include_once 'classes/config.php'; include_once 'classes/sessions.php'; // load required javascripts used in main_1.htm $ahah = 1; $tag_cloud = make_tag_cloud('audios'); $tag_cloud_block = $tag_cloud[1]; $channel = $_GET['cid']; $channel = mysql_real_escape_string($channel); $limit = $config['see_more_limits']; //$config['search_page_limits']; $codes = $_GET['code']; $sql1 = "SELECT * FROM genre WHERE has_audio = 'yes' AND channel_name = '{$channel}'"; $query1 = @mysql_query($sql1); if (@mysql_num_rows($query1) == 0) { @mysql_close(); error_redirect(121); } // get all genre that has an audio file, we only show genre with content $all_categories = array(); $sql = "SELECT * FROM genre WHERE has_audio = 'yes' order by channel_name"; $query = @mysql_query($sql); while ($result = @mysql_fetch_array($query)) { $channel_name = $result['channel_name']; $channel_name = mysql_real_escape_string($channel_name); $sql0 = "SELECT * FROM audios WHERE channel = '{$channel_name}' AND approved = 'yes' AND public_private = 'public' ORDER BY indexer DESC"; $query0 = @mysql_query($sql0); $count_audios = mysql_num_rows($query0); $audio_count = array('audio_count' => $count_audios); $new_array = @array_merge($result, $audio_count); $all_categories[] = $new_array; }
@mysql_close(); error_redirect(123); //"You are already a member OR have already selected to join this group" die; } //else proceed //check if group is privatei.e if admin approval is needed $sql1 = "SELECT * FROM group_profile WHERE indexer = {$group_id} AND public_private = 'private'"; $query1 = @mysql_query($sql1); $approved = 'no'; if (@mysql_num_rows($query1) == 0) { $approved = 'yes'; } //add this member into group membership as group admin $sql = "INSERT into group_membership (member_id, group_admin, group_id, today_date, member_username, approved)\r\n \t\tVALUES ('{$user_id}', 'no', {$group_id}, '{$todays_date}', '{$user_name}', '{$approved}')"; @mysql_query($sql); @mysql_close(); if (@mysql_num_rows($query1) != 0) { @mysql_close(); error_redirect(122); //"This groups requires admin approval to join. Your application has been sent out" die; } else { @mysql_close(); error_redirect(120); //"Thank you, you have now been added to this group" die; } ?>
$owner_details = mysql_fetch_array($addfav_query); $owner_id = $owner_details['user_id']; //check if its not in my fav already $add_audio_id = mysql_real_escape_string($add_audio_id); $user_id = mysql_real_escape_string($user_id); $addfav_sql = "SELECT * FROM audio_favorites WHERE audio_id = {$add_audio_id} and user_id = {$user_id}"; $addfav_query = @mysql_query($addfav_sql); $addfav_count = @mysql_num_rows($addfav_query); //procede with adding and redirect if ($addfav_count == 0) { $addfav_sql = "INSERT INTO audio_favorites (user_id, audio_id, owner_id) VALUES ({$user_id}, {$add_audio_id}, {$owner_id})"; $addfav_query = @mysql_query($addfav_sql); @mysql_close(); error_redirect(108); //"The audio has now been added to your favorites" } else { @mysql_close(); error_redirect(109); //"The audio is already in your favorites" } } } elseif ($add_audio_id == "") { error_redirect(107); //"An error has occured. the audio could not be added" } elseif ($add_vid_id == "") { error_redirect(107); //"An error has occured. the video could not be added" } ?>
$count = @mysql_num_rows($query); if ($count != 0) { $sql = "SELECT * FROM group_membership WHERE member_id = {$user_id} AND group_id = {$group_id} AND approved = 'yes'"; $count = @mysql_num_rows($query); if ($count == 0) { //error_redirect(127);//"This group is marked as private, only members can view it" } } } //check if group is public or private (for visitors browsing) if ($user_id == "") { $sql = "SELECT * FROM group_profile WHERE indexer = {$group_id} AND public_private = 'private'"; $query = @mysql_query($sql); $count = @mysql_num_rows($query); if ($count != 0) { error_redirect(127); //"This group is marked as private, only members can view it" } } if ($action == "") { $mygroups = array(); //get each groups details $sql1 = "SELECT * FROM group_profile WHERE indexer = {$group_id}"; $query1 = @mysql_query($sql1); $result1 = @mysql_fetch_array($query1); $group_name = $result1['group_name']; $page_title = $group_name; //count the number of videos the group has $sql2 = "SELECT * FROM group_videos WHERE group_id = {$group_id} AND video_status='active'"; $query2 = mysql_query($sql2); $count_group_videos = mysql_num_rows($query2);
} } elseif (count($_POST) > 0 && $_POST['action'] == 'recover') { $email = @$_POST['email']; $password = @$_POST['password']; $password2 = @$_POST['password2']; function emailU($v) { global $email; return $v['email'] == $email; } if (empty($USER) && !empty($email) && !empty($password) && !empty($password2) && $password == $password2 && count(array_filter($USERS, emailU)) == 1) { $recovers = recoversImport($fileRecoversBase); $recoverId = uniqid(); $recover = array('email' => $email, 'password' => $password); $recovers[$recoverId] = $recover; recoversExport($fileRecoversBase, $recovers); $mailTo = sprintf('<%s>', $email); $mailSubject = sprintf('Password recover.'); $mailMessage = sprintf('<a href="//greece/recover/%s">recover</a>', $recoverId); $mailHeaders = 'From: webmaster@greece' . "\r\n" . 'Reply-To: webmaster@greece' . "\r\n"; mail($mailTo, $mailSubject, $mailMessage, $mailHeaders); header("HTTP/1.1 302 Redirect"); header(sprintf('Location: %s', $url)); } else { error_redirect(); } } else { error_redirect(); } usersExport($fileUsersBase, $USERS); session_write_close();
$mspr = MSPR::get($user); $name = $user->getFirstname() . " " . $user->getLastname(); $page_title = $name . "'s MSPR page"; $url = ENTRADA_URL . "/admin/users/manage/students?section=mspr&id=" . $user_id; if ($mspr->saveMSPRFiles()) { success_redirect($url, $page_title, "<p>Report successfully generated.</p>"); } else { error_redirect($url, $page_title, "<p>Error generating report for " . $name . ".</p>"); } break; case "group_mode": $timestamp = time(); foreach ($user_ids as $user_id) { $user = User::get($user_id); $mspr = MSPR::get($user); $name = $user->getFirstname() . " " . $user->getLastname(); if (!$mspr->saveMSPRFiles($timestamp)) { add_error("Error generating report for {$name}."); } } $page_title = "Class of " . $year . " MSPR page"; $url = ENTRADA_URL . "/admin/mspr?mode=year&year=" . $year; if (!has_error()) { success_redirect($url, $page_title, "<p>Reports successfully generated.</p>"); } else { error_redirect($url, $page_title, ""); } break; } } }
<?php include '../lib/common.inc.php'; $id = $_REQUEST['question_id']; if (!($question = Question::get("SELECT **, (SELECT count(*) FROM answers WHERE question_id=questions.id) AS answer_count FROM _T_ WHERE id = %s", $id))) { error_redirect("/", "Извините, этот вопрос уже удален."); } echo render_partial('question.haml', array('question' => $question));
} } //delete video from group video if ($action == "del_vid") { //SECURITY CHECK\\ -- check if group_id and video_id taly before deleting $sql = "SELECT * FROM group_videos WHERE video_id = {$action_id} AND group_id ={$group_id}"; $query = @mysql_query($sql); $count = @mysql_num_rows($query); if ($count != 0) { $sql1 = "DELETE FROM group_videos WHERE video_id = {$action_id} AND group_id ={$group_id}"; mysql_query($sql1); @mysql_close(); error_redirect(125); //"Your request has been completed" } else { error_redirect(126); //"An error has occurred" <> trying to hack system by deleting a video that does not belong to user } } if ($action == "private") { $sql1 = "UPDATE group_profile SET public_private = 'private' WHERE indexer ={$group_id}"; mysql_query($sql1); @mysql_close(); echo '<p align="center"><font color="#009933" face="Arial"><b>' . $config["request_completed"] . '</b></font>'; } if ($action == "public") { $sql1 = "UPDATE group_profile SET public_private = 'public' WHERE indexer ={$group_id}"; mysql_query($sql1); @mysql_close(); echo '<p align="center"><font color="#009933" face="Arial"><b>' . $config["request_completed"] . '</b></font>'; }
<?php include '../lib/common.inc.php'; $test_id = $_REQUEST['test_id']; if (!Test::get("SELECT id FROM tests WHERE id=?", $test_id)) { error_redirect('', 'Такого теста больше нет'); } foreach ($_REQUEST['question_order'] as $qid => $order) { dbkit_execute("UPDATE questions SET `order`=? WHERE test_id=? AND id=?", $order, $test_id, $qid); }
$is_closed = $mspr->isClosed(); $rev = $mspr->getMSPRRevisions("html"); if ($is_closed) { if (!empty($rev)) { if (isset($_POST['action']) && $_POST['action'] == 'save') { if (isset($_POST['edit-html']) && ($edit_html = trim($_POST['edit-html']))) { $ts = time(); $pdf = $mspr->generatePDF($edit_html); $wrote_html = $mspr->saveMSPRFile("html", $edit_html, $ts); $wrote_pdf = $mspr->saveMSPRFile("pdf", $pdf, $ts); if ($wrote_html && $wrote_pdf) { $mspr->setGeneratedTimestamp($ts); success_redirect($success_url, $success_title, "Successfully edited HTML and generated PDF."); } } else { error_redirect(ENTRADA_URL . "/admin/users/manage/students?section=mspr-edit&id=" . $PROXY_ID . "&from=" . $from . $rev_append, "Edit MSPR", "No content provided. Cannot create empty MSPR."); } } else { if ($REVISION) { $html_file = $mspr->getMSPRFile("html", $REVISION); } else { $html_file = $mspr->getMSPRFile("html"); } load_rte("mspr"); ?> <h1>Edit MSPR: <?php echo $user->getFullName(); ?> </h1> <form method="post"> <input type="hidden" name="action" value="save" />