function postmessage($ar) { $cn = connect_db(); $sql = "insert into `message` (touserid,fromuserid,subject,message,name) values ('" . $ar['touserid'] . "','" . $ar['fromuserid'] . "','" . magicquotes(htmlspecialchars($ar['subject'])) . "','" . formattext(htmlspecialchars(magicquotes($ar['message']))) . "','" . htmlspecialchars($ar['name']) . "')"; $result = mysql_query($sql, $cn) or die("ERROR :" . mysql_error()); disconnect_db($cn); }
$result = do_mysql_query($query); while ($row = mysql_fetch_array($result)) { echo "\n<tr bgcolor={$table_bgcolour}><td><font "; if ($row["event_date"] == date("Y-m-d", time())) { echo "color=red"; } else { echo "color=black"; } echo ">"; if ($username == "staff" and getVAR("edit") == "on") { //add edit/del buttons $id = $row["ID"]; echo "\n<a href=\"{$PHP_SELF}?action=edit_event&display_date={$display_date}&id={$id}&username={$username}&password={$password}\"><img border=0 align=right src=\"images/edit.gif\"> </a> "; echo "\n<a href=\"{$PHP_SELF}?action=del_event&display_date={$display_date}&id={$id}&username={$username}&password={$password}\"><img border=0 align=right src=\"images/delete.gif\"></a>"; } echo "\n<small><b>" . strftime("%d/%m/%Y", strtotime($row["event_date"])) . " - " . $row["event"] . "</b><br>" . formattext($row["details"]) . "</small>"; echo "\n</font></td></tr>"; } if (!mysql_num_rows($result)) { echo "\n<tr bgcolor={$table_bgcolour}><td>No events could be found.<br>Click <i>Add Event</i> to create an event.</td></tr>"; } echo "\n</table>"; } echo "\n</td></tr>"; echo "\n</table>"; if (authenticate($username, $password)) { sendNavBar(array("previous", "logout", "home", "create_notice", "add_event", "edit", "next"), $username, $password, $display_date); } if ($username == "admin") { sendNavBar(array("manage_users"), $username, $password, $display_date); }
} /* ------------------------------------- */ /* Kommentarübersicht anzeigen */ $tpl->parse("HEADER", "COMMENTSHEADER", true); $tpl->set_var(array("commentscount" => $commentscount)); /* --------------------------- */ /* Kommentare anzeigen */ $cf = 'news/inc/pn_comments.dat'; $zeile = file($cf); $zeilen = sizeof($zeile); $commentnr = 0; for ($i = 0; $i < $zeilen; $i++) { $eintrag = explode("§", $zeile[$i]); if ($eintrag[1] == $_GET['id']) { $datum = formatdate($eintrag[5], $dateformat); $eintrag[2] = formattext($eintrag[2], $smilies, $smiliespath, $myBoardCodeTags, $commenthtml); $author = '<a href="mailto:' . $eintrag[4] . '">' . $eintrag[3] . '</a>'; $commentnr++; $tpl->set_var(array("datum" => $datum, "comment" => $eintrag[2], "autor" => $author, "commentnr" => '#' . $commentnr)); $tpl->parse("COMMENTSECTION", "COMMENTS", true); } } /* ------------------- */ /* Kommentarform anzeigen */ $saveurl = $newsoutput . '?pn_go=savecomment' . $params; $tpl->parse("FORM", "COMMENTFORM", true); $tpl->set_var(array('saveurl' => $saveurl, 'commentid' => $_GET['id'], 'backurl' => $_SERVER['HTTP_REFERER'])); } ######################################### ######################################### # SAVECOMMENT #
function image_update($id, $date, $title, $description, $rotate) { $cn = connect_db(); if ($title == "") { $title = "No Title"; } if ($description == "") { $description = "No Description"; } $sql = "SELECT * FROM `photo` WHERE id='" . $id . "'"; $link = mysql_query($sql, $cn) or die("Error : " . mysql_error()); $data = mysql_fetch_assoc($link); $path1 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['original_url']); $path2 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['medium_url']); $path3 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['thumb_url']); if ($rotate == "CW") { rotateImage($path1, "CW"); rotateImage($path2, "CW"); rotateImage($path3, "CW"); } if ($rotate == "CCW") { rotateImage($path1, "CCW"); rotateImage($path2, "CCW"); rotateImage($path3, "CCW"); } $d1 = date("Y-m-d", strtotime($date)); $d1 .= date(" H:i:s", time()); $sql = "update `photo` set upload_time='" . $d1 . "', title='" . formattext(htmlspecialchars(magicquotes($title))) . "', description='" . formattext(magicquotes(htmlspecialchars($description))) . "' where id='" . $id . "'"; $link = mysql_query($sql, $cn) or die("Error : " . mysql_error()); disconnect_db($cn); }
if (!$_GET['page']) { $_GET['page'] = 1; } $y = $_GET['page'] * $newsperpage; $x = $y - $newsperpage; if ($y > $zeilen) { $y = $zeilen; } /* -------------------------------------------------- */ /* Ausgabe aller Newseinträge */ for ($i = $x; $i < $y; $i++) { $eintrag = explode('§', $zeile[$i]); $datum = formatdate($eintrag[6], $dateformat); $eintrag[1] = getname($eintrag[1], 'news/inc/pn_userdata.php'); $eintrag[2] = formattext($eintrag[2], $smilies, $smiliespath, $myBoardCodeTags, $texthtml); $eintrag[3] = formattext($eintrag[3], $smilies, $smiliespath, $myBoardCodeTags, $texthtml); /* Kategorie-System */ if ($showcat == 'yes') { $eintrag[5] = getcat($eintrag[5], 'news/inc/pn_categories.dat', 'catpics', $catpics); } else { $eintrag[5] = ''; } /* ---------------- */ if ($eintrag[4] != '') { $readmore = '<a href="' . $_SERVER['PHP_SELF'] . '?pn_go=details&id=' . $eintrag[0] . $params . '">' . $more . '</a>'; } else { $readmore = ''; } $newsnr = $zeilen - $i . '. '; $commentscount = commentscount($eintrag[0]); $comments = '<a href="' . $_SERVER['PHP_SELF'] . '?pn_go=details&id=' . $eintrag[0] . $params . '">Comments (' . $commentscount . ')</a>';
function update_user($ar) { $cn = connect_db(); // print_r($ar); if ($ar['hidedob'] == "on") { $hidedob = 1; } else { $hidedob = 0; } if ($ar['hidegender'] == "on") { $hidegender = 1; } else { $hidegender = 0; } $sql = "update `users` set firstname='" . magicquotes($ar['firstname']) . "', lastname='" . magicquotes($ar['lastname']) . "', email='" . magicquotes($ar['email']) . "', photoid='" . $ar['photoid'] . "',title='" . magicquotes($ar['title']) . "', sitetype='" . $ar['sitetype'] . "', themecolor='" . $ar['color'] . "', description='" . formattext(magicquotes(htmlspecialchars($ar['sitedesc']))) . "', allowprint='" . $ar['allowprint'] . "',pictureview='" . $ar['pictureview'] . "',hidegender='" . $hidegender . "',hidedob='" . $hidedob . "' where userid='" . $_SESSION['gallery_userid'] . "'"; $link = mysql_query($sql, $cn) or die("Error : " . mysql_error()); disconnect_db($cn); }
$rss->description = 'List of newest projects on FOSS Factory.'; $rss->link = $GLOBALS['SITE_URL'] . 'browse.php'; list($rc, $projects) = ff_getnewprojects(30); if ($rc == 0) { foreach ($projects as $p) { $item = new FeedItem(); $item->title = $p['name']; $item->link = $GLOBALS['SITE_URL'] . projurl($p['id']); $item->guid = $item->link; $item->date = (int) $p['created']; $item->author = $p['creator']; $item->description = ' <p> Creator: ' . xmlescape($p['creator']) . '<br> Requirements:<br><br> ' . formattext($p['reqmts']) . ' </p> '; $rss->addItem($item); } } } else { if ($_GET['src'] == 'duties') { include_once "getduties.php"; include_once "formattext.php"; $user = scrub($_GET['u']); $rss->title = '[FF] ' . $user . '\'s duties'; $rss->description = $user . '\' duties on FOSS Factory.'; $rss->link = $GLOBALS['SITE_URL'] . 'account.php#tabs'; list($rc, $duties) = getduties($user); if ($rc == 0) {