function EditPackage() { global $wpdb, $current_user; get_currentuserinfo(); $cond_uid = wpdm_multi_user() && !wpdm_is_custom_admin() ? "and uid='{$current_user->ID}'" : ""; $id = $_GET['id']; $table_name = "{$wpdb->prefix}ahm_files"; $file = $wpdb->get_row("SELECT * FROM {$table_name} WHERE `id` = {$id} {$cond_uid}", ARRAY_A); if (!$file[id]) { $error = "Sorry, You don't have permission to edit that file!"; include "error-page.php"; return; } include 'add-new-file.php'; }
<?php global $wpdb, $current_user; $limit = 10; get_currentuserinfo(); if (wpdm_multi_user() && !wpdm_is_custom_admin()) { $cond[] = "uid='{$current_user->ID}'"; } $_REQUEST['q'] = isset($_POST['q']) && $_POST['q'] != '' ? $_POST['q'] : $_GET['q']; $_GET['paged'] = $_GET['paged'] ? $_GET['paged'] : 1; $q = explode(" ", $_REQUEST['q']); foreach ($q as $st) { $squery[] = "(`title` LIKE '%{$st}%' or `description` LIKE '%{$st}%')"; } //mysql_escape_string(trim($_REQUEST[q])); if ($_REQUEST['q'] != '') { $cond[] = "(" . implode(" and ", $squery) . ")"; } if ($_REQUEST['cat'] != '') { $cond[] = "category like '%\"{$_REQUEST['cat']}\"%'"; } $cond = count($cond) > 0 ? "where " . implode(" and ", $cond) : ''; $start = $_GET['paged'] ? ($_GET['paged'] - 1) * $limit : 0; $field = $_GET['sfield'] ? $_GET['sfield'] : 'id'; $ord = $_GET['sorder'] ? $_GET['sorder'] : 'desc'; if ($_REQUEST['q']) { $qr = "&q={$_REQUEST['q']}"; } else { $qr = ''; } $res = $wpdb->get_results("select * from {$wpdb->prefix}ahm_files {$cond} order by {$field} {$ord} limit {$start}, {$limit}", ARRAY_A);