public function edit_pass() { $this->load->library('form_validation'); $this->form_validation->set_rules('current_pass', 'Clave Actual', 'trim|required|xss_clean'); $this->form_validation->set_rules('new_pass', 'Nueva Clave', 'trim|required|xss_clean'); $this->form_validation->set_rules('confirm_pass', 'Confirme Nueva Clave', 'trim|required|xss_clean'); $this->form_validation->set_error_delimiters('<br /><span class="text-danger">', '</span>'); $form_validation = $this->form_validation->run(); if ($form_validation == FALSE) { $this->res_message = validation_errors(); // echo tagcontent('script', "window.location.replace('". base_url('user_conf/editprofile/index')."')"); } else { $form_validation2 = $this->check_current_pass(); $form_validation = $this->confirm_pass(); if ($form_validation and $form_validation2) { $data_set = array('clave' => md5(set_value('new_pass') . get_settings('PASSWORDSALTMAIN'))); $res = $this->generic_model->update('billing_empleado', $data_set, array('id' => $this->user->id)); if ($res) { $this->res_message .= success_msg(', clave actualizada.'); } } else { $this->res_message .= validation_errors(); } } echo $this->res_message; }
foreach ($needles as $needle) { if (!(strpos($haystack, $needle) === false)) { $found = 1; break; } } if ($found == 1) { die("Upload not permitted"); } else { if (move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) { $uid = $CURUSER['uid']; @chmod("{$THIS_BASEPATH}/{$target_path}", 0777); } } mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$TABLE_PREFIX}subtitles` (`id`, `name`, `hash`, `file`, `imdb`, `pic`, `Framerate`, `cds`, `uploader`, `downloaded`, `author`, `flag`) VALUES ('', '{$nume}', '{$hash}', '{$x}', '{$link}', '{$pic}', '{$frame}', '{$cds}', {$uid}, 0, '{$autor}',{$idflag}); ") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); success_msg("Success", "The subtitle was added to the database!<br><a href=index.php?page=subtitles>Back To Subtitles!</a>"); stdfoot(false, false, true); die; } else { stderr("Error", "There was an error while uploading, please try again!"); stdfoot(false, false, true); die; } } else { $fres = flag_list(); $option = "\n<select name=\"flag\" size=\"1\">\n<option value='0'>---</option>"; $thisip = $_SERVER["REMOTE_ADDR"]; $remotedns = gethostbyaddr($thisip); if ($remotedns != $thisip) { $remotedns = strtoupper($remotedns); preg_match('/^(.+)\\.([A-Z]{2,3})$/', $remotedns, $tldm);
if ($del > 0) { stderr("Confirm", "<b>Are you sure you wish to delete the team? ({$team}) ( <b><a href='index.php?page=admin&user={$CURUSER['uid']}&code={$CURUSER['random']}&do=teams&del={$del}&team={$team}&sure=yes'>Yes!</a></b> / <b><a href='index.php?page=admin&user={$CURUSER['uid']}&code={$CURUSER['random']}&do=teams'>No!</a></b> )"); stdfoot(); exit; } //$admintpl->set("sure",$sure); //Edit Team if ($edited == 1) { $aa = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT id FROM {$TABLE_PREFIX}users WHERE username='******'"); $ar = mysqli_fetch_assoc($aa); $team_owner = $ar["id"]; $query = "UPDATE {$TABLE_PREFIX}teams SET\tname = '{$team_name}', info = '{$team_info}', owner = '{$team_owner}', image = '{$team_image}' WHERE id=" . sqlesc($id); $sql = mysqli_query($GLOBALS["___mysqli_ston"], $query); mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET team = '{$id}' WHERE id= '{$team_owner}'"); if ($sql) { success_msg("Success", "Updated Team!<br><a href=\"index.php?page=admin&user={$CURUSER['uid']}&code={$CURUSER['random']}&do=teams\">Back</a>"); write_log("has edited team ({$team_name})", "edit"); stdfoot(); exit; } } $edity = textbbcode("smolf3d1", "team_info", $info); if ($editid > 0) { $editt = "<form name='smolf3d1' method='get' action='index.php'>\n\t<CENTER><table cellspacing=0 cellpadding=5 width=50%>\n\t<div align='center'><input type='hidden' name='edited' value='1'></div>\n\t<br>\n <input type='hidden' name='page' value='admin'>\n <input type='hidden' name='user' value='{$CURUSER['uid']}'>\n <input type='hidden' name='code' value='{$CURUSER['random']}'>\n <input type='hidden' name='do' value='teams'>\n <input type='hidden' name='id' value='{$editid}'><table class=main cellspacing=0 cellpadding=5 width=50%><tr>\n <td class=header colspan=2 align=center>" . $language['TEAM_EDIT'] . "</td></tr>\n\t<tr><td class=header>" . $language['TEAM_NAME'] . "</td><td align='right' class=lista><input type='text' size=50 name='team_name' value='{$name}'></td></tr>\n\t<tr><td class=header>" . $language['TEAM_LOGO'] . "</td><td align='right' class=lista><input type='text' size=50 name='team_image' value='{$image}'></td></tr>\n\t<tr><td class=header>" . $language['TEAM_OWNER'] . "</td><td align='right' class=lista><input type='text' size=50 name='team_owner' value='{$owner}'>" . $language['TEAM_ONE'] . "</td></tr>\n\t<tr><td valign=top class=header>" . $language['TEAM_DESC'] . "</td><td align='right' class=lista>{$edity}</td></tr>\n\t<tr><td class=header colspan=2><div align='center'><input type='Submit' value=Update></div></td></tr>\n\t</table></CENTER></form><br><br><hr><br><br>"; } $admintpl->set("edit", $editt); //Add Team if ($add == 'true') { $ping = do_sqlquery("select * from {$TABLE_PREFIX}teams order by name"); while ($pong = mysqli_fetch_array($ping)) { if ($pong["name"] == $team_name) {
if ($action == "edit") { $isbool = false; if (file_exists('../configs/web.xml')) { $xml = simplexml_load_file('../configs/web.xml'); foreach ($xml->xpath("/web/info/add") as $val) { $val['value'] = $_POST['' . $val['filed'] . '']; } $xml->saveXML('../configs/web.xml'); $isbool = true; } else { info_sysadmin_error('读取站点配置文件失败'); } if ($isbool) { success_msg('修改成功', prev_url()); } else { success_msg('修改失败', 'back'); } } if ($action == '') { if (file_exists('../configs/web.xml')) { $webinfo = array(); $xml = simplexml_load_file('../configs/web.xml'); foreach ($xml->xpath('/web/info/add') as $value) { $webinfo[] = $value; } $smarty->assign('webinfo', $webinfo); } else { info_sysadmin_error('读取站点配置文件失败'); } } $smarty->assign("action", $action);
die("non direct access!"); } include load_language("lang_peers.php"); $admintpl->set('language', $language); isset($_GET["id"]) ? $id = 0 + $_GET["id"] : ($id = ""); isset($_GET["returnto"]) ? $url = urldecode($_GET["returnto"]) : ($url = ""); isset($_POST["confirm"]) ? $confirm = $_POST["confirm"] : ($confirm = ""); if ($_POST["confirm"]) { if ($confirm == $language["YES"]) { if ($XBTT_USE) { $dr = mysqli_fetch_array(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT peer_id_ascii FROM `{$TABLE_PREFIX}bannedclient` WHERE `id`=" . $id)); @mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM xbt_deny_from_clients WHERE peer_id=" . sqlesc($dr['peer_id_ascii'])); unset($dr); } @mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM `{$TABLE_PREFIX}bannedclient` WHERE `id`=" . $id); success_msg($language["SUCCESS"], $language["CLIENT_REMOVED"] . "<a href='{$url}'>" . $language["RETURN"] . "</a>"); stdfoot(); exit; } else { redirect($url); } } $res = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM `{$TABLE_PREFIX}bannedclient` WHERE `id`={$id}"); if (@mysqli_num_rows($res) > 0) { $client = array(); $i = 0; while ($row = mysqli_fetch_assoc($res)) { $client[$i]["client_name"] = $row["client_name"]; $client[$i]["user_agent"] = $row["user_agent"]; $client[$i]["peer_id"] = $row["peer_id"]; $client[$i]["peer_id_ascii"] = $row["peer_id_ascii"];
stdfoot(); exit; } elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) { err_msg($language["ERROR"], $language["DIF_PASSWORDS"]); stdfoot(); exit; } else { $respwd = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE id={$uid} AND password='******' AND username="******"username"]) . ""); if (!$respwd || mysql_num_rows($respwd) == 0) { err_msg($language["ERROR"], $language["ERR_RETR_DATA"]); } else { $arr = mysql_fetch_assoc($respwd); do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='******' WHERE id={$uid} AND password='******' AND username="******"username"]) . "") or die(mysql_error()); if ($GLOBALS["FORUMLINK"] == "smf") { $passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]); do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]) or die(mysql_error()); } success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>"); stdfoot(true, false); } } break; case '': case 'change': default: $pwdtpl = array(); $pwdtpl["frm_action"] = "index.php?page=usercp&do=pwd&action=post&uid=" . $uid . ""; $pwdtpl["frm_cancel"] = "index.php?page=usercp&uid=" . $uid . ""; $usercptpl->set("pwd", $pwdtpl); break; }
$isbool = $db->delete($table, "id=" . $id[$i]); } if ($isbool !== false) { success_msg('删除成功', '?'); } else { error_msg('删除失败', 'back'); } } } if ($action == "bj") { $id = $_GET['id']; $result = $db->query_by_id($table, $id); $row = $db->fetch($result); $smarty->assign('user', $row); } if ($action == "edit") { $id = $_POST['id']; $state = $_POST['state']; $mod_content = "state={$state}"; $where = 'id=' . $id; $isbool = $db->update($table, $mod_content, $where); if ($isbool !== false) { success_msg('修改成功', '?'); } else { error_msg('修改失败', 'back'); } } $smarty->assign("action", $action); $smarty->assign("keyword", @$_GET["keyword"]); $smarty->display('sysadmin/yuyue.html'); require_once 'footer.php';
<?php include_once 'include/util.php'; $query = "\n INSERT INTO fondos_debitos (\n fecha,\n fondo,\n monto,\n concepto\n )\n VALUES (\n now(),\n " . $_REQUEST['fondo'] . ",\n " . $_REQUEST['monto'] . ",\n '" . verificar_sql($_REQUEST['concepto']) . "'\n )"; if (!mysql_query($query)) { sql_error_msg(); return; } $Codigo = mysql_insert_id(); $query = "\n UPDATE\n fondos\n SET\n saldo = saldo - " . $_REQUEST['monto'] . "\n WHERE\n codigo = " . $_REQUEST['fondo']; if (!mysql_query($query)) { sql_error_msg(); return; } /* * AGREGAR LA OPERACION EN LOS MOVIMIENTOS: */ if (!registrar_movimiento(4, $Codigo, $_REQUEST['monto'])) { sql_error_msg(); return; } success_msg("Se ha debitado el monto del fondo!");
<?php include 'include/util.php'; $query = "INSERT INTO\n talonarios (\n codigo,\n descripcion,\n fecha,\n inicio,\n actual \n ) VALUES (\n " . $_REQUEST['codigo'] . ",\n '" . verificar_sql($_REQUEST['descripcion']) . "',\n now(),\n " . verificar_sql($_REQUEST['inicio']) . ",\n " . verificar_sql($_REQUEST['actual']) . "\n )"; if (!mysql_query($query)) { sql_error_msg(); return; } if (!registrar_movimiento(46, $_REQUEST['codigo'])) { sql_error_msg(); return; } success_msg("Se ha agregado el talonario!");
} elseif ($case == 8) { $msg = $language["ERR_NICK_NOT_ALLOWED"]; } elseif ($case == 9) { $msg = $language["ERR_USER_ALREADY_EXISTS"]; } err_msg($language["ERROR"], $msg); stdfoot(); exit; } do_sqlquery("UPDATE {$TABLE_PREFIX}users SET username='******' WHERE id=" . $CURUSER["uid"]); if ($GLOBALS["FORUMLINK"] == "smf") { do_sqlquery("UPDATE {$db_prefix}members SET memberName='{$nick1}', realName='{$nick1}' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]); do_sqlquery("UPDATE {$db_prefix}messages SET posterName='{$nick1}' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]); } write_log($language["CHANGED_THEIR_NICK"] . $nick1, "modify"); success_msg($language["SUCCESS"], $language["NICK_CHANGE_SUCCESS"] . $nick1); stdfoot(); exit; break; case '': case 'change': default: $rentpl = array(); $rentpl["username"] = $CURUSER["username"]; // ----------------------------- // Captcha hack // ----------------------------- if ($USE_IMAGECODE) { if (extension_loaded('gd')) { $arr = gd_info(); if ($arr['FreeType Support'] == 1) {
exit; } // Update their tracker member record with the now verified email address do_sqlquery("UPDATE {$TABLE_PREFIX}users SET email='" . mysqli_real_escape_string($DBDT, $newmail) . "' WHERE id='" . $id . "'", true); // If using SMF, update their record on that too. if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") { $basedir = substr(str_replace("\\", "/", dirname(__FILE__)), 0, strrpos(str_replace("\\", "/", dirname(__FILE__)), '/')); $language2 = $language; require_once $basedir . "/smf/Settings.php"; $language = $language2; do_sqlquery("UPDATE `{$db_prefix}members` SET `email" . ($GLOBALS["FORUMLINK"] == "smf" ? "A" : "_a") . "ddress`='" . mysqli_real_escape_string($DBDT, $newmail) . "' WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $getacc["smf_fid"], true); } elseif ($GLOBALS["FORUMLINK"] == "ipb") { IPSMember::save($getacc["ipb_fid"], array("members" => array("email" => "{$newmail}"))); } // Print a message stating that their email has been successfully changed success_msg($language["SUCCESS"], $language["REVERIFY_CONGRATS1"] . " " . $oldmail . " " . $language["REVERIFY_CONGRATS2"] . " " . $newmail . " " . $language["REVERIFY_CONGRATS3"] . "<a href=\"" . $BASEURL . "\">" . $language["MNU_INDEX"] . "</a>"); stdfoot(true, false); // If the member clicking the link is validating... if ($idlevel == 2) { // ...we may as well upgrade their rank to member whilst we're at it. do_sqlquery("UPDATE {$TABLE_PREFIX}users SET id_level=3 WHERE id='" . $id . "'"); if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") { do_sqlquery("UPDATE {$db_prefix}members SET " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_GROUP`" : "`id_group`") . "=" . ($getacc["smf_group_mirror"] > 0 ? $getacc["smf_group_mirror"] : "13") . " WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $getacc["smf_fid"]); } elseif ($GLOBALS["FORUMLINK"] == "ipb") { $ipblev = $getacc["ipb_group_mirror"] > 0 ? $getacc["ipb_group_mirror"] : "3"; IPSMember::save($getacc["ipb_fid"], array("members" => array("member_group_id" => "{$ipblev}"))); } } } else { err_msg($language["REVERIFY_FAILURE"] . "<a href=\"" . $BASEURL . "\">" . $language["MNU_INDEX"] . "</a>"); stdfoot();
<?php $iva = 0; $discrimina = 0; if (isset($_REQUEST['iva'])) { if ($_REQUEST['iva'] == 1 || strtolower($_REQUEST['iva']) == 'true' || strtolower($_REQUEST['iva']) == 'on' || strtolower($_REQUEST['iva']) == 'checked') { $iva = 1; } } if (isset($_REQUEST['discrimina'])) { if ($_REQUEST['discrimina'] == 1 || strtolower($_REQUEST['discrimina']) == 'true' || strtolower($_REQUEST['discrimina']) == 'on' || strtolower($_REQUEST['discrimina']) == 'checked') { $discrimina = 1; } } include 'include/util.php'; $query = "\n UPDATE\n facturas_tipo\n SET\n descripcion = '" . verificar_sql($_REQUEST['descripcion']) . "',\n iva = " . $iva . ",\n discrimina = " . $discrimina . "\n WHERE\n codigo = " . $_REQUEST['codigo']; if (!mysql_query($query)) { sql_error_msg(); return; } if (!registrar_movimiento(29, $_REQUEST['codigo'])) { sql_error_msg(); return; } success_msg("Se ha editado el tipo de factura!");
<?php include 'include/util.php'; $Articulos = $_REQUEST['articulos']; if (!isset($Articulos)) { alert_msg("No se han seleccionado artículos!"); return; } foreach ($Articulos as $Articulo) { $query = "\n INSERT INTO\n listas_precio_detalle (lista, articulo, precio) \n VALUES (\n " . $_REQUEST['lista'] . ",\n " . $Articulo . ",\n (SELECT costo FROM articulos WHERE codigo = " . $Articulo . ")\n )"; if (!mysql_query($query)) { sql_error_msg(); return; } } if (!registrar_movimiento(53, 0)) { sql_error_msg(); return; } success_msg("Se han agregado los artículos a la lista!");
} $admintpl->set("add_new", false, true); switch ($action) { case 'delete': $id = max(0, $_GET["id"]); // controle if this level can be cancelled $rcanc = do_sqlquery("SELECT can_be_deleted FROM {$TABLE_PREFIX}users_level WHERE id={$id}"); if (!$rcanc || mysql_num_rows($rcanc) == 0) { err_msg($language["ERROR"], $language["ERR_CANT_FIND_GROUP"]); stdfoot(false, false, true); die; } $rcancanc = mysql_fetch_array($rcanc); if ($rcancanc["can_be_deleted"] == "yes") { do_sqlquery("DELETE FROM {$TABLE_PREFIX}users_level WHERE id={$id}", true); success_msg($language["SUCCESS"], $language["GROUP_DELETED"] . "<br />\n<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=groups\">" . $language["ACP_USER_GROUP"] . "</a>"); stdfoot(false, false, true); die; } else { err_msg($language["ERROR"], $language["CANT_DELETE_GROUP"]); stdfoot(false, false, true); die; } break; case 'edit': $block_title = $language["GROUP_EDIT_GROUP"]; $gid = max(0, $_GET["id"]); $admintpl->set("list", false, true); $admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=groups&action=save&id={$gid}"); $admintpl->set("language", $language); $rgroup = get_result("SELECT * FROM {$TABLE_PREFIX}users_level WHERE id={$gid}", true);
<?php require_once 'inc.php'; $table = 'cn_login_log'; $action = empty($_GET["action"]) ? '' : $_GET["action"]; if ($action == "delete") { $id = $_POST['id']; $isbool = true; if (!empty($id)) { for ($i = 0; $i < count($id); $i++) { $isbool = $db->delete($table, "id=" . $id[$i]); } if ($isbool !== false) { success_msg('删除成功', prev_url()); } else { error_msg('删除失败', 'back'); } } } if ($action == '') { $where = @$_GET['keyword'] != '' ? " AND userId LIKE '%" . @$_GET['keyword'] . "%'" : ''; $order = ' ORDER BY id DESC'; $page_size = 20; $current_page = !@$_GET['p'] ? 1 : @$_GET['p']; $nums = $db->query_count($table, $where); $logList = array(); $result = $db->query_page_list($table, $page_size, $current_page, $order, $where); while ($row = $db->fetch($result)) { $logList[] = $row; } $pager = new Pager($page_size, $nums, $current_page, 8);
} $typeList = array(); display_type($db, $typeList, $id, 0); if (!empty($typeList)) { foreach ($typeList as $item) { $type_array[] = $item['id']; } if (in_array($_POST['parent_id'], $type_array)) { info_sysadmin_error('上级分类不能是自己的子类'); } } $mod_content = "name='{$name}',sort={$sort},parent_id={$parent_id},description='{$description}',image='{$image}'"; $where = 'id=' . $id; $isbool = $db->update($table, $mod_content, $where); if ($isbool !== false) { success_msg('修改成功', "?"); } else { error_msg('修改失败', 'back'); } } /* * 递归所有分类 */ function display_type($db, &$typeList, $parent_id, $level) { $result = $db->query("SELECT * FROM cn_course_type WHERE parent_id=" . $parent_id . " ORDER BY sort ASC,id ASC"); while ($row = $db->fetch($result)) { $product_count = $db->query_count("cn_course", "and type_id=" . $row['id']); $typeList[] = array('id' => $row['id'], 'name' => $row['name'], 'sort' => $row['sort'], 'parent_id' => $row['parent_id'], 'product_count' => $product_count, 'level' => str_repeat(" ", $level)); display_type($db, $typeList, $row['id'], $level + 1); }
} elseif (isset($_GET["add_hack_folder"])) { $hack_folder = urldecode($_GET["add_hack_folder"]); } // used to define the current path (hack path) $CURRENT_FOLDER = "{$THIS_BASEPATH}/hacks/{$hack_folder}"; // create object $newhack = new update_hacks(); // we open the work definition file $hstring = $newhack->open_hack("{$THIS_BASEPATH}/hacks/{$hack_folder}/modification.xml"); // all structure is now in an array $new_hack_array = $newhack->hack_to_array($hstring); // we will test again, then if ok, we install the hack if ($newhack->install_hack($new_hack_array, true)) { if ($newhack->install_hack($new_hack_array)) { do_sqlquery("INSERT INTO {$TABLE_PREFIX}hacks SET " . sprintf("title=%s,version=%s,author=%s,added=UNIX_TIMESTAMP(),folder=%s", sqlesc($new_hack_array[0]["title"]), sqlesc($new_hack_array[0]["version"]), sqlesc($new_hack_array[0]["author"]), sqlesc($hack_folder)), true); success_msg($language["SUCCESS"], $language["HACK_INSTALLED_OK"]); stdfoot(true, false); die; } } else { stderr($language["ERROR"], join("<br />\n", $newhack->errors)); } break; case 'test': include "{$THIS_BASEPATH}/include/class.update_hacks.php"; if (isset($_POST["add_hack_folder"])) { $hack_folder = $_POST["add_hack_folder"]; } elseif (isset($_GET["add_hack_folder"])) { $hack_folder = urldecode($_GET["add_hack_folder"]); } // used to define the current path (hack path)
} if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = $_POST['body']; if ($body == "") { stderr($language["ERROR"], $language["ERR_BODY_EMPTY"]); } $body = sqlesc($body); $editedat = sqlesc(time()); do_sqlquery("UPDATE {$TABLE_PREFIX}posts SET body={$body}, editedat={$editedat}, editedby=" . intval($CURUSER["uid"]) . " WHERE id={$postid}", true); $returnto = urldecode($_POST["returnto"]); if ($returnto != "") { $returnto .= "#{$postid}"; redirect("{$returnto}"); die; } else { success_msg($language["SUCCESS"], $language["SUC_POST_SUC_EDIT"]); stdfoot(); die; } } $block_title = $language["EDIT_POST"]; $forumtpl->set("frm_action", "index.php?page=forum&action=editpost&postid={$postid}"); $forumtpl->set("return_to", htmlspecialchars($_SERVER["HTTP_REFERER"])); $forumtpl->set("post_body", textbbcode("edit", "body", htmlspecialchars(unesc($arr["body"])))); break; case 'reply': case 'quotepost': if ($action == "quotepost") { $quote = true; } else { $quote = false;
$admintpl->set("uid", $CURUSER["uid"]); $admintpl->set("random", $CURUSER["random"]); $admintpl->set("opt1", $delete != 'false' && $confirm == 'false' ? true : false, true); $admintpl->set("opt2", $delete != 'false' && $confirm == 'true' ? true : false, true); if ($delete != 'false' && $confirm == 'true') { do_sqlquery("DELETE FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $delete . "' LIMIT 1", true); } if ($addcheapmail == "" && $additthen == "Submit") { stderr($language["ERROR"], $language["ERR_CHEAP_SUBMIT"]); } elseif ($addcheapmail != "" && $additthen == "Submit") { $isthere = mysqli_fetch_assoc(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $addcheapmail . "'")); $wildcard = "@" . strrrchr($addcheapmail, "."); $wildthere = mysqli_fetch_assoc(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $wildcard . "'")); if (!$isthere && !$wildthere) { mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$TABLE_PREFIX}cheapmail` VALUES ('" . $addcheapmail . "', UNIX_TIMESTAMP(), '" . $CURUSER["username"] . "')"); success_msg("Success!", "<span style='color:#CC0000'><b>{$addcheapmail}</span><span style='color:#000000'>" . $language["CHEAP_ADDED"] . "</span></b>"); } elseif (!$isthere && $wildthere) { stderr($language["ERROR"], "<span style='color:#000000'>" . $language["ERR_WILDCARD_1"] . "<span style='color:#CC0000'><b>{$wildcard}</b></span>" . $language["ERR_WILDCARD_2"] . "<span style='color:#CC0000'><b>{$addcheapmail}</b></span>" . $language["ERR_WILDCARD_3"] . "</span>"); } else { stderr($language["ERROR"], "<span style='color:#CC0000'>{$addcheapmail} </span><span style='color:#000000'>" . $language["ERR_CHEAP_DUPE"] . "</span>"); } } $i = 0; $loop = array(); $list = get_result("SELECT `c`.`domain`, `c`.`added`, `c`.`added_by`, `ul`.`prefixcolor`, `ul`.`suffixcolor` FROM `{$TABLE_PREFIX}cheapmail` `c` LEFT JOIN `{$TABLE_PREFIX}users` `u` ON `c`.`added_by`=`u`.`username` LEFT JOIN `{$TABLE_PREFIX}users_level` `ul` ON `u`.`id_level`=`ul`.`id` ORDER BY `c`.`domain` ASC", true, $btit_settings["cache_duration"]); if (isset($list[0])) { $admintpl->set("haveloop", true, true); foreach ($list as $cheapmail) { $loop[$i]["domain"] = $cheapmail["domain"]; $loop[$i]["added"] = $cheapmail["added"] == 0 ? $language["UNKNOWN"] : date('M j Y \\a\\t h:i A', $cheapmail["added"]); $loop[$i]["added_by"] = $cheapmail["added_by"] == "Unknown" ? $language["UNKNOWN"] : unesc($cheapmail["prefixcolor"] . $cheapmail["added_by"] . $cheapmail["suffixcolor"]);
//$type_id = $_POST['type_id']; $keywords = $_POST['keywords']; $image2 = $_POST['image2']; $description = $_POST['description']; $contents = $_POST['contents']; $description = str_replace("'", "\\'", $description); $contents = str_replace("'", "\\'", $contents); $sort = $_POST['sort']; $url = $_POST['url']; $ziliao = $_POST['ziliao']; $mokuai = $_POST['mokuai']; $mod_content = "title='{$title}',yuliu2='{$image2}',keywords='{$keywords}',image='{$ziliao}',\r\n\t\t\t\t\t\tdescription='{$description}',contents='{$contents}',sort={$sort},url='{$url}',guishu='{$mokuai}'\r\n\t\t\t\t\t\t"; $where = 'id=' . $id; $isbool = $db->update($table, $mod_content, $where); if ($isbool !== false) { success_msg('修改成功', '?type_id=' . @$_GET['type_id']); } else { error_msg('修改失败', 'back'); } } /* * 添加模式 */ function display_type($db, &$typeList, $parent_id, $level) { $result = $db->query("SELECT * FROM cn_along_type WHERE parent_id=" . $parent_id . " ORDER BY sort,id ASC"); while ($row = $db->fetch($result)) { $typeList[] = array('id' => $row['id'], 'name' => $row['name'], 'level' => str_repeat(' ', $level)); display_type($db, $typeList, $row['id'], $level + 1); } }
mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET id_level={$p} WHERE id={$uid}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET parked='0' WHERE id={$uid}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); } } else { $r = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT id_level from {$TABLE_PREFIX}users where id = {$uid}"); $cc = mysqli_result($r, 0, "id_level"); $r = mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET parked = {$cc} where id = {$uid}"); $r = mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET id_level = 13 where id = {$uid}"); } if ($idlangue > 0) { $_SESSION['CURUSER']['style_url'] = idlangue; } if ($idstyle > 0) { $_SESSION['CURUSER']['language_path'] = $idstyle; } success_msg($language["SUCCESS"], $language["INF_CHANGED"] . "<br /><a href=\"index.php?page=usercp&uid=" . $uid . "\">" . $language["BCK_USERCP"] . "</a>"); stdfoot(true, false); exit; } } break; case '': case 'change': default: $usercptpl->set("AVATAR", false, true); $usercptpl->set("USER_VALIDATION", false, true); $usercptpl->set("INTERNAL_FORUM", false, true); $profiletpl = array(); $row = mysqli_fetch_assoc(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `dob` FROM `{$TABLE_PREFIX}users` WHERE `id`=" . $uid)); $usercptpl->set("DOBEDIT", $row["dob"] == "0000-00-00" ? true : false, true); $dob = explode("-", $row["dob"]);
send_mail($email, "{$SITENAME} " . $language["ACCOUNT_DETAILS"], $body) or stderr($language["ERROR"], $language["ERR_SEND_EMAIL"]); redirect("index.php?page=recover&act=recover_ok&id={$id}&random={$random}"); die; } elseif ($act == "recover_ok") { $id = intval(0 + $_GET["id"]); $random = intval($_GET["random"]); if (!$id || !$random || empty($random) || $random == 0) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } $res = do_sqlquery("SELECT username, email, random" . ($GLOBALS["FORUMLINK"] == "smf" ? ", smf_fid" : "") . " FROM {$TABLE_PREFIX}users WHERE id = {$id}", true); $arr = mysql_fetch_array($res); if ($random != $arr["random"]) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } $email = $arr["email"]; success_msg($language["SUCCESS"], $language["SUC_SEND_EMAIL"] . " <b>{$email}</b>.\n" . $language["SUC_SEND_EMAIL_2"]); $tpl->set("main_footer", bottom_menu() . "<br />\n"); $tpl->set("btit_version", print_version()); echo $tpl->fetch(load_template("main.tpl")); die; } elseif ($act == "recover") { } $recovertpl = new bTemplate(); global $language, $recovertpl; $recovertpl->set("language", $language); $recover = array(); $recover["action"] = "index.php?page=recover&act=takerecover"; $recovertpl->set("recover", $recover); if ($USE_IMAGECODE) { if (extension_loaded('gd')) { $arr = gd_info();
//////////////////////////////////////////////////////////////////////////////////// if (!defined("IN_BTIT")) { die("non direct access!"); } if (!defined("IN_ACP")) { die("non direct access!"); } switch ($action) { case 'delete': if ($_GET['ip'] == "") { err_msg(ERROR, INVALID_ID); } //delete the ip from db $id = max(0, $_GET['ip']); do_sqlquery("DELETE FROM {$TABLE_PREFIX}bannedip WHERE id=" . $id, true); success_msg($language["SUCCESS"], $language["BAN_DELETED"]); stdfoot(true, false); break; case 'write': if ($_POST['firstip'] == "" || $_POST['lastip'] == "") { stderr($language["ERROR"], $language["BAN_NO_IP_WRITE"]); } else { //ban the ip for real $firstip = $_POST["firstip"]; $lastip = $_POST["lastip"]; $comment = $_POST["comment"]; $firstip = sprintf("%u", ip2long($firstip)); $lastip = sprintf("%u", ip2long($lastip)); if ($firstip == -1 || $lastip == -1) { err_msg($language["ERROR"], $language["BAN_IP_ERROR"]); } else {
<?php include 'include/util.php'; $query = "DELETE FROM facturas_tipo WHERE codigo = " . $_REQUEST['codigo']; if (!mysql_query($query)) { sql_error_msg(); return; } if (!registrar_movimiento(30, $_REQUEST['codigo'])) { sql_error_msg(); return; } success_msg("Se ha borrado el tipo de factura!");
} if ($_POST["conferma"]) { if ($act == "signup") { $ret = aggiungiutente(); if ($ret == 0) { if ($VALIDATION == "user") { success_msg($language["ACCOUNT_CREATED"], $language["EMAIL_SENT"]); stdfoot(); exit; } else { if ($VALIDATION == "none") { success_msg($language["ACCOUNT_CREATED"], $language["ACCOUNT_CONGRATULATIONS"]); stdfoot(); exit; } else { success_msg($language["ACCOUNT_CREATED"], $language["WAIT_ADMIN_VALID"]); stdfoot(); exit; } } } elseif ($ret == -1) { stderr($language["ERROR"], $language["ERR_MISSING_DATA"]); } elseif ($ret == -3) { stderr($language["ERROR"], $language["ERR_NO_EMAIL"]); } elseif ($ret == -7) { stderr($language["ERROR"], "<font color=\"black\">" . $language["ERR_NO_SPACE"] . "<strong><font color=\"red\">" . preg_replace('/\\ /', '_', mysql_escape_string($_POST["user"])) . "</strong></font></font><br />"); } elseif ($ret == -8) { stderr($language["ERROR"], $language["ERR_SPECIAL_CHAR"]); } elseif ($ret == -9) { stderr($language["ERROR"], $language["ERR_PASS_LENGTH"]); } else {
<?php include_once 'include/util.php'; $query = "\n INSERT INTO usuarios (\n nombre,\n apodo,\n clave,\n correo\n ) \n VALUES (\n '" . verificar_sql($_REQUEST['nombre']) . "',\n '" . verificar_sql($_REQUEST['apodo']) . "',\n MD5('" . $_REQUEST['clave'] . "'),\n '" . verificar_sql($_REQUEST['correo']) . "'\n )"; if (!mysql_query($query)) { sql_error_msg(); return; } $Codigo = mysql_insert_id(); if (!registrar_movimiento(49, $_COOKIE['usuario'])) { sql_error_msg(); return; } success_msg("Se a agregado el usuario al sistema!");
$selectedadays = array(); foreach ($activedays as $ad) { if ($availabledays[$ad]) { $selectedadays[] = $availabledays[$ad]; continue; } } if (count($selectedadays)) { $activedays = implode(',', $selectedadays); do_sqlquery('INSERT INTO ' . $TABLE_PREFIX . 'shoutcastdj VALUES (NULL, \'' . $CURUSER['uid'] . '\', \'0\', ' . sqlesc($activedays) . ', ' . sqlesc($activetime) . ', ' . sqlesc($genre) . ')', true); $id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; $query = do_sqlquery('SELECT u.id FROM ' . $TABLE_PREFIX . 'users u LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id WHERE delete_users=\'yes\'', true); while ($si = mysqli_fetch_assoc($query)) { send_pm(0, $si[id], sqlesc($language['subject']), sqlesc('' . $language['msg'] . ' ' . $CURUSER['username'] . ' ' . $language['msgg'] . ' [url]' . $BASEURL . '/index.php?page=dj&do=list&id=' . $id . '[/url]')); } success_msg($language['SUCCESS'], $language['thanks']); stdfoot(true, false); die; } else { stderr($language['ERROR'], $language['blank']); } } else { stderr($language['ERROR'], $language['blank']); } } $availabledays = explode(',', $language['days']); $days = ''; $i = 0; while ($i < 7) { $days .= ' <input type="checkbox" value="' . ($i + 1) . '" name="activedays[]" /> ' . $availabledays[$i] . ' ';
<?php include 'include/util.php'; $query = "UPDATE\n talonarios\n SET\n descripcion = '" . verificar_sql($_REQUEST['descripcion']) . "',\n inicio = " . verificar_sql($_REQUEST['inicio']) . ",\n actual = " . verificar_sql($_REQUEST['actual']) . "\n WHERE\n codigo = " . $_REQUEST['codigo']; if (!mysql_query($query)) { sql_error_msg(); return; } if (!registrar_movimiento(47, $_REQUEST['codigo'])) { sql_error_msg(); return; } success_msg("Se ha actualizado el talonario!");
<?php $query = "DELETE FROM usuarios WHERE codigo = " . $_REQUEST['codigo']; $return = mysql_query($query); if (!$return) { sql_error_msg(); return; } if (!registrar_movimiento(51, $_REQUEST['codigo'])) { sql_error_msg(); return; } success_msg("Se ha eliminado el usuario!");
} if ($helplang != $curu['helplang']) { $set[] = 'helplang=' . sqlesc(htmlspecialchars($helplang)); } $updateset = isset($set) ? implode(',', $set) : ''; $updatesetxbt = isset($xbtset) ? implode(',', $xbtset) : ''; $updatesetsmf = isset($smfset) ? implode(',', $smfset) : ''; if ($updateset != '') { if ($XBTT_USE && $updatesetxbt != '') { quickQuery('UPDATE xbt_users SET ' . $updatesetxbt . ' WHERE uid=' . $uid . ' LIMIT 1;'); } if (substr($FORUMLINK, 0, 3) == 'smf' && $updatesetsmf != '' && !is_bool($smf_fid)) { quickQuery("UPDATE `{$db_prefix}members` SET " . $updatesetsmf . " WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $smf_fid . " LIMIT 1"); } quickQuery('UPDATE ' . $TABLE_PREFIX . 'users SET ' . $updateset . ' WHERE id=' . $uid . ' LIMIT 1;'); success_msg($language['SUCCESS'], $language['INF_CHANGED'] . $note . '<br /><a href="index.php?page=admin&user='******'uid'] . '&code=' . $CURUSER['random'] . '">' . $language['MNU_ADMINCP'] . '</a>'); write_log('Modified user <a href="' . $btit_settings['url'] . '/index.php?page=userdetails&id=' . $uid . '">' . $curu['username'] . '</a> ' . $newname . ' ( ' . count($set) . ' changes on uid ' . $uid . ' )', 'modified'); stdfoot(true, false); die; } else { stderr($language['ERROR'], $language['USER_NO_CHANGE']); } } redirect('index.php?page=admin&user='******'uid'] . '&code=' . $CURUSER['random']); break; } # set template info if ($CURUSER['id_level'] == '8') { $admintpl->set('imm', ' Immunity <input type="checkbox" name="immunity" <tag:profile.immunity /> />'); } $admintpl->set('profile', $profile);