 * 添加模式
 */
function display_type($db, &$typeList, $parent_id, $level)
{
    $result = $db->query("SELECT * FROM cn_along_type WHERE parent_id=" . $parent_id . " ORDER BY sort,id ASC");
    while ($row = $db->fetch($result)) {
        $typeList[] = array('id' => $row['id'], 'name' => $row['name'], 'level' => str_repeat('&nbsp;&nbsp;&nbsp;', $level));
        display_type($db, $typeList, $row['id'], $level + 1);
    }
}
Example #21
0
                     mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET id_level={$p} WHERE id={$uid}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
                     mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET parked='0' WHERE id={$uid}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
                 }
             } else {
                 $r = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT id_level from {$TABLE_PREFIX}users where id = {$uid}");
                 $cc = mysqli_result($r, 0, "id_level");
                 $r = mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET parked = {$cc} where id = {$uid}");
                 $r = mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET id_level = 13 where id = {$uid}");
             }
             if ($idlangue > 0) {
                 $_SESSION['CURUSER']['style_url'] = idlangue;
             }
             if ($idstyle > 0) {
                 $_SESSION['CURUSER']['language_path'] = $idstyle;
             }
             success_msg($language["SUCCESS"], $language["INF_CHANGED"] . "<br /><a href=\"index.php?page=usercp&amp;uid=" . $uid . "\">" . $language["BCK_USERCP"] . "</a>");
             stdfoot(true, false);
             exit;
         }
     }
     break;
 case '':
 case 'change':
 default:
     $usercptpl->set("AVATAR", false, true);
     $usercptpl->set("USER_VALIDATION", false, true);
     $usercptpl->set("INTERNAL_FORUM", false, true);
     $profiletpl = array();
     $row = mysqli_fetch_assoc(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `dob` FROM `{$TABLE_PREFIX}users` WHERE `id`=" . $uid));
     $usercptpl->set("DOBEDIT", $row["dob"] == "0000-00-00" ? true : false, true);
     $dob = explode("-", $row["dob"]);
Example #22
0
    send_mail($email, "{$SITENAME} " . $language["ACCOUNT_DETAILS"], $body) or stderr($language["ERROR"], $language["ERR_SEND_EMAIL"]);
    redirect("index.php?page=recover&act=recover_ok&id={$id}&random={$random}");
    die;
} elseif ($act == "recover_ok") {
    $id = intval(0 + $_GET["id"]);
    $random = intval($_GET["random"]);
    if (!$id || !$random || empty($random) || $random == 0) {
        stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
    }
    $res = do_sqlquery("SELECT username, email, random" . ($GLOBALS["FORUMLINK"] == "smf" ? ", smf_fid" : "") . " FROM {$TABLE_PREFIX}users WHERE id = {$id}", true);
    $arr = mysql_fetch_array($res);
    if ($random != $arr["random"]) {
        stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
    }
    $email = $arr["email"];
    success_msg($language["SUCCESS"], $language["SUC_SEND_EMAIL"] . " <b>{$email}</b>.\n" . $language["SUC_SEND_EMAIL_2"]);
    $tpl->set("main_footer", bottom_menu() . "<br />\n");
    $tpl->set("btit_version", print_version());
    echo $tpl->fetch(load_template("main.tpl"));
    die;
} elseif ($act == "recover") {
}
$recovertpl = new bTemplate();
global $language, $recovertpl;
$recovertpl->set("language", $language);
$recover = array();
$recover["action"] = "index.php?page=recover&amp;act=takerecover";
$recovertpl->set("recover", $recover);
if ($USE_IMAGECODE) {
    if (extension_loaded('gd')) {
        $arr = gd_info();
Example #23
0
////////////////////////////////////////////////////////////////////////////////////
if (!defined("IN_BTIT")) {
    die("non direct access!");
}
if (!defined("IN_ACP")) {
    die("non direct access!");
}
switch ($action) {
    case 'delete':
        if ($_GET['ip'] == "") {
            err_msg(ERROR, INVALID_ID);
        }
        //delete the ip from db
        $id = max(0, $_GET['ip']);
        do_sqlquery("DELETE FROM {$TABLE_PREFIX}bannedip WHERE id=" . $id, true);
        success_msg($language["SUCCESS"], $language["BAN_DELETED"]);
        stdfoot(true, false);
        break;
    case 'write':
        if ($_POST['firstip'] == "" || $_POST['lastip'] == "") {
            stderr($language["ERROR"], $language["BAN_NO_IP_WRITE"]);
        } else {
            //ban the ip for real
            $firstip = $_POST["firstip"];
            $lastip = $_POST["lastip"];
            $comment = $_POST["comment"];
            $firstip = sprintf("%u", ip2long($firstip));
            $lastip = sprintf("%u", ip2long($lastip));
            if ($firstip == -1 || $lastip == -1) {
                err_msg($language["ERROR"], $language["BAN_IP_ERROR"]);
            } else {
<?php

include 'include/util.php';
$query = "DELETE FROM facturas_tipo WHERE codigo = " . $_REQUEST['codigo'];
if (!mysql_query($query)) {
    sql_error_msg();
    return;
}
if (!registrar_movimiento(30, $_REQUEST['codigo'])) {
    sql_error_msg();
    return;
}
success_msg("Se ha borrado el tipo de factura!");
Example #25
0
}
if ($_POST["conferma"]) {
    if ($act == "signup") {
        $ret = aggiungiutente();
        if ($ret == 0) {
            if ($VALIDATION == "user") {
                success_msg($language["ACCOUNT_CREATED"], $language["EMAIL_SENT"]);
                stdfoot();
                exit;
            } else {
                if ($VALIDATION == "none") {
                    success_msg($language["ACCOUNT_CREATED"], $language["ACCOUNT_CONGRATULATIONS"]);
                    stdfoot();
                    exit;
                } else {
                    success_msg($language["ACCOUNT_CREATED"], $language["WAIT_ADMIN_VALID"]);
                    stdfoot();
                    exit;
                }
            }
        } elseif ($ret == -1) {
            stderr($language["ERROR"], $language["ERR_MISSING_DATA"]);
        } elseif ($ret == -3) {
            stderr($language["ERROR"], $language["ERR_NO_EMAIL"]);
        } elseif ($ret == -7) {
            stderr($language["ERROR"], "<font color=\"black\">" . $language["ERR_NO_SPACE"] . "<strong><font color=\"red\">" . preg_replace('/\\ /', '_', mysql_escape_string($_POST["user"])) . "</strong></font></font><br />");
        } elseif ($ret == -8) {
            stderr($language["ERROR"], $language["ERR_SPECIAL_CHAR"]);
        } elseif ($ret == -9) {
            stderr($language["ERROR"], $language["ERR_PASS_LENGTH"]);
        } else {
<?php

include_once 'include/util.php';
$query = "\n        INSERT INTO usuarios (\n            nombre,\n            apodo,\n            clave,\n            correo\n            ) \n        VALUES (\n            '" . verificar_sql($_REQUEST['nombre']) . "',\n            '" . verificar_sql($_REQUEST['apodo']) . "',\n            MD5('" . $_REQUEST['clave'] . "'),\n            '" . verificar_sql($_REQUEST['correo']) . "'\n        )";
if (!mysql_query($query)) {
    sql_error_msg();
    return;
}
$Codigo = mysql_insert_id();
if (!registrar_movimiento(49, $_COOKIE['usuario'])) {
    sql_error_msg();
    return;
}
success_msg("Se a agregado el usuario al sistema!");
Example #27
0
File: dj.php Project: Karpec/gizd
         $selectedadays = array();
         foreach ($activedays as $ad) {
             if ($availabledays[$ad]) {
                 $selectedadays[] = $availabledays[$ad];
                 continue;
             }
         }
         if (count($selectedadays)) {
             $activedays = implode(',', $selectedadays);
             do_sqlquery('INSERT INTO ' . $TABLE_PREFIX . 'shoutcastdj VALUES (NULL, \'' . $CURUSER['uid'] . '\', \'0\', ' . sqlesc($activedays) . ', ' . sqlesc($activetime) . ', ' . sqlesc($genre) . ')', true);
             $id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
             $query = do_sqlquery('SELECT u.id FROM ' . $TABLE_PREFIX . 'users u LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id WHERE delete_users=\'yes\'', true);
             while ($si = mysqli_fetch_assoc($query)) {
                 send_pm(0, $si[id], sqlesc($language['subject']), sqlesc('' . $language['msg'] . ' ' . $CURUSER['username'] . ' ' . $language['msgg'] . ' [url]' . $BASEURL . '/index.php?page=dj&do=list&id=' . $id . '[/url]'));
             }
             success_msg($language['SUCCESS'], $language['thanks']);
             stdfoot(true, false);
             die;
         } else {
             stderr($language['ERROR'], $language['blank']);
         }
     } else {
         stderr($language['ERROR'], $language['blank']);
     }
 }
 $availabledays = explode(',', $language['days']);
 $days = '';
 $i = 0;
 while ($i < 7) {
     $days .= '
         <input type="checkbox" value="' . ($i + 1) . '" name="activedays[]" /> ' . $availabledays[$i] . ' ';
<?php

include 'include/util.php';
$query = "UPDATE\n            talonarios\n        SET\n            descripcion = '" . verificar_sql($_REQUEST['descripcion']) . "',\n            inicio = " . verificar_sql($_REQUEST['inicio']) . ",\n            actual = " . verificar_sql($_REQUEST['actual']) . "\n        WHERE\n            codigo = " . $_REQUEST['codigo'];
if (!mysql_query($query)) {
    sql_error_msg();
    return;
}
if (!registrar_movimiento(47, $_REQUEST['codigo'])) {
    sql_error_msg();
    return;
}
success_msg("Se ha actualizado el talonario!");
<?php

$query = "DELETE FROM usuarios WHERE codigo = " . $_REQUEST['codigo'];
$return = mysql_query($query);
if (!$return) {
    sql_error_msg();
    return;
}
if (!registrar_movimiento(51, $_REQUEST['codigo'])) {
    sql_error_msg();
    return;
}
success_msg("Se ha eliminado el usuario!");
Example #30
0
            }
            if ($helplang != $curu['helplang']) {
                $set[] = 'helplang=' . sqlesc(htmlspecialchars($helplang));
            }
            $updateset = isset($set) ? implode(',', $set) : '';
            $updatesetxbt = isset($xbtset) ? implode(',', $xbtset) : '';
            $updatesetsmf = isset($smfset) ? implode(',', $smfset) : '';
            if ($updateset != '') {
                if ($XBTT_USE && $updatesetxbt != '') {
                    quickQuery('UPDATE xbt_users SET ' . $updatesetxbt . ' WHERE uid=' . $uid . ' LIMIT 1;');
                }
                if (substr($FORUMLINK, 0, 3) == 'smf' && $updatesetsmf != '' && !is_bool($smf_fid)) {
                    quickQuery("UPDATE `{$db_prefix}members` SET " . $updatesetsmf . " WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $smf_fid . " LIMIT 1");
                }
                quickQuery('UPDATE ' . $TABLE_PREFIX . 'users SET ' . $updateset . ' WHERE id=' . $uid . ' LIMIT 1;');
                success_msg($language['SUCCESS'], $language['INF_CHANGED'] . $note . '<br /><a href="index.php?page=admin&amp;user='******'uid'] . '&amp;code=' . $CURUSER['random'] . '">' . $language['MNU_ADMINCP'] . '</a>');
                write_log('Modified user <a href="' . $btit_settings['url'] . '/index.php?page=userdetails&amp;id=' . $uid . '">' . $curu['username'] . '</a> ' . $newname . ' ( ' . count($set) . ' changes on uid ' . $uid . ' )', 'modified');
                stdfoot(true, false);
                die;
            } else {
                stderr($language['ERROR'], $language['USER_NO_CHANGE']);
            }
        }
        redirect('index.php?page=admin&user='******'uid'] . '&code=' . $CURUSER['random']);
        break;
}
# set template info
if ($CURUSER['id_level'] == '8') {
    $admintpl->set('imm', '&nbsp;Immunity&nbsp;<input type="checkbox" name="immunity" <tag:profile.immunity /> />');
}
$admintpl->set('profile', $profile);