function explore_field($field) { if (!isset($_SESSION['minesweeper'][$field]) || !in_array($_SESSION['minesweeper'][$field], array(MINESWEEPER_NOT_EXPLORED, MINESWEEPER_FLAGGED))) { return; } $mines = 0; // Make reference to that long name $fields =& $_SESSION['minesweeper']; // @ operator helps avoiding isset()... (it removes E_NOTICEs) // left side options if ($field % MINEGRID_WIDTH !== 1) { $mines += check_field(@$fields[$field - MINEGRID_WIDTH - 1]); $mines += check_field(@$fields[$field - 1]); $mines += check_field(@$fields[$field + MINEGRID_WIDTH - 1]); } // bottom and top $mines += check_field(@$fields[$field - MINEGRID_WIDTH]); $mines += check_field(@$fields[$field + MINEGRID_WIDTH]); // right side options if ($field % MINEGRID_WIDTH !== 0) { $mines += check_field(@$fields[$field - MINEGRID_WIDTH + 1]); $mines += check_field(@$fields[$field + 1]); $mines += check_field(@$fields[$field + MINEGRID_WIDTH + 1]); } $fields[$field] = $mines; if ($mines === 0) { if ($field % MINEGRID_WIDTH !== 1) { explore_field($field - MINEGRID_WIDTH - 1); explore_field($field - 1); explore_field($field + MINEGRID_WIDTH - 1); } explore_field($field - MINEGRID_WIDTH); explore_field($field + MINEGRID_WIDTH); if ($field % MINEGRID_WIDTH !== 0) { explore_field($field - MINEGRID_WIDTH + 1); explore_field($field + 1); explore_field($field + MINEGRID_WIDTH + 1); } } }
function textarea($field) { $required = ''; $req = ''; $email_field = ''; if ($field['zn_cf_required']) { $required = 'zn_required_field'; if (check_field($field['zn_cf_name'])) { $req = 'error'; } } if ($field['zn_cf_f_email'] == 'yes') { $email_field = 'zn_email_field'; } $field_name = preg_replace('~[\\W\\s]~', '_', $field['zn_cf_name']); echo '<div class="control-group ' . $req . '">'; echo '<label class="control-label" for="' . $field_name . '">' . $field['zn_cf_name'] . '</label>'; echo '<div class="controls">'; echo '<textarea id="' . $field_name . '" name="' . $field_name . '" placeholder="' . $field['zn_cf_name'] . '" class=" textarea zn_cf_textarea ' . $required . ' ' . $email_field . '" title="' . $field['zn_cf_name'] . '" ></textarea> '; echo '</div>'; echo '</div><!-- end control group -->'; }
function m__save_message() { global $dbm, $table_name; $table_name = "message"; if (isset($_SESSION['postdata']['message']) && time() - $_SESSION['postdata']['message'] < 60) { die('{"code":"101","msg":"歇会再留言吧"}'); } //查询该独立模型字段 $sql = "select * from " . TB_PREFIX . "extern_fields where extern_name = '" . $table_name . "'"; $querys = $dbm->query($sql); $fields = array(); //判断字段输入是否合法 foreach ($querys['list'] as $v) { $fields[$v['field']] = isset($_POST['extern___' . $v['field']]) ? $_POST['extern___' . $v['field']] : ''; $extern = get_field_remark($table_name, $v['field']); //获取特殊字段说明 if (!empty($extern)) { check_field($extern, $fields[$v['field']]); } //验证合法性 } $fields['create_time'] = time(); //print_r($fields);die; //插入数据 $ret = $dbm->single_insert(TB_PREFIX . $table_name, $fields); //print_r($ret); if ($ret['error'] == '' && $ret['autoid'] > 0) { //如果开启了留言到邮箱,就发送一封邮件到绑定的邮箱 if (MESSAGE_EMAIL != '') { $countent = "电话:" . @$fields['phone'] . " \r\n<br> 留言内容:" . @$fields['content'] . " \r\n<br> QQ号:" . @$fields['qq'] . " \r\n<br> 性别:" . @$fields['gender']; @helper::send_email($fields['nick_name'], MESSAGE_EMAIL, $fields['nick_name'] . "的留言", $countent); } $_SESSION['postdata']['message'] = time(); die('{"code":"0","msg":"留言成功,我们会尽快联系您"}'); } else { die('{"code":"100","msg":"留言失败"}'); } }
} else { print '<div class="flash_notice">' . $output . '</div>'; } break; ########################################################## # EDIT FEED ########################################################## ########################################################## # EDIT FEED ########################################################## case 'edit': $tribe_id = trim($_POST['tribe_id']); $rs_tribe = $core->con->select("SELECT * FROM " . $core->prefix . "tribe WHERE tribe_id = '{$tribe_id}'"); $new_name = !empty($_POST['tribe_name']) ? $_POST['tribe_name'] : $rs_tribe->f('tribe_name'); $new_ordering = !empty($_POST['tribe_order']) ? intval($_POST['tribe_order']) : $rs_tribe->f('ordering'); $new_name = check_field('Tribe name', $new_name); $error = array(); if ($new_name['success'] && is_int($new_ordering)) { $new_name['value'] = htmlentities($new_name['value'], ENT_QUOTES, mb_detect_encoding($new_name['value'])); $cur = $core->con->openCursor($core->prefix . 'tribe'); $cur->tribe_name = $new_name['value']; $cur->ordering = $new_ordering; $cur->modified = array(' NOW() '); $cur->update("WHERE tribe_id = '{$tribe_id}'"); $output = sprintf(T_("Tribe %s successfully updated"), $new_name['value']); } else { if (!$new_name['success']) { $error[] = $new_name['error']; } if (!is_int($new_ordering)) { $error[] = T_('The ordering has to be an integer value.');
/** * update a user record * this function is registered in xajax * @param string $title title of page * @param string $key_string comma separated name value pairs * @param array $form_values values of new record (array of name value pairs) * @return xajaxResponse every xajax registered function needs to return this object */ function action_update_user_settings_record($title, $key_string, $form_values) { global $logging; global $user; global $user_settings_table_configuration; global $firstthingsfirst_field_descriptions; global $user_start_time_array; # WARNING: this function is almost identical to function UserAdministration::action_update_user_admin_record # changes in this function should also lead to changes in that function $logging->info("USER_ACTION " . __METHOD__ . " (user="******", title={$title}, key_string={$key_string})"); # store start time $user_start_time_array[__METHOD__] = microtime(TRUE); $html_str = ""; $name_keys = array_keys($form_values); $new_form_values = array(); $fields = $user->get_fields(); $field_keys = array_keys($fields); # create necessary objects $result = new Result(); $response = new xajaxResponse(); $html_database_table = new HtmlDatabaseTable($user_settings_table_configuration); foreach ($name_keys as $name_key) { $value_array = explode(GENERAL_SEPARATOR, $name_key); $db_field_name = $value_array[0]; $field_type = $value_array[1]; $field_number = $value_array[2]; $check_functions = explode(" ", $firstthingsfirst_field_descriptions[$field_type][FIELD_DESCRIPTION_FIELD_INPUT_CHECKS]); $result->reset(); $logging->debug("field (name=" . $db_field_name . ", type=" . $field_type . ", number=" . $field_number . ")"); # check field values (check password field only when new password has been set) if ($db_field_name != USER_PW_FIELD_NAME || $db_field_name == USER_PW_FIELD_NAME && strlen($form_values[$name_key]) > 0) { check_field($check_functions, $db_field_name, $form_values[$name_key], $user->get_date_format(), $result); if (strlen($result->get_error_message_str()) > 0) { set_error_message($name_key, "right", $result->get_error_message_str(), "", "", $response); return $response; } } # set new value $new_form_values[$db_field_name] = $result->get_result_str(); $logging->debug("setting new form value (db_field_name=" . $db_field_name . ", result=" . $result->get_result_str() . ")"); } # check if someone tries to change user admin if ($user->get_name() == "admin") { # check if the name of user admin is changed if ($new_form_values[USER_NAME_FIELD_NAME] != "admin") { set_error_message("record_contents_buttons", "right", "ERROR_CANNOT_UPDATE_NAME_USER_ADMIN", "", "", $response); return $response; } } # display error when insertion returns false if (!$user->update($key_string, $new_form_values, TRUE)) { $logging->warn("update user settings record returns false"); $error_message_str = $user->get_error_message_str(); $error_log_str = $user->get_error_log_str(); $error_str = $user->get_error_str(); set_error_message("record_contents_buttons", "right", $error_message_str, $error_log_str, $error_str, $response); return $response; } # redirect to portal page with new user settings activated $response->script("window.location.assign('index.php?action=" . ACTION_GET_PORTAL_PAGE . "')"); # check post conditions not necessary # log total time for this function $logging->info(get_function_time_str(__METHOD__)); return $response; }
} } $temp[] = array('D' => $dir, 'N' => $name, 'S' => $size, 'T' => $time, 'I' => uniqid(), 'X' => -1); echo json_encode(array('code' => 0, 'index' => 0)); /* clear the first one */ if (count($temp) > 10) { $first = array_shift($temp); for ($i = 0; $i <= $first['X']; $i++) { $kv->delete($first['I'] . ':' . $i); } } kv_set($kv, ':temp', serialize($temp)); exit; break; case "chunk": check_field('index'); $index = (int) $_REQUEST['index']; $raw = file_get_contents('php://input'); for (reset($temp); $it = each($temp);) { $f = $it[1]; if ($f['D'] == $dir && $f['N'] == $name) { if ($index != $f['X'] + 1) { exit_json(3, 'Unwanted index.'); } else { if (strlen($raw) != ($f['S'] - $index * 3145728 >= 3145728 ? 3145728 : $f['S'] % 3145728)) { exit_json(4, 'Broken chunk.'); } else { if (!kv_set($kv, $f['I'] . ':' . $index, $raw)) { #debuging $s = new SaeStorage(); $s->write('s3', 'error', $raw);
include dirname(__FILE__) . '/tpl.php'; # header('Content-type: text/html; charset=utf-8'); $form_values = array("user_id" => "", "fullname" => "", "email" => "", "password" => ""); $flash = ''; session_start(); require_once dirname(__FILE__) . '/inc/lib/recaptchalib.php'; $privatekey = "6LdEeQgAAAAAABrweqchK5omdyYS_fUeDqvDRq3Q"; $publickey = "6LdEeQgAAAAAACLccbiO8TNaptSmepfMFEDL3hj2"; if (isset($_POST) && isset($_POST['submit'])) { $captcha = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); # On recupere les infos $user_id = check_field('user_id', trim($_POST['user_id']), 'not_empty'); $fullname = check_field('fullname', trim($_POST['fullname']), '', false); $email = check_field('email', trim($_POST['email']), 'email'); $password = check_field('password', trim($_POST['pass']), 'not_empty'); if ($user_id) { $form_values["user_id"] = $user_id['value']; } if ($fullname) { $form_values["fullname"] = $fullname['value']; } if ($email) { $form_values["email"] = $email['value']; } if ($password) { $form_values["password"] = $password['value']; } if (!$captcha->is_valid) { $flash = array('type' => 'error', 'msg' => sprintf(T_("The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: %s)"), $captcha->error)); } else {
/** * import uploaded list records to current list * this function is registered in xajax * @param string $list_title title of list * @param string $file_specs specifications of uploaded file to be precessed * @return xajaxResponse every xajax registered function needs to return this object */ function action_import_list_records($list_title, $file_specs, $field_seperator) { global $logging; global $user; global $list_table_configuration; global $user_start_time_array; global $firstthingsfirst_field_descriptions; $file_specs_array = explode("|", $file_specs); $file_name = $file_specs_array[0]; $file_org_name = $file_specs_array[1]; $file_size = $file_specs_array[2]; $file_type = $file_specs_array[3]; $logging->error("USER_ACTION " . __METHOD__ . " (user="******", list_title={$list_title}, file_name={$file_name} ({$file_size}), field_seperator={$field_seperator})"); # store start time $user_start_time_array[__METHOD__] = microtime(TRUE); # create necessary objects $result = new Result(); $response = new xajaxResponse(); $html_database_table = new HtmlDatabaseTable($list_table_configuration); # check if a file_name has been given if ($file_name == "NO_FILE") { $logging->warn("no file was uploaded"); set_error_message("button_import", "above", "ERROR_UPLOAD_SELECT_FILE", "", "", $response); return $response; } $full_file_name = "uploads/{$file_name}"; # create list table object $list_table = new ListTable($list_title); if ($list_table->get_is_valid() == FALSE) { $logging->warn("create list object returns false"); $error_message_str = $list_table->get_error_message_str(); $error_log_str = $list_table->get_error_log_str(); $error_str = $list_table->get_error_str(); set_error_message("button_import", "above", $error_message_str, $error_log_str, $error_str, $response); return $response; } $logging->debug("starting to read uploaded file ({$full_file_name}=" . $full_file_name . ")"); if (file_exists($full_file_name) == FALSE) { $logging->warn("cannot find uploaded file"); set_error_message("button_import", "above", "ERROR_UPLOAD_FILE_NOT_FOUND", "", "", $response); return $response; } $fields = $list_table->get_fields(); # line number counter $line_number = 1; # database field names of all columns to import $import_db_field_names = array_slice($list_table->get_db_field_names(), 1); $num_of_import_db_field_names = count($import_db_field_names); # open file to import $file_handler = fopen($full_file_name, "r"); if ($file_handler == FALSE) { $logging->warn("could not open file to import (file_name={$full_file_name})"); set_error_message("button_import", "above", "ERROR_UPLOAD_COULD_NOT_OPEN", "", "", $response); return $response; } # read a line from the file to import while (($line_array = fgetcsv($file_handler, 10000, $field_seperator)) !== FALSE) { $logging->debug("reading line (line_number={$line_number})"); # add dummy column for attachments array_push($line_array, "@"); $num_of_columns = count($line_array); # check if number of columns is correct if ($num_of_columns != $num_of_import_db_field_names) { $logging->warn("wrong colum count (num_of_columns={$num_of_columns}, num_of_import_db_field_names={$num_of_import_db_field_names})"); $error_message_str = "LABEL_IMPORT_LINE_NUMBER {$line_number} <br> ERROR_IMPORT_WRONG_COLUMN_COUNT"; set_error_message("button_import", "above", $error_message_str, "", "", $response); return $response; } $insert_array = array(); $counter = 0; # create an array with all db_field_names and values from file foreach ($import_db_field_names as $db_field_name) { $field_name = $fields[$db_field_name][0]; $field_type = $fields[$db_field_name][1]; $check_functions = explode(" ", $firstthingsfirst_field_descriptions[$field_type][FIELD_DESCRIPTION_FIELD_INPUT_CHECKS]); $result->reset(); # check field values and store new field value in result check_field($check_functions, $db_field_name, $line_array[$counter], $user->get_date_format(), $result); if (strlen($result->get_error_message_str()) > 0) { $error_message_str = "LABEL_IMPORT_LINE_NUMBER {$line_number} <br> LABEL_IMPORT_FIELDNAME {$field_name} <br> " . $result->get_error_message_str(); #$error_message_str = $result->get_error_message_str(); set_error_message(button_import, "above", $error_message_str, "", "", $response); return $response; } $logging->debug("field (name={$db_field_name}, type={$field_type}, content=" . $result->get_result_str() . ")"); # convert auto created and auto modified fields if ($field_type == FIELD_TYPE_DEFINITION_AUTO_CREATED || $field_type == FIELD_TYPE_DEFINITION_AUTO_MODIFIED) { $insert_array[$db_field_name] = 0; } # store the new field value (either as note or as normal value) if ($field_type == FIELD_TYPE_DEFINITION_NOTES_FIELD) { $insert_array[$db_field_name] = array(array(0, $result->get_result_str())); } else { if ($field_type == FIELD_TYPE_DEFINITION_ATTACHMENTS) { $insert_array[$db_field_name] = array(array(0, LISTTABLEATTACHMENT_EMPTY_ATTACHMENT . "|-|-|-")); } else { $insert_array[$db_field_name] = $result->get_result_str(); } } $counter++; } # insert a line $return_value = $list_table->insert($insert_array, $user->get_name()); if ($return_value == 0) { $logging->warn("insert list record returns false"); $error_message_str = LABEL_IMPORT_LINE_NUMBER . " {$line_number} <br> " . $result->get_error_message_str(); #$error_message_str = $list_table->get_error_message_str(); $error_log_str = $list_table->get_error_log_str(); $error_str = $list_table->get_error_str(); set_error_message("button_import", "above", $error_message_str, $error_log_str, $error_str, $response); return $response; } $line_number++; } $logging->debug("imported all lines from file (line_number={$line_number})"); # delete the import file fclose($file_handler); unlink($full_file_name); # set content $result->reset(); $html_database_table->get_content($list_table, $list_title, "", DATABASETABLE_UNKWOWN_PAGE, $result); $response->custom_response->assign_with_effect(LIST_CSS_NAME_PREFIX . "content_pane", $result->get_result_str()); # set action pane $html_str = $html_database_table->get_action_bar($list_title, ""); $response->custom_response->assign_with_effect("action_pane", $html_str); # set footer $response->assign("footer_text", "innerHTML", get_footer($list_table->get_creator_modifier_array())); # check post conditions if (check_postconditions($result, $response) == FALSE) { return $response; } set_info_message("action_bar_button_import", "above", "LABEL_IMPORT_SUCCESS", $response); # log total time for this function $logging->info(get_function_time_str(__METHOD__)); return $response; }
print '<div class="flash_notice">' . T_('User status toggled') . '</div>'; break; ########################################################## # UPDATE USER ########################################################## ########################################################## # UPDATE USER ########################################################## case 'update': $user_id = urldecode(trim($_POST['user_id'])); $user = $core->con->select("SELECT * FROM " . $core->prefix . "user WHERE user_id = '{$user_id}'"); $new_fullname = !empty($_POST['efullname']) ? $_POST['efullname'] : $user->f('user_fullname'); $new_email = !empty($_POST['eemail']) ? $_POST['eemail'] : $user->f('user_email'); $new_fullname = check_field('fullname', $new_fullname); $new_email = check_field('email', $new_email, 'email'); $new_password = check_field('password', array("password" => trim($_POST['password']), "password2" => trim($_POST['password2'])), 'password', false); $error = array(); if ($new_email['success'] && $new_fullname['success'] && $new_password['success']) { $new_fullname['value'] = htmlentities($new_fullname['value'], ENT_QUOTES, mb_detect_encoding($new_fullname['value'])); $sql = "SELECT user_id, user_fullname, user_email FROM " . $core->prefix . "user\n\t\t\t\tWHERE lower(user_id) != '" . strtolower($user_id) . "'\n\t\t\t\tAND (lower(user_fullname) = '" . strtolower($new_fullname['value']) . "'\n\t\t\t\tOR lower(user_email) = '" . strtolower($new_email['value']) . "')"; $rs1 = $core->con->select($sql); if ($rs1->count() > 0) { if ($rs1->f('user_fullname') == $new_fullname['value']) { $error[] = sprintf(T_('The user %s already exists'), $new_fullname['value']); } if ($rs1->f('user_email') == $new_email['value']) { $error[] = sprintf(T_('The email address %s is already in use by %s'), $new_email['value'], $rs1->f('user_id')); } } if (empty($error)) { $cur = $core->con->openCursor($core->prefix . 'user');
unset($node['D'][$it[0]]); $done = true; // kv_set($kv, $dir, serialize($node)); // exit_redirect('home.php?path=' . $dir); } } } if ($done) { kv_set($kv, $dir, serialize($node)); exit; } else { exit_json(1, 'No such file or directory.'); } break; case 'rename': check_field('name', 'value'); $name = $_REQUEST['name']; $value = $_REQUEST['value']; foreach ($node['R'] as $f) { if (!strcasecmp($f['N'], $value)) { exit_print("New name already exists. <a href=\"home.php?path=" . $dir . "\">Back home</a>?"); } } foreach ($node['D'] as $f) { if (!strcasecmp($f['N'], $value)) { exit_print("New name already exists. <a href=\"home.php?path=" . $dir . "\">Back home</a>?"); } } for (reset($node['R']); $it = each($node['R']);) { if (!strcasecmp($it[1]['N'], $name)) { /* for ($i = 0; $i * 3145728 < $it[1]['S']; $i++) {
public function dogetpassword_m() { global_run(); //验证码 $verify = strim($_REQUEST['sms_verify']); if (empty($verify)) { showErr("请输入验证码", 1); } $mobile = strim($_REQUEST['user_mobile']); $data = check_field("getpassword_mobile", $mobile, 0); if (!$data['status']) { ajax_return($data); } else { $user_info = $GLOBALS['db']->getRow('select * from ' . DB_PREFIX . "user where mobile='" . $mobile . "' and password_verify = '" . $verify . "'"); if ($user_info) { $GLOBALS['db']->query("delete from " . DB_PREFIX . "sms_mobile_verify where mobile_phone = '" . $mobile . "'"); showSuccess("验证成功", 1, url("index", "user#modify_password", array("id" => $user_info['id'], "code" => $verify))); } else { showErr("验证码错误", 1); } } }
/** * 验证会员字段 */ public function check_field() { $field = strim($_REQUEST['field']); $value = strim($_REQUEST['value']); $user_id = intval($_REQUEST['user_id']); $data = check_field($field, $value, $user_id); ajax_return($data); }
print '<div class="flash_notice">' . $output . '</div>'; } break; ########################################################## # EDIT FEED ########################################################## ########################################################## # EDIT FEED ########################################################## case 'edit': $feed_id = trim($_POST['ef_id']); $feed = $core->con->select("SELECT * FROM " . $core->prefix . "feed WHERE feed_id = '{$feed_id}'"); $new_name = !empty($_POST['ef_name']) ? $_POST['ef_name'] : $feed->f('feed_name'); $new_url = !empty($_POST['ef_url']) ? $_POST['ef_url'] : $feed->f('feed_url'); $new_name = check_field('Feed name', $new_name); $new_url = check_field('Feed url', $new_url, 'feed'); $error = array(); if ($new_name['success'] && $new_url['success']) { #FIXME : check if this line is needed (also used in user_api) $new_name['value'] = htmlentities($new_name['value'], ENT_QUOTES, mb_detect_encoding($new_name['value'])); $rs1 = $core->con->select("SELECT feed_url, user_id FROM " . $core->prefix . "feed\n\t\t\t\tWHERE feed_id != '" . $feed_id . "'\n\t\t\t\tAND feed_url = '" . $new_url['value'] . "'"); if ($rs1->count() > 0) { $error[] = sprintf(T_('The feed %s is already used by user %s'), $new_url['value'], $rs->f('user_id')); } if (empty($error)) { $cur = $core->con->openCursor($core->prefix . 'feed'); $cur->feed_name = $new_name['value']; $cur->feed_url = $new_url['value']; $cur->modified = array(' NOW() '); $cur->update("WHERE feed_id = '{$feed_id}'"); $output = sprintf(T_("Feed %s successfully updated"), $new_url['value']);
function m__save() { global $dbm, $c; check_level($_POST['alone_table'] . "_01"); $params = array(); if (!isset($_POST['alone_table']) || empty($_POST['alone_table'])) { die('{"code":"210","msg":"独立表异常!"}'); } unset($_POST['hashtoken']); foreach ($_POST as $k => $v) { $k = str_replace('extern___', '', $k); $params[$k] = helper::escape($v, 1); $params[$k] = isset($params[$k]) && !empty($params[$k]) ? trim($params[$k]) : ''; $extern = get_field_remark($_POST['alone_table'], $k); //获取特殊字段说明 if (!empty($extern)) { check_field($extern, $v); } //验证合法性 } $ext_tb = $params['alone_table']; $ext_sql = "select * from " . TB_PREFIX . "extern_fields where extern_name='{$ext_tb}'"; $ext_data = $dbm->query($ext_sql); if (count($ext_data['list']) > 0) { $extern_attr_content = $ext_data['list']; foreach ($extern_attr_content as $attr) { foreach ($params as $k => $v) { // 判断独立表的字段类型,日期类型进行数据转换 if ($k == $attr['field'] && $attr['form_type'] == 'date') { $params[$k] = strtotime($v); } } } } if ($_POST['info_id'] == '' || $_POST['info_id'] == '0') { unset($params['reso']); unset($params['info_id']); unset($params['alone_table']); $params['create_time'] = time(); //添加记录 $table = $_POST['alone_table']; $ret = $dbm->single_insert(TB_PREFIX . $table, $params); if ($ret['error'] == '') { die('{"code":"0","msg":"添加成功"}'); } die('{"code":"210","msg":"添加失败"}'); /* print_r($params); die();*/ } else { //更新记录 if (!is_numeric($_POST['info_id'])) { die('{"code":"220","msg":"ID必须是数字"}'); } $id = intval($_POST['info_id']); $table_name = $_POST['alone_table']; unset($params['reso']); unset($params['info_id']); unset($params['alone_table']); $where = "{$table_name}_id = {$id}"; $ret = $dbm->single_update(TB_PREFIX . $table_name, $params, $where); //print_r($ret); die(); if ($ret['error'] != '') { die('{"code":"230","msg":"更新失败"}'); } die('{"code":"0","msg":"更新成功"}'); } }
/** * update a record * this function is registered in xajax * @param string $title title of page * @param string $key_string comma separated name value pairs * @param array $form_values values of new record (array of name value pairs) * @return xajaxResponse every xajax registered function needs to return this object */ function action_update_user_admin_record($title, $key_string, $form_values) { global $logging; global $user; global $user_admin_table_configuration; global $firstthingsfirst_field_descriptions; global $user_start_time_array; # WARNING: this function is almost identical to function UserSettings::action_update_user_setting_record # changes in this function should also lead to changes in that function $logging->info("USER_ACTION " . __METHOD__ . " (user="******", title={$title}, key_string={$key_string})"); # store start time $user_start_time_array[__METHOD__] = microtime(TRUE); $html_str = ""; $name_keys = array_keys($form_values); $new_form_values = array(); $fields = $user->get_fields(); $field_keys = array_keys($fields); # create the key_string for user admin (who always has id=1) $key_string_admin_user = DatabaseTable::_get_encoded_key_string(array(DB_ID_FIELD_NAME => "1")); # create necessary objects $result = new Result(); $response = new xajaxResponse(); $html_database_table = new HtmlDatabaseTable($user_admin_table_configuration); foreach ($name_keys as $name_key) { $value_array = explode(GENERAL_SEPARATOR, $name_key); $db_field_name = $value_array[0]; $field_type = $value_array[1]; $field_number = $value_array[2]; $check_functions = explode(" ", $firstthingsfirst_field_descriptions[$field_type][FIELD_DESCRIPTION_FIELD_INPUT_CHECKS]); $result->reset(); $logging->debug("field (name=" . $db_field_name . ", type=" . $field_type . ", number=" . $field_number . ")"); # check field values (check password field only when new password has been set) if ($db_field_name != USER_PW_FIELD_NAME || $db_field_name == USER_PW_FIELD_NAME && strlen($form_values[$name_key]) > 0) { check_field($check_functions, $db_field_name, $form_values[$name_key], $user->get_date_format(), $result); if (strlen($result->get_error_message_str()) > 0) { set_error_message($name_key, "right", $result->get_error_message_str(), "", "", $response); return $response; } } # set new value $new_form_values[$db_field_name] = $result->get_result_str(); $logging->debug("setting new form value (db_field_name=" . $db_field_name . ", result=" . $result->get_result_str() . ")"); } # check if all booleans have been set foreach ($field_keys as $db_field_name) { if ($fields[$db_field_name][1] == FIELD_TYPE_DEFINITION_BOOL) { if (!isset($new_form_values[$db_field_name])) { $logging->debug("found an unset bool field"); $new_form_values[$db_field_name] = "0"; } } } # check if someone tries to change user admin if ($key_string_admin_user == $key_string) { # check if the name of user admin is changed if ($new_form_values[USER_NAME_FIELD_NAME] != "admin") { set_error_message("record_contents_buttons", "right", "ERROR_CANNOT_UPDATE_NAME_USER_ADMIN", "", "", $response); return $response; } # check if the permissions of user admin is changed if ($new_form_values[USER_CAN_CREATE_LIST_FIELD_NAME] != "1" || $new_form_values[USER_IS_ADMIN_FIELD_NAME] != "1") { set_error_message("record_contents_buttons", "right", "ERROR_CANNOT_UPDATE_PERMISSIONS_USER_ADMIN", "", "", $response); return $response; } } # display error when insertion returns false if (!$user->update($key_string, $new_form_values)) { $logging->warn("update user admin record returns false"); $error_message_str = $user->get_error_message_str(); $error_log_str = $user->get_error_log_str(); $error_str = $user->get_error_str(); set_error_message("record_contents_buttons", "right", $error_message_str, $error_log_str, $error_str, $response); return $response; } # set content $result->reset(); $html_database_table->get_content($user, $title, "", DATABASETABLE_UNKWOWN_PAGE, $result); $response->custom_response->assign_with_effect(USER_ADMIN_CSS_NAME_PREFIX . "content_pane", $result->get_result_str()); # set action pane $html_str = $html_database_table->get_action_bar($title, ""); $response->custom_response->assign_with_effect("action_pane", $html_str); # check post conditions if (check_postconditions($result, $response) == FALSE) { return $response; } # log total time for this function $logging->info(get_function_time_str(__METHOD__)); return $response; }
function check_fields(&$fields, $show_messages = true) { global $system_fields; $err = ZBX_VALID_OK; $fields = array_merge($fields, $system_fields); foreach ($fields as $field => $checks) { $err |= check_field($fields, $field, $checks); } unset_not_in_list($fields); unset_if_zero($fields); if ($err != ZBX_VALID_OK) { unset_action_vars($fields); } $fields = null; if ($err & ZBX_VALID_ERROR) { invalid_url(); } if ($show_messages) { show_messages(); } return $err == ZBX_VALID_OK ? 1 : 0; }
} $statusnet = $_POST['statusnet'] == 'true' ? 1 : 0; $statusnet_account = check_field(T_('Statusnet Account'), $_POST['statusnet-account'], 'url'); $reddit = $_POST['reddit'] == 'true' ? 1 : 0; if (!in_array($newsletter, array('nomail', 'dayly', 'weekly', 'monthly'))) { $error[] = T_('Error detected'); } if ($statusnet == 1) { if (!$statusnet_account['success']) { $error[] = T_("Please check statusnet URL : Invalid URL"); } } $shaarli_instance = ''; if ($shaarli == 1) { if ($shaarli_type == 'remote') { $instance = check_field(T_('Shaarli instance'), $_POST['shaarli-instance'], 'url'); if (!$instance['success']) { $error[] = T_("Please check shaarli URL : Invalid URL"); } else { $shaarli_instance = $instance['value']; } } else { $shaarli_instance = BP_PLANET_URL . '/shaarli/?user='******'social.newsletter', $newsletter, 'string'); $user_settings->put('social.twitter', $twitter, 'boolean'); $user_settings->put('social.google', $google, 'boolean'); $user_settings->put('social.shaarli', $shaarli, 'boolean'); if ($shaarli == 1) {
### Mise en cache #debutCache(); ### Initialisation variables de traitement $flash = array(); # Tableau pour l'affichage des messages d'erreurs, d'avertissement, de notice, ... $confirmation = ''; # Message de confirmation ### Initialisation des variables formulaires # Adresse e-mail expéditrice $sender = isset($_POST['newsletter_sender']) ? check_field(T_('Sender'), $_POST['newsletter_sender'], 'email') : check_field(T_('Sender'), $blog_settings->get('author_mail'), 'email'); # Adresses e-mail destinataires $recipients = isset($_POST['newsletter_recipient']) ? check_recipients(T_('Recipients'), $_POST['newsletter_recipient']) : check_recipients(T_('Recipients'), ''); # Sujet de la newsletter $subject = isset($_POST['newsletter_subject']) ? check_field(T_('Subject'), cleanupString($_POST['newsletter_subject']), 'not_empty') : ''; # Contenu de la newsletter $message = isset($_POST['newsletter_message']) ? check_field(T_('Message'), cleanupString($_POST['newsletter_message']), 'not_empty') : ''; ### On verifie que le formulaire est bien saisie if (isset($_POST) && isset($_POST['submitNewsletter'])) { if ($sender['success'] && $recipients['success'] && $subject['success'] && $message['success']) { $msg = htmlspecialchars(preg_replace('/\\n/', '<br/>', $message['value'])); $confirmation .= '<p>'; $confirmation .= '<form name="NewsletterConfirm" method="POST">'; $confirmation .= ' <u>' . T_('Are you sure you want to send this newsletter?') . '</u>'; $confirmation .= '<br /><br />'; $confirmation .= '<input type="hidden" name="sender" value="' . htmlspecialchars($sender['value']) . '" />'; $confirmation .= '<input type="hidden" name="recipients" value="' . htmlspecialchars($recipients['value']) . '" />'; $confirmation .= '<input type="hidden" name="subject" value="' . htmlspecialchars($subject['value']) . '" />'; $confirmation .= '<input type="hidden" name="message" value="' . $msg . '" />'; $confirmation .= ' <input type="submit" class="button br3px" name="confirmSubmit" value="' . T_('Yes') . '" />'; $confirmation .= ' <input type="button" class="button br3px" name="reset" value="' . T_('No') . '" />'; $confirmation .= '</form>';
foreach ($error as $value) { $output .= "<li>" . $value . "</li>"; } $output .= "</ul>"; print '<div class="flash_error">' . $output . '</div>'; } else { print '<div class="flash_notice">' . $output . '</div>'; } break; case "feed_from_site": if (isset($_GET['site'])) { $url = trim($_GET["site"]); } else { $url = trim($_POST["site"]); } $site_url = check_field('site', urldecode($url), 'url'); $feeds = array(); if ($site_url['success']) { require_once dirname(__FILE__) . '/../../inc/lib/simplepie_1.3.compiled.php'; $simplepie = new SimplePie(); $simplepie->set_feed_url($site_url['value']); $simplepie->init(); $simplepie->handle_content_type(); foreach ($simplepie->get_all_discovered_feeds() as $ob) { $feeds[] = $ob->url; } } header('Content-type: application/json; charset=utf-8'); print json_encode($feeds); break; ##########################################################
__error(T_("Permission denied"), T_('You are not allowed to see this page.') . ' ' . T_('You can delete your session if you logout : ') . '<a href="?logout">Logout</a>'); exit; } $planet_author_mail = $email = $blog_settings->get('author_mail'); $planet_author_site = $url = $blog_settings->get('author_site'); $planet_author = $author = $blog_settings->get('author'); $planet_author_jabber = $blog_settings->get('author_jabber'); $planet_author_im = $blog_settings->get('author_im'); $planet_author_about = $blog_settings->get('author_about'); $flash = array(); # On verifie que le formulaire est bien saisie if (isset($_POST) && isset($_POST['submit'])) { # On recupere les infos $email = check_field(T_('Reference contact email'), trim($_POST['planet_author_mail']), 'email'); $url = check_field(T_('Author Website'), trim($_POST['planet_author_site']), 'url'); $author = check_field(T_('Contact Name'), trim($_POST['planet_author']), 'not_empty'); $planet_author_jabber = trim($_POST['planet_author_jabber']); $planet_author_im = trim($_POST['planet_author_im']); $planet_author_about = htmlentities($_POST['planet_author_about'], ENT_QUOTES, mb_detect_encoding($_POST['planet_author_about'])); if ($email['success'] && $url['success'] && $author['success']) { $planet_author_mail = $email['value']; $planet_author_site = $url['value']; $planet_author = $author['value']; $blog_settings->put('author', $planet_author, "string"); $blog_settings->put('author_mail', $planet_author_mail, "string"); $blog_settings->put('author_site', $planet_author_site, "string"); $blog_settings->put('author_jabber', $planet_author_jabber, "string"); $blog_settings->put('author_im', $planet_author_im, "string"); $blog_settings->put('author_about', $planet_author_about, "string"); $flash['notice'][] = T_("Modification succeeded"); } else {
$output .= "</ul>"; print '<div class="flash_error">' . $output . '</div>'; } else { print '<div class="flash_notice">' . $output . '</div>'; } break; ########################################################## # UPDATE SITE ########################################################## ########################################################## # UPDATE SITE ########################################################## case 'update': $site_id = trim($_POST['site_id']); $site_url = check_field('site_url', trim($_POST['esite_url']), 'url'); $site_name = check_field('site_name', trim($_POST['esite_name'])); $error = array(); if ($site_url['success'] && $site_name['success']) { $rs = $core->con->select("SELECT * FROM " . $core->prefix . "site\n\t\t\t\tWHERE site_url = '" . $site_url['value'] . "'\n\t\t\t\tAND site_id != " . $site_id); if ($rs->count() > 0) { if ($rs->f('user_id') == $user_id) { $error[] = sprintf(T_('The user %s already own the website %s'), $user_id, $site_url['value']); } else { $error[] = sprintf(T_('The website %s is owned by user %s'), $site_url['value'], $rs->f('user_id')); } } if (empty($error)) { $cur = $core->con->openCursor($core->prefix . 'site'); $cur->site_url = $site_url['value']; $cur->site_name = $site_name['value']; $cur->modified = array(' NOW() ');
include dirname(__FILE__) . '/tpl.php'; # header('Content-type: text/html; charset=utf-8'); $flash = ''; if (isset($_POST) && isset($_POST['submit'])) { require_once dirname(__FILE__) . '/inc/lib/recaptchalib.php'; $privatekey = "6LdEeQgAAAAAABrweqchK5omdyYS_fUeDqvDRq3Q"; $captcha = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$captcha->is_valid) { $flash = array('type' => 'error', 'msg' => sprintf(T_("The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: %s)"), $captcha->error)); } else { # On recupere les infos $name = check_field('name', trim($_POST['name']), 'not_empty'); $email = check_field('email', trim($_POST['email']), 'email'); $subject = check_field('subject', trim($_POST['subject']), 'not_empty'); $content = check_field('content', trim($_POST['content']), 'not_empty'); $ip = getIP(); if ($name['success'] && $email['success'] && $subject['success'] && $content['success']) { # Construction du mail $objet = "Contact: " . $subject['value']; $msg = T_("Name/Nickname : ") . $name['value']; $msg .= "\n" . T_("Email : ") . $email['value']; $msg .= "\n" . T_("Subject : ") . $subject['value']; $msg .= "\n" . T_("Content of the message: ") . $content['value']; $msg .= "\nIP : {$ip}"; # Envoi du mail $envoi = sendmail($email['value'], $blog_settings->get('author_mail'), $objet, $msg); # Message d'information if ($envoi) { $flash = array('type' => 'notice', 'msg' => T_("Your email has been sent !")); } else {
function check_fields(&$fields, $show_messages = true) { // VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION $system_fields = array('sid' => array(T_ZBX_STR, O_OPT, P_SYS, HEX(), null), 'triggers_hash' => array(T_ZBX_STR, O_OPT, P_SYS, NOT_EMPTY, null), 'print' => array(T_ZBX_INT, O_OPT, P_SYS, IN('1'), null), 'page' => array(T_ZBX_INT, O_OPT, P_SYS, null, null), 'ddreset' => array(T_ZBX_INT, O_OPT, P_SYS, null, null)); $fields = zbx_array_merge($system_fields, $fields); $err = ZBX_VALID_OK; foreach ($fields as $field => $checks) { $err |= check_field($fields, $field, $checks); } unset_not_in_list($fields); unset_if_zero($fields); if ($err != ZBX_VALID_OK) { unset_action_vars($fields); } $fields = null; if ($err & ZBX_VALID_ERROR) { invalid_url(); } if ($show_messages && $err != ZBX_VALID_OK) { show_messages($err == ZBX_VALID_OK, null, _('Page received incorrect data')); } return $err == ZBX_VALID_OK; }
$replace = array(); $forms = array(); $sql_form = mysql_query("SELECT form_id, name, butt FROM " . TABLE_QUESTIONNAIRE . " ORDER BY form_id") or Error(1, __FILE__, __LINE__); while ($info_form = @mysql_fetch_array($sql_form)) { $sql = mysql_query("SELECT field_id, name, public FROM " . TABLE_QUESTFIELD . " WHERE form_id={$info_form['form_id']} ORDER BY ord") or Error(1, __FILE__, __LINE__); $fields = array(); $field_name = ""; while ($info = @mysql_fetch_array($sql)) { $info['name'] = htmlspecialchars($info['name'], ENT_COMPAT, 'cp1251'); if (!$info['name']) { $info['name'] = NONAME; } $info['edit_link'] = ADMIN_URL . "?p={$part}&field_id={$info['field_id']}"; $info['del_link'] = ""; $info['icount'] = 0; if ($i = check_field($info['field_id'])) { $info['icount'] = $i; } else { $info['del_link'] = ADMIN_URL . "?p={$part}&del_field={$info['field_id']}"; } if ($info['field_id'] == $field_id) { $form_id = $info_form['form_id']; $field_name = $info['name']; } $fields[] = $info; } $info_form['fields'] = $fields; $info_form['del_link'] = ADMIN_URL . "?p={$part}&del_form={$info_form['form_id']}"; $info_form['edit_link'] = ADMIN_URL . "?p={$part}&form_id={$info_form['form_id']}"; $forms[] = $info_form; }
if (md5($password) == $account['password']) { if ($_REQUEST['newpwd'] == $_REQUEST['newpwd2']) { $account['password'] = md5($_REQUEST['newpwd']); kv_set($kv, ':account', serialize($account)); $_SESSION['msg'] = 'Password has been changed.'; unset($_SESSION['auth']); exit_redirect('index.php'); } else { exit_print("Confirm doesn't match. <a href=\"home.php\">Back Home</a>?"); } } else { exit_print("Password is wrong. <a href=\"home.php\">Back Home</a>?"); } break; case 'login': check_field('username', 'password'); if ($username != $account['username'] || md5($password) != $account['password']) { $_SESSION['msg'] = 'User name or password wrong!'; exit_redirect('index.php'); } $_SESSION['auth'] = 'OK'; exit_redirect('home.php'); break; case 'logout': $_SESSION['auth'] = ''; exit_redirect('index.php'); break; default: exit_print('Action unkown'); break; }