$DataLancamento = ""; $Imagem = ""; $Autor = 0; $Categoria = 0; $Localizacao = 0; if (isset($_POST['titulo']) && $_POST['titulo'] != "") { $Titulo = addslashes($_POST['titulo']); } if (isset($_POST['sinopse']) && $_POST['sinopse'] != "") { $Sinopse = addslashes($_POST['sinopse']); } if (isset($_POST['data_lancamento']) && $_POST['data_lancamento'] != "") { $DataLancamento = addslashes($_POST['data_lancamento']); } if (isset($_FILES['input-image']) && $_FILES['input-image']['name'] != "") { $Imagem = UploadImage($_FILES['input-image']); } if (isset($_POST['select_autor']) && $_POST['select_autor'] != "") { $Autor = addslashes($_POST['select_autor']); } if (isset($_POST['select_categoria']) && $_POST['select_categoria'] != "") { $Categoria = addslashes($_POST['select_categoria']); } if (isset($_POST['select_localizacao']) && $_POST['select_localizacao'] != "") { $Localizacao = addslashes($_POST['select_localizacao']); } $LivroDB = new LivroDB(); $Livro = new Livro($_POST['codlivro'], $Titulo, $Sinopse, $DataLancamento, $Imagem, $Autor, $Categoria, $Localizacao); $execute = $LivroDB->Editar($conexao, $Livro); $retorno = $execute ? 'editado' : 'erro'; header("Location: ../views/GerenciaLivros.php?retorno=" . $retorno);
function CompanyInsert() { global $URL; if (isset($_POST['MF']) && isset($_POST['RC']) && isset($_POST['RS']) && isset($_POST['Activity']) && isset($_POST['Adress']) && isset($_POST['Phone1'])) { //Recup variable $MF = addslashes($_POST['MF']); $RC = addslashes($_POST['RC']); $RS = addslashes($_POST['RS']); $Activity = addslashes($_POST['Activity']); $Adress = addslashes($_POST['Adress']); $Phone1 = addslashes($_POST['Phone1']); if (isset($_POST['Phone2'])) { $Phone2 = $_POST['Phone2']; } else { $Phone2 = ''; } if (isset($_POST['Fax'])) { $Fax = $_POST['Fax']; } else { $Fax = ''; } if (isset($_POST['Email'])) { $Email = $_POST['Email']; } else { $Email = ''; } if (isset($_POST['WebSite'])) { $WebSite = $_POST['WebSite']; } else { $WebSite = ''; } if (isset($_POST['BankAccount1'])) { $BankAccount1 = $_POST['BankAccount1']; } else { $BankAccount1 = ''; } if (isset($_POST['BankAccount2'])) { $BankAccount2 = $_POST['BankAccount2']; } else { $BankAccount2 = ''; } UploadImage(); QueryExcute("", "INSERT INTO `company` VALUES ('1', '{$MF}', '{$RC}', '{$RS}', '{$Activity}', '{$Adress}', '{$Phone1}', '{$Phone2}', '{$Fax}', '{$Email}', '{$WebSite}', '{$BankAccount1}', '{$BankAccount2}' );"); echo '<script language="Javascript">document.location.href="' . $URL . 'login"</script>'; } }
if ($tipe_file != "image/jpeg" and $tipe_file != "image/pjpeg") { echo "<script>window.alert('Upload Gagal, Pastikan File yang di Upload bertipe *.JPG');\n window.location=('../../media.php?module=produk)</script>"; } else { UploadImage($nama_file_unik); mysql_query("INSERT INTO produk(nama_produk,\n id_kategori,\n berat,\n harga,\n diskon,\n stok,\n deskripsi,\n tgl_masuk,\n gambar) \n VALUES('{$_POST['nama_produk']}',\n '{$_POST['kategori']}',\n '{$_POST['berat']}',\n '{$_POST['harga']}',\n '{$_POST['diskon']}',\n '{$_POST['stok']}',\n '{$_POST['deskripsi']}',\n '{$tgl_sekarang}',\n '{$nama_file_unik}')"); header('location:../../media.php?module=' . $module); } } else { mysql_query("INSERT INTO produk(nama_produk,\n id_kategori,\n berat,\n harga,\n diskon,\n stok,\n deskripsi,\n tgl_posting) \n VALUES('{$_POST['nama_produk']}',\n '{$_POST['kategori']}',\n '{$_POST['berat']}', \n '{$_POST['harga']}',\n '{$_POST['harga']}',\n '{$_POST['stok']}',\n '{$_POST['deskripsi']}',\n '{$tgl_sekarang}')"); header('location:../../media.php?module=' . $module); } } elseif ($module == 'produk' and $act == 'update') { $lokasi_file = $_FILES['fupload']['tmp_name']; $tipe_file = $_FILES['fupload']['type']; $nama_file = $_FILES['fupload']['name']; $acak = rand(1, 99); $nama_file_unik = $acak . $nama_file; // Apabila gambar tidak diganti if (empty($lokasi_file)) { mysql_query("UPDATE produk SET nama_produk = '{$_POST['nama_produk']}',\n id_kategori = '{$_POST['kategori']}',\n berat = '{$_POST['berat']}',\n harga = '{$_POST['harga']}',\n diskon = '{$_POST['diskon']}',\n stok = '{$_POST['stok']}',\n deskripsi = '{$_POST['deskripsi']}'\n WHERE id_produk = '{$_POST['id']}'"); header('location:../../media.php?module=' . $module); } else { if ($tipe_file != "image/jpeg" and $tipe_file != "image/pjpeg") { echo "<script>window.alert('Upload Gagal, Pastikan File yang di Upload bertipe *.JPG');\n window.location=('../../media.php?module=produk)</script>"; } else { UploadImage($nama_file_unik); mysql_query("UPDATE produk SET nama_produk = '{$_POST['nama_produk']}',\n id_kategori = '{$_POST['kategori']}',\n berat = '{$_POST['berat']}',\n harga = '{$_POST['harga']}',\n diskon = '{$_POST['diskon']}',\n stok = '{$_POST['stok']}',\n deskripsi = '{$_POST['deskripsi']}',\n gambar = '{$nama_file_unik}' \n WHERE id_produk = '{$_POST['id']}'"); header('location:../../media.php?module=' . $module); } } }
// print_r($profile); /* echo "After: Location: ".$profile['Location']."<br/>"; echo "After: Habit: ".$profile['Habit']."<br/>"; echo "After: BOD: ".$profile['BOD']."<br/>"; */ //update image; if (isset($_FILES['pic'])) { //error happens if ($_FILES['pic']['error'] != 0) { //header("Location: http://localhost/546Final/pages/profile.php"); } $allowed = array('gif', 'png', 'jpg', 'bmp'); $filename = $_FILES['pic']['name']; $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); // echo $ext; if (!in_array($ext, $allowed)) { //echo "extension name error"; //header("Location: http://localhost/546Final/pages/profile.php"); } $upload_file_name = $userID . "." . $ext; $upload_full_file_name = "upload/" . $upload_file_name; //echo getcwd().$upload_full_file_name; $pwd = getcwd(); chdir("../upload"); if (move_uploaded_file($_FILES['pic']['tmp_name'], $upload_file_name)) { UploadImage($userID, $upload_file_name); } chdir($pwd); } header("Location: http://localhost/546Final/pages/profile.php");
/** * Обработчик действия: Добавление товара. */ function AddItem() { $_REQUEST['date'] = time(); $_REQUEST['name'] = strip_tags($_REQUEST['name']); $_REQUEST['idcat'] = (int) $_REQUEST['idcat']; $_REQUEST['idcat1'] = isset($_REQUEST['idcat1']) ? (int) $_REQUEST['idcat1'] : 0; $_REQUEST['idcat2'] = isset($_REQUEST['idcat2']) ? (int) $_REQUEST['idcat2'] : 0; $_REQUEST['art'] = trim($_REQUEST['art']); if (!empty($_REQUEST['art']) && A::$DB->existsRow("SELECT id FROM " . SECTION . "_catalog WHERE art=?", $_REQUEST['art'])) { $this->errors['doubleart'] = true; return false; } if (empty($_REQUEST['urlname']) && !empty(A::$OPTIONS['idrule'])) { $data = $_REQUEST; prepareValues(SECTION, $data); $litems = array(); $idrule = A::$OPTIONS['idrule']; $idrule = explode("+", $idrule); foreach ($idrule as $fname) { if (!empty($data[$fname])) { $litems[] = getURLName($data[$fname]); } } $_REQUEST['urlname'] = implode(!empty($GLOBALS['A_URL_SEPARATOR']) ? $GLOBALS['A_URL_SEPARATOR'] : "_", $litems); } $_REQUEST['urlname'] = getURLName($_REQUEST['name'], $_REQUEST['urlname'], SECTION . "_catalog", "idcat=" . (int) $_REQUEST['idcat']); $_REQUEST['price'] = (double) str_replace(',', '.', $_REQUEST['price']); $_REQUEST['oldprice'] = (double) str_replace(',', '.', $_REQUEST['oldprice']); $_REQUEST['iscount'] = (int) $_REQUEST['iscount']; $_REQUEST['active'] = isset($_REQUEST['active']) ? "Y" : "N"; $_REQUEST['favorite'] = isset($_REQUEST['favorite']) ? "Y" : "N"; $_REQUEST['new'] = isset($_REQUEST['new']) ? "Y" : "N"; $_REQUEST['sort'] = A::$DB->getOne("SELECT MAX(sort) FROM " . SECTION . "_catalog") + 1; $_REQUEST['keywords'] = getkeywords($_REQUEST['content']); if (A::$OPTIONS['autoanons']) { $_REQUEST['description'] = truncate($_REQUEST['content'], A::$OPTIONS['anonslen']); } $dataset = new A_DataSet(SECTION . "_catalog", true); $dataset->fields = array("date", "idcat", "idcat1", "idcat2", "name", "art", "tags", "urlname", "description", "keywords", "content", "price", "oldprice", "iscount", "favorite", "new", "active", "sort"); if (A::$OPTIONS['modprices']) { $mprices = array(); for ($i = 1; $i <= 10; $i++) { if (!empty($_REQUEST["mprice{$i}_text"]) && !empty($_REQUEST["mprice{$i}_price"])) { $mprices[] = array('name' => $_REQUEST["mprice{$i}_text"], 'price' => (double) $_REQUEST["mprice{$i}_price"]); } } if (count($mprices) > 0) { $_REQUEST['price'] = $mprices[0]['price']; $_REQUEST['mprices'] = serialize($mprices); $dataset->fields[] = 'mprices'; } } if ($id = $dataset->Insert()) { for ($i = 1; $i <= 5; $i++) { if (isset($_REQUEST["imagedescription{$i}"])) { UploadImage("image{$i}", $_REQUEST["imagedescription{$i}"], 0, $id, $i); } } for ($i = 1; $i <= 5; $i++) { if (isset($_REQUEST["filedescription{$i}"])) { UploadFile("file{$i}", $_REQUEST["filedescription{$i}"], 0, $id, $i); } } $path = getTreePath(SECTION . "_categories", $_REQUEST['idcat'], " - "); $name = !empty($path) ? $path . ' - ' . $_REQUEST['name'] : $_REQUEST['name']; if ($_REQUEST['active'] == 'Y') { A::$OBSERVER->Event('searchIndexUpdate', SECTION, array('id' => $id, 'name' => $name, 'content' => $_REQUEST['content'], 'tags' => $_REQUEST['tags'])); } self::updateCategoryItems($_REQUEST['idcat']); self::updateCategoryItems($_REQUEST['idcat1']); self::updateCategoryItems($_REQUEST['idcat2']); unset($_POST['idcat']); return $id; } else { return false; } }
if (!defined('IN_ET')) { exit('Access Denied'); } if (!$user['user_id']) { showmessage("<div class='showmag'><p>您还没有登录,不能执行此操作!</p><p><a href='index.php?op=login'>现在登陆</a></p></div>"); exit; } if ($action == "upload") { $phototitle = daddslashes(trim($_POST['phototitle'])); if (StrLenW($phototitle) > 20) { showmessage("<div class='showmag'><p>相片名称要不能大于20字符!</p><p><a href='index.php?op=sendphoto'>重新上传</a></p></div>"); exit; } if ($_FILES['photo']['name']) { include "include/uploadpic.func.php"; $ptname = date(YmdHms); $upname = UploadImage("photo", 1, 200, 0, "../attachments/photo/user_" . $user[user_id] . "/", "../attachments/photo/user_" . $user[user_id] . "/", $ptname, $ptname . "_thumb"); $phototitle = $phototitle ? $phototitle : "{$ptname}"; $suffix = getsubstrutf8($upname, -3, 3, false); $content = "{$phototitle}<br/>[img link=" . $webaddr . "/attachments/photo/user_" . $user[user_id] . "/" . $ptname . "." . $suffix . "]" . $webaddr . "/attachments/photo/user_" . $user[user_id] . "/" . $upname . "[/img]"; $db->query("INSERT INTO et_content (user_id,user_name,user_nickname,user_head,content_body,posttime,type,conttype) VALUES ('{$user['user_id']}','{$user['user_name']}','{$user['nickname']}','{$user['user_head']}','{$content}','{$addtime}','手机','photo')"); showmessage("<div class='showmag'><p>照片上传成功了!</p><p><a href='{$refer}'>返回上一页</a></p></div>"); exit; } else { showmessage("<div class='showmag'><p>照片上传失败!</p><p><a href='index.php?op=sendphoto'>重新上传</a></p></div>"); exit; } } wapheader(); echo "<h2>发照片</h2>" . "<form enctype='multipart/form-data' action='index.php?op=sendphoto' method='post'>" . "建议照片大小不超过500K。照片文件名不要包含中文。如果照片太大,建议压缩后再上传。" . "<p>相片名称:<input type='text' name='phototitle' value='我分享了照片'/></p>" . "<p>选择照片:<input type='file' name='photo'/></p>" . "<p><input type='hidden' name='action' value='upload' /><input type='submit' value='上传' /></p>" . "</form>";
echo "<script>alert('很抱歉,修改相册名失败,可能因为您没有修改的权限!');location.href='{$webaddr}/op/viewalbum/{$alid}'</script>"; exit; } } } if ($action == "upload") { $phototitle = daddslashes(trim($_POST['phototitle'])); if (StrLenW($phototitle) > 20) { echo "<script>alert('相片名称要不能大于20字符!');location.href='{$webaddr}/op/viewalbum/{$alid}&act=upload'</script>"; exit; } if ($_FILES['photo']['name']) { $refer = $webaddr . "/op/viewalbum/" . $alid; include ET_ROOT . "/include/uploadpic.func.php"; $ptname = date(YmdHms); $upname = UploadImage("photo", 1, 130, 130, ET_ROOT . "/attachments/photo/user_" . $my[user_id] . "/", ET_ROOT . "/attachments/photo/user_" . $my[user_id] . "/", $ptname, $ptname . "_thumb"); $phototitle = $phototitle ? $phototitle : "{$ptname}"; $db->query("INSERT INTO et_photos (al_id,user_id,pt_name,pt_title,uploadtime) VALUE ('{$alid}','{$my['user_id']}','{$upname}','{$phototitle}','{$addtime}')"); $upmsg = "[img link={$webaddr}/op/viewphoto/" . mysql_insert_id() . "]" . $webaddr . "/attachments/photo/user_" . $my[user_id] . "/" . $upname . "[/img]我在相册上传了一张照片:<a href=\"{$webaddr}/op/viewphoto/" . mysql_insert_id() . "\">{$phototitle}</a>!"; $db->query("INSERT INTO et_content (user_id,content_body,posttime) VALUE ('{$my['user_id']}','{$upmsg}','{$addtime}')"); $db->query("UPDATE et_users SET photo_num=photo_num+'1' where user_id='{$my['user_id']}'"); echo "<script>alert('照片上传成功了!');location.href='{$webaddr}/op/viewalbum/{$alid}'</script>"; exit; } } $i = 0; $start = ($page - 1) * 16; $sql = "SELECT pt_id,user_id,pt_name,pt_title,uploadtime FROM et_photos where al_id='{$alid}' order by pt_id desc limit {$start},16"; $query = $db->query($sql); while ($data = $db->fetch_array($query)) { $i = $i + 1;
$strDate = date("Y-m-d"); // Upload Images $folderName = "uploads/"; switch ($action) { // Create User case "AddUser": // print_r($_FILES); die; // Upload Image $fileName = $_FILES["fileToUpload"]["name"]; if (!empty($fileName)) { $random_no = generateRandomString(5); $fileTempName = $_FILES["fileToUpload"]["tmp_name"]; $folderName = "images"; $Detail_images = "Detail_images"; $ImageName = $random_no . $fileName; $ImageName = UploadImage($fileName, $fileTempName, $folderName); //$img = new abeautifulsite\SimpleImage($fileTempName); //$ImageName1 = $img->flip('y')->rotate(180)->best_fit(320, 200)->save("$folderName/$ImageName"); //$ImageName2 = $img->flip('y')->rotate(180)->best_fit(266, 381)->save("$Detail_images/$ImageName"); } // var_dump($ImageName1); die; $arr = array('user_name' => $_POST['user_name'], 'user_order' => $_POST['user_order'], 'user_type' => $_POST['user_type'], 'dob' => $_POST['dob'], 'death_date' => $_POST['death_date'], 'mother_id' => $_POST['mother_id'], 'father_id' => $_POST['father_id'], 'spous_id' => $_POST['spous_id'], 'urdu_text' => $_POST['urdu_text'], 'user_image' => $ImageName, 'date_created' => date("Y-m-d H:i:s")); if (empty($_POST['nUserID'])) { $nLastID = InsertRec("our_family", $arr); } else { $nLastID = UpdateRec('our_family', "user_id = '" . $_POST['nUserID'] . "'", $arr); $nLastID = $_POST['nUserID']; } header("Location: view_users"); //} break;
<?php if (!defined('IN_ET')) { exit('Access Denied'); } tologin(); if ($action == "upload") { $syshead = daddslashes($_POST["syshead"]); $sysphoto = array("{$webaddr}/attachments/head/syshead/01.jpg", "{$webaddr}/attachments/head/syshead/02.jpg", "{$webaddr}/attachments/head/syshead/03.jpg", "{$webaddr}/attachments/head/syshead/04.jpg", "{$webaddr}/attachments/head/syshead/05.jpg", "{$webaddr}/attachments/head/syshead/06.jpg", "{$webaddr}/attachments/head/syshead/07.jpg", "{$webaddr}/attachments/head/syshead/08.jpg", "{$webaddr}/attachments/head/syshead/09.jpg", "{$webaddr}/attachments/head/syshead/10.jpg"); if ($_FILES['picture']['name']) { $refer = $webaddr . "/op/setting"; include ET_ROOT . "/include/uploadpic.func.php"; $upname = UploadImage("picture", 1, 96, 96, ET_ROOT . "/attachments/head/", ET_ROOT . "/attachments/head/", $my['user_id']); $db->query("UPDATE et_users SET user_head = '{$upname}' WHERE user_id='{$my['user_id']}'"); } if (in_array($syshead, $sysphoto) && !$_FILES['picture']['name']) { $user_syshead = get_substr($syshead, -14, 0); $db->query("UPDATE et_users SET user_head = '{$user_syshead}' WHERE user_id='{$my['user_id']}'"); } echo "<script>location.href='{$webaddr}/op/setting&tip=30'</script>"; exit; } if ($action == "setting") { $gender = $_POST["gender"]; $musicaddr = daddslashes(trim($_POST["musicaddr"])); $homesf = $_POST["homesf"]; $homecity = $_POST["homecity"]; $livesf = $_POST["livesf"]; $livecity = $_POST["livecity"]; $homeprovince = "{$homesf} {$homecity}"; $liveprovince = "{$livesf} {$livecity}";
/** * Обработчик действия: Добавление записи. */ function AddItem() { $_REQUEST['name'] = strip_tags($_REQUEST['name']); $_REQUEST['idcat'] = (int) $_REQUEST['idcat']; $_REQUEST['urlname'] = getURLName($_REQUEST['name'], $_REQUEST['urlname'], SECTION . "_catalog", "idcat=" . (int) $_REQUEST['idcat']); $_REQUEST['active'] = isset($_REQUEST['active']) ? "Y" : "N"; $_REQUEST['sort'] = A::$DB->getOne("SELECT MAX(sort) FROM " . SECTION . "_catalog") + 1; $_REQUEST['keywords'] = getkeywords($_REQUEST['content']); if (A::$OPTIONS['autoanons']) { $_REQUEST['description'] = truncate($_REQUEST['content'], A::$OPTIONS['anonslen']); } if (!A::$OPTIONS['usedate']) { $_REQUEST['date'] = time(); } $_REQUEST['mdate'] = time(); $dataset = new A_DataSet(SECTION . "_catalog", true); $dataset->fields = array("date", "mdate", "idcat", "name", "urlname", "description", "keywords", "content", "tags", "active", "sort"); if ($id = $dataset->Insert()) { for ($i = 1; $i <= 5; $i++) { if (isset($_REQUEST["imagedescription{$i}"])) { UploadImage("image{$i}", $_REQUEST["imagedescription{$i}"], 0, $id, $i); } } for ($i = 1; $i <= 5; $i++) { if (isset($_REQUEST["filedescription{$i}"])) { UploadFile("file{$i}", $_REQUEST["filedescription{$i}"], 0, $id, $i); } } if ($_REQUEST['active'] == 'Y') { $path = getTreePath(SECTION . "_categories", $_REQUEST['idcat'], " - "); $name = !empty($path) ? $path . ' - ' . $_REQUEST['name'] : $_REQUEST['name']; A::$OBSERVER->Event('searchIndexUpdate', SECTION, array('id' => $id, 'name' => $name, 'content' => $_REQUEST['content'], 'tags' => $_REQUEST['tags'])); } self::updateCategoryItems($_REQUEST['idcat']); unset($_POST['idcat']); return $id; } else { return false; } }
return false; } function del() { global $file; $file = $_REQUEST["file"]; $upload_dir = "avatar/"; unlink($upload_dir . $file); } switch ($action) { case 'upload': $allowed_types = array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG); $allowed_ext = array("jpg", "png", "gif", "jpeg"); $path = "avatar/"; $global = $_FILES["objUpload"]; if ($filename = UploadImage($global, $path, $allowed_types, $allowed_ext)) { $url = sqlesc($BASEURL . "/" . $path . $global["name"]); do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `avatar_upload`='yes', `avatar`={$url} WHERE `id` = {$uid}", true); redirect("index.php?page=usercp&do=avatar&action=read&what=success&uid=" . $uid . ""); } else { redirect("index.php?page=usercp&do=avatar&action=read&what=failure&uid=" . $uid . ""); } break; case 'delete': del(); do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `avatar_upload`='no', `avatar_upload_name`='',`avatar`='' WHERE `id`={$uid}"); redirect("index.php?page=usercp&do=avatar&action=read&uid=" . $uid . ""); break; default: case 'read': $query = do_sqlquery("SELECT `avatar_upload`, `avatar_upload_name` FROM `{$TABLE_PREFIX}users` WHERE `id` = {$uid}", true);
} header('location:../../master.php?module=artikel'); } elseif ($module == 'artikel' and $act == 'update') { $lokasi_file = $_FILES['fupload']['tmp_name']; $tipe_file = $_FILES['fupload']['type']; $nama_file = $_FILES['fupload']['name']; $acak = date('Ymd-his'); $namaGambar = $acak . $nama_file; $judulSeo = seo_title($_POST['judul']); // Apabila gambar tidak diganti if (empty($lokasi_file)) { mysql_query("UPDATE tartikel SET id_grup\t\t= '{$_POST['groupId']}',\r\n\t\t\t\t\t\t\t\t\t\tid_kategori\t= '{$_POST['kategoriId']}',\r\n\t\t\t\t\t\t\t\t\t\tjudul = '{$_POST['judul']}',\r\n\t\t\t\t\t\t\t\t\t\tjudul_seo = '{$judulSeo}', \r\n\t\t\t\t\t\t\t\t\t\taktif\t\t= '{$_POST['aktif']}',\r\n\t\t\t\t\t\t\t\t\t\tisi\t\t\t= '{$_POST['isi']}',\r\n\t\t\t\t\t\t\t\t\t\tlastUpdate\t= '{$_SESSION['idUser']}'\r\n\t\t\t\t\t\t\t\t\t\tWHERE id_artikel = '{$_POST['id']}'"); } else { $data = mysql_fetch_array(mysql_query("SELECT gambar FROM tartikel WHERE id_artikel = '{$_POST['id']}'")); if ($data[gambar] == '') { UploadImage($namaGambar); mysql_query("UPDATE tartikel SET id_grup\t\t= '{$_POST['groupId']}',\r\n\t\t\t\t\t\t\t\t\t\t\tid_kategori\t= '{$_POST['kategoriId']}',\r\n\t\t\t\t\t\t\t\t\t\t\tjudul = '{$_POST['judul']}',\r\n\t\t\t\t\t\t\t\t\t\t\tjudul_seo = '{$judulSeo}', \r\n\t\t\t\t\t\t\t\t\t\t\taktif\t\t= '{$_POST['aktif']}',\r\n\t\t\t\t\t\t\t\t\t\t\tisi\t\t\t= '{$_POST['isi']}',\r\n\t\t\t\t\t\t\t\t\t\t\tgambar\t\t= '{$namaGambar}',\r\n\t\t\t\t\t\t\t\t\t\t\tlastUpdate\t= '{$_SESSION['idUser']}'\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE id_artikel = '{$_POST['id']}'"); } else { $gambar = $data[gambar]; $hapusGambar = unlink("../../../gambar/articles/{$gambar}"); if ($hapusGambar) { $hapusGambarThumbs = unlink("../../../gambar/articles/thumbs/thumb_{$gambar}"); } if ($hapusGambarThumbs) { UploadImage($namaGambar); mysql_query("UPDATE tartikel SET id_grup\t\t= '{$_POST['groupId']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tid_kategori\t= '{$_POST['kategoriId']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tjudul = '{$_POST['judul']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tjudul_seo = '{$judulSeo}', \r\n\t\t\t\t\t\t\t\t\t\t\t\taktif\t\t= '{$_POST['aktif']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tisi\t\t\t= '{$_POST['isi']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tgambar\t\t= '{$namaGambar}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tlastUpdate\t= '{$_SESSION['idUser']}'\r\n\t\t\t\t\t\t\t\t\t\t\t\tWHERE id_artikel = '{$_POST['id']}'"); } } } header('location:../../master.php?module=artikel'); }
/** * Обработчик действия: Добавление изображений в альбом. */ function AddImage() { if ($album = A::$DB->getRowById($_REQUEST['idalb'], SECTION . "_albums")) { $sort = A::$DB->getOne("SELECT MAX(sort) FROM " . DOMAIN . "_images WHERE idsec=" . SECTION_ID . " AND iditem=" . $album['id']); for ($i = 1; $i <= 6; $i++) { $idimg = UploadImage("image{$i}", $_REQUEST["name{$i}"], 0, $album['id'], $sort + $i); if (empty($album['idimg'])) { A::$DB->Update(SECTION . "_albums", array('idimg' => $idimg), "id=" . $album['id']); $album['idimg'] = $idimg; } } if (extension_loaded('zip') && isset($_FILES['archzip']['tmp_name']) && file_exists($_FILES['archzip']['tmp_name'])) { delDir("files/" . DOMAIN . "/tmp"); mk_dir("files/" . DOMAIN . "/tmp"); $zip = new ZipArchive(); $zip->open($_FILES['archzip']['tmp_name']); if ($zip->extractTo("files/" . DOMAIN . "/tmp")) { $images = scandir("files/" . DOMAIN . "/tmp"); $i = 1; foreach ($images as $file) { if ($file != '.' && $file != '..') { $idimg = RegisterImage("files/" . DOMAIN . "/tmp/{$file}", '', 0, $album['id'], $sort + $i++, A::$OPTIONS['img_resize'], A::$OPTIONS['img_x'], A::$OPTIONS['img_y']); if (empty($album['idimg'])) { A::$DB->Update(SECTION . "_albums", array('idimg' => $idimg), "id=" . $album['id']); $album['idimg'] = $idimg; } } } } $zip->close(); delDir("files/" . DOMAIN . "/tmp"); } if (!empty($_REQUEST['path']) && A::$AUTH->isSuperAdmin()) { $_path = preg_replace("/^[.\\/]+/i", "", $_REQUEST['path']); if (empty($_path)) { return true; } if (A::$AUTH->isSuperAdmin()) { if (is_dir($_path)) { $path = $_path; } elseif (is_file($_path)) { $file = $_path; } elseif (is_dir("files/" . DOMAIN . "/" . $_path)) { $path = "files/" . DOMAIN . "/" . $_path; } elseif (is_file("files/" . DOMAIN . "/" . $_path)) { $file = "files/" . DOMAIN . "/" . $_path; } } elseif (is_dir("files/" . DOMAIN . "/" . $_path)) { $path = "files/" . DOMAIN . "/" . $_path; } elseif (is_file("files/" . DOMAIN . "/" . $_path)) { $file = "files/" . DOMAIN . "/" . $_path; } if (!empty($file) && extension_loaded('zip')) { delDir("files/" . DOMAIN . "/tmp"); mk_dir("files/" . DOMAIN . "/tmp"); $zip = new ZipArchive(); $zip->open($file); if ($zip->extractTo("files/" . DOMAIN . "/tmp")) { $path = "files/" . DOMAIN . "/tmp"; } $zip->close(); } if (!empty($path)) { $images = scandir($path); $i = 1; foreach ($images as $file) { if ($file != '.' && $file != '..') { $idimg = RegisterImage("{$path}/{$file}", '', 0, $album['id'], $sort + $i++, A::$OPTIONS['img_resize'], A::$OPTIONS['img_x'], A::$OPTIONS['img_y']); if (empty($album['idimg'])) { A::$DB->Update(SECTION . "_albums", array('idimg' => $idimg), "id=" . $album['id']); $album['idimg'] = $idimg; } } } } } } return true; }
function fcategory_dataset_prepare($dataset) { if ($structure = getStructureByPlugin('fcategory')) { A::$DB->query("SELECT * FROM {$structure} WHERE idsec=" . SECTION_ID . " ORDER BY sort"); while ($row = A::$DB->fetchRow()) { switch ($row['type']) { case "int": $_REQUEST[$row['field']] = isset($_REQUEST[$row['field']]) ? (int) $_REQUEST[$row['field']] : 0; $dataset->fields[] = $row['field']; break; case "select": $_REQUEST[$row['field']] = isset($_REQUEST[$row['field']]) ? (int) $_REQUEST[$row['field']] : 0; $options = loadList($row['property']); if (!isset($options[$_REQUEST[$row['field']]]) && !empty($_REQUEST[$row['field'] . "_txt"])) { if ($string = trim($_REQUEST[$row['field'] . "_txt"])) { if ($plugin = getPluginByStructure($row['property'])) { if (function_exists("{$plugin}_add")) { $_REQUEST[$row['field']] = call_user_func("{$plugin}_add", $row['property'], $string); } } } } $dataset->fields[] = $row['field']; break; case "mselect": if (!empty($_REQUEST[$row['field']]) && is_array($_REQUEST[$row['field']])) { $values = array(); foreach ($_REQUEST[$row['field']] as $sid) { $values[] = sprintf("%04d", (int) $sid); } $_REQUEST[$row['field']] = implode(",", $values); } else { $_REQUEST[$row['field']] = ""; } $dataset->fields[] = $row['field']; break; case "float": $_REQUEST[$row['field']] = isset($_REQUEST[$row['field']]) ? (double) $_REQUEST[$row['field']] : 0; $dataset->fields[] = $row['field']; break; case "bool": $_REQUEST[$row['field']] = isset($_REQUEST[$row['field']]) ? "Y" : "N"; $dataset->fields[] = $row['field']; break; case "date": $_REQUEST[$row['field']] = isset($_REQUEST[$row['field']]) ? (int) $_REQUEST[$row['field']] : mktime(0, 0, 0, (int) $_REQUEST[$row['field'] . 'Month'], (int) $_REQUEST[$row['field'] . 'Day'], (int) $_REQUEST[$row['field'] . 'Year']); $dataset->fields[] = $row['field']; break; case "string": case "text": case "format": $_REQUEST[$row['field']] = isset($_REQUEST[$row['field']]) ? trim($_REQUEST[$row['field']]) : ""; $dataset->fields[] = $row['field']; break; case "image": if (empty(A::$REGFILES)) { A::$REGFILES = getSectionByModule('pages'); } if (empty($dataset->data) || empty($_REQUEST['parent_id'])) { $_REQUEST[$row['field']] = UploadImage($row['field'], !empty($_REQUEST['name']) ? $_REQUEST['name'] : ""); } else { $_REQUEST[$row['field']] = UploadImage($row['field'], !empty($_REQUEST['name']) ? $_REQUEST['name'] : "", $dataset->data[$row['field']]); if (isset($_REQUEST[$row['field'] . '_del'])) { DelRegImage($dataset->data[$row['field']]); $_REQUEST[$row['field']] = 0; } } $dataset->fields[] = $row['field']; break; case "file": if (empty(A::$REGFILES)) { A::$REGFILES = getSectionByModule('pages'); } if (empty($dataset->data) || empty($_REQUEST['parent_id'])) { $_REQUEST[$row['field']] = UploadFile($row['field'], !empty($_REQUEST['name']) ? $_REQUEST['name'] : ""); } else { $_REQUEST[$row['field']] = UploadFile($row['field'], !empty($_REQUEST['name']) ? $_REQUEST['name'] : "", $dataset->data[$row['field']]); if (isset($_REQUEST[$row['field'] . '_del'])) { DelRegFile($dataset->data[$row['field']]); $_REQUEST[$row['field']] = 0; } } $dataset->fields[] = $row['field']; break; } } A::$DB->free(); } }
} else { if ($tipe_file != "image/jpeg" and $tipe_file != "image/jpg") { echo "<script>window.alert('Tipe File tidak di ijinkan.');\r\n window.location=(href='../../media_admin.php?module=home')</script>"; } else { $cek = mysql_query("SELECT * FROM pengajar WHERE id_pengajar = '{$_POST['id']}'"); $r = mysql_fetch_array($cek); if (!empty($r[foto])) { $img = "../../../foto_pengajar/{$r['foto']}"; unlink($img); $img2 = "../../../foto_pengajar/medium_{$r['foto']}"; unlink($img2); $img3 = "../../../foto_pengajar/small_{$r['foto']}"; unlink($img3); UploadImage($nama_file); $pass = md5($_POST[password]); mysql_query("UPDATE pengajar SET nip = '{$_POST['nip']}',\r\n nama_lengkap = '{$_POST['nama_lengkap']}',\r\n username_login = '******'username']}',\r\n password_login = '******',\r\n alamat = '{$_POST['alamat']}',\r\n tempat_lahir = '{$_POST['tempat_lahir']}',\r\n tgl_lahir = '{$tgl_lahir}',\r\n jenis_kelamin = '{$_POST['jk']}',\r\n agama = '{$_POST['agama']}',\r\n no_telp = '{$_POST['no_telp']}',\r\n email = '{$_POST['email']}',\r\n website = '{$_POST['website']}',\r\n foto = '{$nama_file}',\r\n jabatan = '{$_POST['jabatan']}'\r\n WHERE id_pengajar = '{$_POST['id']}'"); } else { UploadImage($nama_file); $pass = md5($_POST[password]); mysql_query("UPDATE pengajar SET nip = '{$_POST['nip']}',\r\n nama_lengkap = '{$_POST['nama_lengkap']}',\r\n username_login = '******'username']}',\r\n password_login = '******',\r\n alamat = '{$_POST['alamat']}',\r\n tempat_lahir = '{$_POST['tempat_lahir']}',\r\n tgl_lahir = '{$tgl_lahir}',\r\n jenis_kelamin = '{$_POST['jk']}',\r\n agama = '{$_POST['agama']}',\r\n no_telp = '{$_POST['no_telp']}',\r\n email = '{$_POST['email']}',\r\n website = '{$_POST['website']}',\r\n foto = '{$nama_file}',\r\n jabatan = '{$_POST['jabatan']}'\r\n WHERE id_pengajar = '{$_POST['id']}'"); } } } } header('location:../../media_admin.php?module=home'); } else { echo "<script>window.alert('Nip sudah pernah digunakan.');\r\n window.location=(href='../../media_admin.php?module=home')</script>"; } } } }
</tbody> </table> </ul> </div> </form> <div class="span4"> <center><img src="<?php echo $URL; ?> /ili-upload/logo.png" width="300px" height="300px"/></center> <form action="" method="post" name="form2" enctype="multipart/form-data"> <input type="hidden" name="UploadImage"> <input type="file" name="fileToUpload" id="fileToUpload" onChange="this.form.submit();"> </form> <?php UploadImage(); ?> </div> <div class="space5"></div> </div> </div> <!-- END EXAMPLE TABLE widget--> </div> </div> <!-- END PAGE CONTENT--> </div> <!-- END PAGE CONTAINER--> </div> <!-- END PAGE --> </div>
$textcolor = trim($_POST['text']); $links = trim($_POST['links']); $sidebarcl = trim($_POST['sidebarcl']); $sidebox = trim($_POST['sidebox']); $pictype = $_POST['pictype']; $newbgurl = $_POST['newbgurl']; $uppictype = array("image/jpg", "image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png", "image/bmp"); if ($_FILES['bgpicture']['name']) { if (!in_array($_FILES['bgpicture']['type'], $uppictype)) { echo "<script>alert('很抱歉,您上传的图片过大或者类型不正确!');location.href='{$webaddr}/op/theme'</script>"; exit; } @unlink(ET_ROOT . "/attachments/photo/user_" . $my[user_id] . "/themebg.jpg"); @unlink(ET_ROOT . "/attachments/photo/user_" . $my[user_id] . "/themebg_thumb.jpg"); include ET_ROOT . "/include/uploadpic.func.php"; UploadImage("bgpicture", 1, 112, 72, ET_ROOT . "/attachments/photo/user_" . $my[user_id] . "/", ET_ROOT . "/attachments/photo/user_" . $my[user_id] . "/", "themebg", "themebg_thumb", "jpg"); $pictype = $pictype ? $pictype : "center"; $bgurl = "attachments/photo/user_" . $my[user_id]; //不需要添加 $webaddr } $newbgurl = $bgurl ? $bgurl : $newbgurl; $newbgurl = daddslashes($newbgurl); $db->query("UPDATE et_users SET theme_bgcolor='{$bgcolor}',theme_pictype = '{$pictype}',theme_text='{$textcolor}',\n theme_link='{$links}',theme_sidebar='{$sidebarcl}',theme_sidebox='{$sidebox}',theme_bgurl='{$newbgurl}' WHERE user_id='{$my['user_id']}'"); dsetcookie('setok', 'theme1'); header("location:{$webaddr}/op/theme"); exit; } $query = $db->query("SELECT * FROM et_usertemplates WHERE isopen='1' ORDER BY ut_id"); while ($data = $db->fetch_array($query)) { $ut_id = $data['ut_id']; $theme_bgcolor = $data['theme_bgcolor'];
function RunImport() { if (!empty($_FILES)) { if (basename($_FILES['importFile']['name']) == "import_0945.csv") { Import_PRICE_ROST(); } elseif (basename($_FILES['importFile']['name']) == "DC_IMS.csv") { Import_DC_IMS(); } elseif (basename($_FILES['importFile']['name']) == "PRICE_KROSS.csv") { Import_PRICE_KROSS(); } elseif (basename($_FILES['importFile']['name']) == "FILIAL.csv") { Import_Filial(); } elseif (basename($_FILES['importFile']['name']) == "DOSTAVKA.csv") { Import_DOSTAVKA(); } elseif (basename($_FILES['importFile']['name']) == "FILTR.csv") { ImportFILTR(); } else { UploadImage(); } } elseif (isset($_GET['action']) and $_GET['action'] == "GetOrders") { GetOrders(); } elseif (isset($_GET['action']) and $_GET['action'] == "GetUsers") { GetUsers(); } else { EmptyAction(); } }