public function AccountRepass($acc, $code)
{
$cfg = new config();
$sql = new sql();
$sql->exe($cfg->get("realmd"), "UPDATE `account` SET `sha_pass_hash` = 'sqlinjection: " . substr($code, 0, 26) . "' WHERE `id` = '" . $acc . "'");
}
require_once "config.php";
require_once "lib/classes.php";
$sql = new sql();
$cfg = new config();
if ($_POST['del'] == "0") {
$listid = $_POST['lis'];
$title = $_POST['tit'];
$priority = $_POST['pri'];
$status = $_POST['sta'];
$progress = $_POST['pro'];
$listid = htmlspecialchars(addslashes($listid), ENT_QUOTES);
$title = htmlspecialchars(addslashes($title), ENT_QUOTES);
$priority = htmlspecialchars(addslashes($priority), ENT_QUOTES);
$status = htmlspecialchars(addslashes($status), ENT_QUOTES);
$progress = htmlspecialchars(addslashes($progress), ENT_QUOTES);
if ($sql->exe($cfg->get("realmd"), "UPDATE `bt_message` SET `title` = '" . $title . "', `status` = '" . $status . "', `percentage` = '" . $progress . "', `priority` = '" . $priority . "' WHERE `id` = '" . $listid . "'")) {
echo 1;
} else {
echo 'Ошибка! Таблица `bt_message` недоступна или повреждена!';
}
} else {
if ($sql->exe($cfg->get("realmd"), "DELETE FROM `bt_message` WHERE `id` = '" . $_POST['lis'] . "'")) {
$m1 = 1;
}
if ($sql->exe($cfg->get("realmd"), "DELETE FROM `bt_options` WHERE `id` = '" . $_POST['lis'] . "'")) {
$m2 = 1;
}
if ($sql->exe($cfg->get("realmd"), "DELETE FROM `bt_comment` WHERE `entry` = '" . $_POST['lis'] . "'")) {
$m3 = 1;
}
if ($m1 == 1 && $m2 == 1 && $m3 == 1) {
$upd = "UPDATE `bt_message` SET `priority` = '" . $id . "' WHERE `priority` = '" . $change . "'";
break;
case 2:
$upd = "UPDATE `bt_options` SET `type` = '" . $id . "' WHERE `type` = '" . $change . "'";
break;
case 3:
$upd = "UPDATE `bt_options` SET `subtype` = '" . $id . "' WHERE `subtype` = '" . $change . "'";
break;
case 4:
$upd = "UPDATE `bt_message` SET `status` = '" . $id . "' WHERE `status` = '" . $change . "'";
break;
default:
$upd = false;
}
if ($upd) {
if (!$sql->exe($cfg->get("realmd"), $upd)) {
echo 'Ошибка переноса! MySQL код некорректен!';
}
} else {
echo 'Ошибка! Тип ' . $type . ' не опознан!';
}
}
if ($sql->exe($cfg->get("realmd"), $query)) {
echo 1;
} else {
echo 'Ошибка! MySQL код некорректен!';
}
} else {
echo 'Ошибка! Тип ' . $type . ' не опознан!';
}
} else {
$link_query = stripslashes($link_query);
$area1 = htmlspecialchars($_POST['a1'], ENT_QUOTES);
$area2 = htmlspecialchars($_POST['a2'], ENT_QUOTES);
$area3 = '';
$userid = htmlspecialchars($_POST['userid'], ENT_QUOTES);
if (!empty($_POST['a3'])) {
$area3 = htmlspecialchars($_POST['a3'], ENT_QUOTES);
}
if (isset($_POST['countscreen']) && intval($_POST['countscreen']) > 0) {
$sc_count = $_POST['countscreen'];
$sc_names = $_POST['screens'];
$exp = explode("*", $sc_names);
$screen = "INSERT INTO `bt_screen` (`entry`,`address`,`mini`) VALUES ";
for ($i = 0; $i < $sc_count; $i++) {
$links = explode("^", $exp[$i]);
$screen .= "('" . $id . "','" . $links[0] . "','" . $links[1] . "'),";
}
$query = substr($screen, 0, strlen($screen) - 1);
if (!$sql->exe($cfg->get("realmd"), $query)) {
echo 'Таблица `bt_screen` недоступна или повреждена. Данные не записаны!';
}
}
$row = explode("^", $_POST['sql']);
$query = "('" . $id . "','" . $_POST['userid'] . "','" . $row[0] . "','" . $row[5] . "','1','" . $row[1] . "','" . $area1 . "','" . $area2 . "','" . $area3 . "','" . $row[2] . "','" . $row[3] . "','" . $row[4] . "','" . $date . "')";
if (!$sql->exe($cfg->get("realmd"), "INSERT INTO `bt_message` (`id`,`account`,`sender`,`title`,`priority`,`type`,`text_1`,`text_2`,`text_3`,`subtype`,`map`,`zone`,`date`) VALUES " . $query)) {
echo 'Таблица `bt_message` недоступна или повреждена! Данные не записаны!';
}
if (!$sql->exe($cfg->get("realmd"), "INSERT INTO `bt_options` (`id`,`link`) VALUES " . $link_query)) {
echo 'Таблица `bt_options` недоступна или повреждена! Данные не записаны!';
}
}
<?php
if ($_SERVER['HTTP_X_REQUESTED_WITH'] == "XMLHttpRequest" && !empty($_POST['entry']) && !empty($_POST['player']) && !empty($_POST['text']) && !empty($_POST['account'])) {
require_once "config.php";
require_once "lib/classes.php";
$sql = new sql();
$main = new main();
$entry = intval($_POST['entry']);
$account = intval($_POST['account']);
$player = intval($_POST['player']);
$text = htmlspecialchars($_POST['text'], ENT_QUOTES);
$date = $main->GetDate("Y-m-d H:i:s");
$query = "INSERT INTO `bt_comment` (`entry`,`account`,`player`,`text`,`date`) VALUES ('" . $entry . "','" . $account . "','" . $player . "','" . $text . "','" . $date . "')";
if (isset($_POST['admin']) && $_POST['admin'] == "1") {
$query = "INSERT INTO `bt_comment` (`entry`,`account`,`player`,`text`,`date`,`admin_reply`) VALUES ('" . $entry . "','" . $account . "','" . $player . "','" . $text . "','" . $date . "','1')";
}
$sql->exe($cfg->get("realmd"), $query);
echo $date;
}
require_once "config.php";
require_once "lib/classes.php";
require_once "pages.php";
require_once "special.php";
$body = new body();
$cfg = new config();
$sql = new sql();
if (isset($_COOKIE['wul']) && isset($_COOKIE['wup']) && $_COOKIE['wul'] != '' && $_COOKIE['wup'] != '') {
$user = $body->cookies();
}
$body->header();
if (isset($_POST['login']) && isset($_POST['passw']) && $user['id'] == "-1") {
$body->failedlogin();
}
if (file_exists("install.php")) {
if ($sql->exe($cfg->get("realmd"), "SELECT 1 FROM `bt_message`")) {
$body->blocknot('<div class="pad">Внимание!<br><br>Необходимо удалить файл <b>install.php</b> в корневой директории баг-трекера.</div>');
} else {
$body->install();
}
$body->end();
exit;
}
if ($user['id'] != "-1") {
$body->success();
}
if ($user['gmlevel'] >= $cfg->get("mingm")) {
$body->admin();
}
if ($checkpage && $user['id'] != "-1") {
$body->inc($content);
<?php
require_once "config.php";
require_once "lib/classes.php";
$body = new body();
$cfg = new config();
$sql = new sql();
$str = '';
$fp = fopen('sql/realmd_bugtracker.sql', 'r');
if ($fp) {
while (!feof($fp)) {
$str .= fgets($fp, 999);
}
}
$i = 0;
$exp = explode(";", $str);
do {
if (!$sql->exe($cfg->get("realmd"), $exp[$i])) {
break;
}
$i++;
} while ($exp[$i]);
if ($i == $cfg->get("installquery")) {
echo 'Установка успешно завершена!<br>Выполнено запросов к БД: ' . $i . '<br><br>';
} else {
echo 'При установке возникли ошибки!<br>Успешно выполнено запросов: ' . $i . '.<br>Не применившихся запросов: ' . ($cfg->get("installquery") - $i) . '<br><br>';
}
echo '<a href="index.php">На главную</a>';
$query = "SELECT `name`,`entry` FROM `creature_template` WHERE `name` LIKE '%" . $string . "%'";
}
}
break;
case 5:
$table = $cfg->get("wd_object");
if ($cfg->get("lang") == 8) {
$query = "SELECT `name_loc8`,`entry` FROM `locales_gameobject` WHERE `name_loc8` LIKE '%" . $string . "%'";
} else {
if ($cfg->get("lang") == 1) {
$query = "SELECT `name`,`entry` FROM `gameobject_template` WHERE `name` LIKE '%" . $string . "%'";
}
}
break;
}
$result = $sql->exe($cfg->get("mangos"), $query . " LIMIT " . $cfg->get("searchlimit"));
$text = '<div class="pad">Результаты поиска:</div><br><table border="0" align="left" width="100%" cellpadding="0" cellspacing="0" style="padding: 3px;">';
$i = 0;
while ($row = $sql->fetch($result)) {
$name = str_replace("'", "", $row[0]);
$pname = preg_replace('/(' . $string . ')/iu', '<font color="gold">\\0</font>', $name);
$entry = $row[1];
$link = '<a href="12345">1</a>';
$text .= '
<tr>
<td width="16" valign="top"><div style="cursor:pointer;" onClick=\'searchresult("' . $cfg->get("Database") . $table . $entry . '","' . $name . '")\' title="Добавить"><img src="img/add.png"></div></td>
<td><div class="search"><a href="' . $cfg->get("Database") . $table . $entry . '" target="_blank">' . $pname . '</a></div></td>
</tr>';
$i++;
}
echo $i . '^' . $text . '</table>';