/**
* widget function
* works for select menus and some input fields
* @param string $title
* @param string $function
* @param string $name
* @param string $value
* @param string $attr
* @param string $type
* @param string $subtitle
* @param string $req
* @param string $tag
* @param string $tag_attr
* @param string $extra
* @param string $afterwards
* @return string
* @author edited by Peng Wang <*****@*****.**>
*/
function ips($title, $function, $name, $value = '', $attr = '', $type = '', $subtitle = '', $req = '', $tag = '', $tag_attr = '', $extra = '', $afterwards = '')
{
$OBJ =& get_instance();
global $error_msg, $go;
// set a default
// we might want div later
if (!$tag) {
$tag = 'label';
}
$tag_attr ? $tag_attr = "{$tag_attr}" : ($tag_attr = '');
$OBJ->access->prefs['user_help'] == 1 ? $help = showHelp($title) : ($help = '');
$afterwards ? $afterwards = $afterwards : ($afterwards = '');
if (isset($error_msg[$name])) {
$msg = span($error_msg[$name], "class='error'");
} else {
$msg = null;
}
$subtitle ? $subtitle = span($subtitle, "class='small-txt'") : ($subtitle = '');
$title ? $title = label($title . ' ' . $subtitle . ' ' . $help . $msg) : ($title = '');
$req ? $req = showerror($msg) : ($req = '');
$extra ? $add = $extra : ($add = '');
$value = showvalue($name, $value);
if ($function === 'input') {
$function = input($name, $type, attr($attr), $value);
} else {
$function ? $function = $function($value, $name, attr($attr), $add) : ($function = null);
}
return $title . "\n" . $function;
}
function selectDistinct($connection, $tableName, $attributeName, $pulldownName, $defaultValue)
{
$defaultWithinResultSet = FALSE;
// Query to find distinct values of $attributeName in $tableName
$distinctQuery = "SELECT DISTINCT {$attributeName} FROM\n {$tableName}";
// Run the distinctQuery on the databaseName
if (!($resultId = @mysql_query($distinctQuery, $connection))) {
showerror();
}
// Start the select widget
print "\n<select name=\"{$pulldownName}\">";
// Retrieve each row from the query
while ($row = @mysql_fetch_array($resultId)) {
// Get the value for the attribute to be displayed
$result = $row[$attributeName];
// Check if a defaultValue is set and, if so, is it the
// current database value?
if (isset($defaultvalue) && $result == $defaultValue) {
// Yes, show as selected
print "\n\t<option selected value=\"{$result}\">{$result}";
} else {
// No, just show as an option
print "\n\t<option value=\"{$result}\">{$result}";
}
print "</option>";
}
print "\n</select>";
}
public function sendmail($to, $subject, $message)
{
global $wsn;
global $debug;
try {
global $smtpCfg;
$smtpHost = $smtpCfg['servers'];
$smtpFrom = $smtpCfg['from'];
$smtpUsername = $smtpCfg['username'];
$smtpPassword = $smtpCfg['password'];
} catch (Exception $e) {
echo "Email not properly configured. Contact the site owner to report this problem. <br />";
showerror();
return false;
}
// mail($to,$subject,$message);
$mail = new PHPMailer();
//$mail->SMTPDebug = 3; // Enable verbose debug output
$mail->isSMTP();
// Set mailer to use SMTP
$mail->Host = $smtpHost;
// Specify main and backup SMTP servers
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->Username = $smtpUsername;
// SMTP username
$mail->Password = $smtpPassword;
// SMTP password
$mail->SMTPSecure = 'tls';
// Enable TLS encryption, `ssl` also accepted
$mail->Port = 587;
// TCP port to connect to
$mail->From = $smtpFrom;
$mail->FromName = $wsn;
$mail->addAddress($to);
// Add a recipient
/*
$mail->addAddress('*****@*****.**');
$mail->addReplyTo('*****@*****.**', 'Information');
$mail->addCC('*****@*****.**'); // Optional recipients.
$mail->addBCC('*****@*****.**');
*/
$mail->WordWrap = 80;
// Set word wrap to 50 characters
$mail->isHTML(true);
// Set email format to HTML
$mail->Subject = "{$wsn} Account Activation";
$mail->Body = $message;
$mail->AltBody = strip_tags($message);
// Plain text alternative
if (!$mail->send()) {
echo 'Email could not be sent.';
if ($debug) {
echo 'Mailer Error: ' . $mail->ErrorInfo;
}
showerror();
return false;
}
return true;
}
function displayWinesList($connection, $query, $regionName)
{
// Run the query on the server
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Find out how many rows are available
$rowsFound = @mysql_num_rows($result);
// If the query has results ...
if ($rowsFound > 0) {
// ... print out a header
print "Wines of {$regionName}<br>";
// and start a <table>.
print "\n<table>\n<tr>" . "\n\t<th>Wine ID</th>" . "\n\t<th>Wine Name</th>" . "\n\t<th>Year</th>" . "\n\t<th>Winery</th>" . "\n\t<th>Description</th>\n</tr>";
// Fetch each of the query rows
while ($row = @mysql_fetch_array($result)) {
// Print one row of results
print "\n<tr>\n\t<td>{$row["wine_id"]}</td>" . "\n\t<td>{$row["wine_name"]}</td>" . "\n\t<td>{$row["year"]}</td>" . "\n\t<td>{$row["winery_name"]}</td>" . "\n\t<td>{$row["description"]}</td>\n</tr>";
}
// end while loop body
// Finish the <table>
print "\n</table>";
}
// end if $rowsFound body
// Report how many rows were found
print "{$rowsFound} records found matching your criteria<br>";
}
function delete_avatar()
{
global $ttf;
$sql = "SELECT avatar_type FROM ttf_user WHERE user_id='{$ttf["uid"]}'";
if (!($result = mysql_query($sql))) {
showerror();
}
list($ext) = mysql_fetch_row($result);
// if the user has an avatar
if (!empty($ext)) {
// delete the avatar
if (!unlink("avatars/" . $ttf["uid"] . "." . $ext)) {
// it wasn't deleted
return FALSE;
} else {
// if successful, remove it from the user row
$sql = "UPDATE ttf_user SET avatar_type=NULL " . "WHERE user_id='{$ttf["uid"]}' ";
if (!($result = mysql_query($sql))) {
// we couldn't reflect the deletion in the db
showerror();
} else {
// everything worked
return TRUE;
}
}
} else {
// there was no avatar to delete,
// so we are still happy people
return TRUE;
}
}
function authenticateUserNav($connection, $username, $password)
{
include '../paths.php';
require CONFIG . 'config.php';
require INCLUDES . 'url_variables.inc.php';
require INCLUDES . 'db_tables.inc.php';
// Test the username and password parameters
if (!isset($username) || !isset($password)) {
return false;
}
if (NHC) {
// Place NHC SQL calls below
} else {
$query = "SELECT password FROM {$users_db_table} WHERE user_name = '{$username}' AND password = '******'";
}
// Execute the query
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Is the returned result exactly one row? If so, then we have found the user
if (mysql_num_rows($result) != 1) {
return false;
} else {
return true;
}
}
public function changepass($newpass, $username)
{
global $mysqli;
$username = $mysqli->real_escape_string($username);
$hashpass = $this->hash($newpass);
$qr = "UPDATE auth SET password='******' WHERE username='******';";
$e = $mysqli->query($qr) or showerror();
return true;
}
function user_link_table_length($current_user)
{
global $mysqli;
$current_user = $mysqli->real_escape_string($current_user);
$result = $mysqli->query("SELECT COUNT(`rurl`) FROM `redirinfo` WHERE `user` = '{$current_user}';") or showerror();
$count = $result->fetch_assoc();
$count = (double) $count["COUNT(`rurl`)"];
$pages = $count / 30;
return ceil($pages);
}
/**
* @brief Constructor
*/
function __construct()
{
includeeasyhelper('logger');
includeeasyhelper('showerror');
includeeasylibrary('easyinireaderwriter');
log_message(LOGGER_DEBUG, 'called function: ' . $this->getlibraryname() . '.' . __FUNCTION__ . ' begin');
//log_message ( LOGGER_SYSTEM, $this->getlibraryname () . ' library is inited. version:' . $this->getversion () );
adddependency($this->getlibraryname(), $this->getversion(), COMPONENT_LIBRARY, 'logger', '1.0.0.2', COMPONENT_HELPER);
adddependency($this->getlibraryname(), $this->getversion(), COMPONENT_LIBRARY, 'easyinireaderwriter', '1.0.0.5', COMPONENT_LIBRARY);
$this->acturl = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$this->segments = array();
$this->controller = '';
$this->functionname = '';
$tacturl = $this->acturl;
$tbaseurl = substr(geteasy()->getbaseurl(), strpos(geteasy()->getbaseurl(), '://') + 3);
if (substr($tacturl, 0, strlen($tbaseurl)) == $tbaseurl) {
$tacturl = substr($tacturl, strlen($tbaseurl));
// Find parameters
$poz = strpos($tacturl, '?');
if ($poz !== FALSE) {
$arr = explode('&', substr($tacturl, $poz + 1));
foreach ($arr as $item) {
$par = explode('=', $item);
$this->parameters[] = array('name' => isset($par[0]) ? urldecode($par[0]) : '', 'value' => isset($par[1]) ? urldecode($par[1]) : '');
}
log_message(LOGGER_INFO, 'found parameters=' . print_r($this->parameters, true));
$tacturl = substr($tacturl, 0, strpos($tacturl, '?'));
} else {
$this->parameters = array();
}
if (!$tacturl || strtoupper($tacturl) == 'INDEX.PHP') {
// Not found method
getinivalue('config', 'config.ini', 'routes', 'default', 'default/index');
// Create if not exists
$tacturl = 'default';
} else {
// remove index.php
$tacturl = str_replace('index.php/', '', $tacturl);
$tacturl = str_replace('index.php', '', $tacturl);
}
if (!$this->parsemethod($tacturl)) {
/*Show error*/
$arr = explode('/', $tacturl);
log_message(LOGGER_SYSTEM, print_r($arr[0], true) . ' method not found!');
showerror('Hiba', 'A ' . $arr[0] . ' metódus nem található', '');
exit;
}
} else {
/*Show error*/
log_message(LOGGER_SYSTEM, print_r($tbaseurl, true) . ' is not set in config file\'s baseurl entry!');
showerror('Hiba', 'A megadott URL nem felel meg a config fájlban beállított baseurl értékének.', '');
exit;
}
log_message(LOGGER_DEBUG, 'called function: ' . $this->getlibraryname() . '.' . __FUNCTION__ . ' end');
}
function showgifts($connection, $delete, $user)
{
// If we're showing the available gifts, then set up
// a query to show all unreserved gifts (where people IS NULL)
if ($delete == false) {
$query = "SELECT * \n FROM presents\n WHERE people_id IS NULL\n ORDER BY present";
} else {
// Otherwise, set up a query to show all gifts reserved by
// this user
$query = "SELECT * \n FROM presents\n WHERE people_id = \"{$user}\"\n ORDER BY present";
}
// Run the query
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Did we get back any rows?
if (@mysql_num_rows($result) != 0) {
// Yes, so show the gifts as a table
echo "\n<table border=1 width=100%>";
// Create some headings for the table
echo "\n<tr>" . "\n\t<th>Quantity</th>" . "\n\t<th>Gift</th>" . "\n\t<th>Colour</th>" . "\n\t<th>Available From</th>" . "\n\t<th>Price</th>" . "\n\t<th>Action</th>" . "\n</tr>";
// Fetch each database table row of the results
while ($row = @mysql_fetch_array($result)) {
// Display the gift data as a table row
echo "\n<tr>" . "\n\t<td>{$row["quantity"]}</td>" . "\n\t<td>{$row["present"]}</td>" . "\n\t<td>{$row["colour"]}</td>" . "\n\t<td>{$row["shop"]}</td>" . "\n\t<td>{$row["price"]}</td>";
// Should we offer the chance to remove the gift?
if ($delete == true) {
// Yes. So set up an embedded link that the user can click
// to remove the gift to their shopping list by running
// action.php with action=delete
echo "\n\t<td><a href=\"action.php?action=delete&" . "present_id={$row["present_id"]}\">Delete from Shopping list</a>";
} else {
// No. So set up an embedded link that the user can click
// to add the gift to their shopping list by running
// action.php with action=insert
echo "\n\t<td><a href=\"action.php?action=insert&" . "present_id={$row["present_id"]}\">Add to Shopping List</a>";
}
}
echo "\n</table>";
} else {
// No data was returned from the query.
// Show an appropriate message
if ($delete == false) {
echo "\n<h3><font color=\"red\">No gifts left!</font></h3>";
} else {
echo "\n<h3><font color=\"red\">Your Basket is Empty!</font></h3>";
}
}
}
function smallbiz_tax_form($id, $street, $po_box, $city, $state, $zipcode, $total_income, $small_biz, $num_of_employees, $refund, $signature, $date)
{
if ($GLOBALS['connected'] == False) {
connect_to_db();
}
$tax_rate = get_company_tax_rate($total_income);
$tax_rate = $tax_rate / 100;
$amount_due = $tax_rate * $total_income;
$query = "INSERT INTO individual_forms VALUES ('{$id}', '{$street}', '{$po_box}', '{$city}', '{$state}', '{$zipcode}', '{$total_income}', '{$small_biz}', '{$num_of_employees}', '{$refund}', '{$signature}', '{$date}')";
if (!($result = @mysql_query($query, $GLOBALS['$connection']))) {
showerror();
}
header("Location: http://project.patthickey.com");
die;
}
function __construct()
{
global $db_host, $db_username, $db_password, $db_name, $flickr_key, $flickr_secret;
$this->mysqli = new mymysqli($db_host, $db_username, $db_password, $db_name);
// Decide which user we're viewing. ?displayuser= will override everything else. Assume userid = 1 if nothing is specified.
session_start();
if (preg_match('/\\/badge.jpg$/', $_REQUEST['user'])) {
$split = preg_split('/\\//', $_REQUEST['user']);
$_REQUEST['user'] = $split[0];
require_once 'badge.php';
exit;
}
if (preg_match('/index.php$/', $_SERVER['SCRIPT_FILENAME']) and $_REQUEST['user'] == '') {
$_SESSION['user'] = "******";
$this->username = "******";
} elseif ($_REQUEST['user'] == '' and $_SESSION['user'] != '') {
$this->username = $_SESSION['user'];
} elseif ($_SESSION['user'] != '') {
$_SESSION['user'] = $_REQUEST['user'];
$this->username = $_REQUEST['user'];
} else {
$this->username = "******";
}
// Get information about the displayed user.
$sql = "SELECT id, username, password, startlat, startlong, title, foursquare, last_check, flickr_user, flickr_token, keyword FROM users WHERE LOWER(username) = ?";
$stmt = $this->mysqli->prepare($sql);
$stmt->bind_param('s', strtolower($this->username));
$stmt->execute();
$stmt->bind_result($this->displayuser, $this->username, $this->password, $this->startLat, $this->startLong, $this->title, $this->foursquare, $this->last_check, $this->flickr_user, $this->flickr_token, $this->keyword);
$stmt->fetch();
if (!$this->displayuser) {
showerror("User was not found.");
}
// Check to see if the user is authorized to make changes
$this->authenticated = 0;
if (isset($_COOKIE['auth'])) {
$this->authuserid = $_COOKIE['auth']['userid'];
$hash = $_COOKIE['auth']['hash'];
if ($this->authuserid == $this->displayuser) {
if ($hash == md5($this->password . $this->authuserid . $_SERVER['HTTP_USER_AGENT'])) {
$this->authenticated = 1;
}
}
}
}
function displayList($connection, $query, $wine_name)
{
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
$rowsFound = @mysql_num_rows($result);
if ($rowsFound > 0) {
print "Wines of {$regionName}<br>";
print "\n<table>\n<tr>\n\t" . "<th>Wine Name</th>\n\t" . "<th>Variety</th>\n\t" . "<th>Year</th>\n\t" . "<th>Winery</th>\n\t" . "<th>Region</th>\n\t" . "<th>Cost</th>\n\t" . "<th>Quantity</th>\n\t" . "\n\t\t\t<th>Stock Sold</th>\n\t" . "\n\t<th>Sales Revenue</th>\n\t";
while ($row = @mysql_fetch_array($result)) {
echo "\n<tr>\n\t<td>{$row["wine_name"]}</td>" . "\n\t<td>{$row["variety"]}</td>" . "\n\t<td>{$row["year"]}</td>" . "\n\t<td>{$row["winery_name"]}</td>" . "\n\t<td>{$row["region_name"]}</td>" . "\n\t<td>{$row["cost"]}</td>" . "\n\t<td><div align = 'center'>{$row["on_hand"]}</div></td>" . "\n\t<td><div align = 'center'>{$row["sum(qty)"]}</div></td>" . "\n\t<td><div align = 'center'>{$row["sum(price)"]}</div></td>\n";
}
echo "\n</table>";
print "{$rowsFound}";
} else {
echo "\n\n Your search criteria did not match any data in the database";
}
}
function authenticateUserNav($connection, $username, $password)
{
// Test the username and password parameters
if (!isset($username) || !isset($password)) {
return false;
}
// Formulate the SQL find the user
$query = "SELECT password FROM users WHERE user_name = '{$username}'\r\n AND password = '******'";
// Execute the query
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Is the returned result exactly one row? If so, then we have found the user
if (mysql_num_rows($result) != 1) {
return false;
} else {
return true;
}
}
function authenticateUser($connection, $username, $password)
{
$username = strtolower($username);
include '../paths.php';
require CONFIG . 'config.php';
require INCLUDES . 'url_variables.inc.php';
require INCLUDES . 'db_tables.inc.php';
// Test the username and password parameters
if (!isset($username) || !isset($password)) {
return false;
}
// Formulate the SQL find the user
$password = md5($password);
$query = "SELECT password FROM {$users_db_table} WHERE user_name = '{$username}' AND password = '******'";
mysql_real_escape_string($query);
$result = mysql_query($query, $connection);
/*
if(!$result || (mysql_numrows($result) < 1)){
return false; //Indicates username failure
}
// Retrieve password from result
$dbarray = mysql_fetch_array($result);
// Validate that password is correct
if($password == $dbarray['password']){
return true; //Success! Username and password confirmed
}
else{
return false; //Indicates password failure
}
*/
// Execute the query
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Is the returned result exactly one row? If so, then we have found the user
if (mysql_num_rows($result) != 1) {
return false;
} else {
return true;
}
}
function getWines($regionName)
{
// Connect to the server
if (!($connection = @mysql_connect(DB_HOST, DB_USER, DB_PW))) {
showerror();
}
if (!mysql_select_db(DB_NAME, $connection)) {
showerror();
}
// manually clean data
$regionName = substr($regionName, 0, 30);
$regionName = mysql_real_escape_string($regionName, $connection);
// Start a query ...
$query = "SELECT wine_id, wine_name, description, year, winery_name\n FROM winery, region, wine\n WHERE winery.region_id = region.region_id\n AND wine.winery_id = winery.winery_id";
// ... then, if the user has specified a region, add the regionName
// as an AND clause ...
if (isset($regionName) && $regionName != "All") {
$query .= " AND region_name = '{$regionName}'";
}
// ... and then complete the query.
$query .= " ORDER BY wine_name";
// Run the query on the server
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Find out how many rows are available
$rowsFound = @mysql_num_rows($result);
$wines = array();
// If the query has results ...
if ($rowsFound > 0) {
// Fetch each of the query rows
while ($row = @mysql_fetch_assoc($result)) {
$wines[$row['wine_id']] = $row;
}
// end while loop body
}
// end if $rowsFound body
return $wines;
}
function display_table($connection, $query)
{
// Run the query on the server
if (!($result = @mysql_query($query, $connection))) {
showerror();
echo "<br>";
}
// Find out how many rows are available
$rowFound = @mysql_num_rows($result);
if ($rowFound > 0) {
echo "Search Result as below";
echo "<br>";
echo $rowFound . " datas found in database";
echo "<table width='1250' cellpadding='5' cellspacing='5' border='2'>";
echo "<tr><td width = '150'><b>Name</b></td>\n\t\t\t\t <td width = '100'><b>Variety</b></td>\n\t\t\t\t <td width = '100'><b>Year</b></td>\n\t\t\t\t <td width = '200'><b>Winery</b></td>\n\t\t\t\t <td width = '200'><b>Region</b></td>\n\t\t\t\t <td width = '100'><b>Cost</b></td>\n\t\t\t\t <td width = '150'><b>Total number</b></td>\n\t\t\t\t <td width = '100'><b>Total stock</b></td>\n\t\t\t\t <td width = '150'><b>Total revenue</b></td></tr>";
while ($row = @mysql_fetch_array($result)) {
echo "<tr><td width = '150'>{$row["wine_name"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["variety"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["year"]}</td>\n\t\t\t\t\t\t <td width = '200'>{$row["winery_name"]}</td>\n\t\t\t\t\t\t <td width = '200'>{$row["region_name"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["cost"]}</td>\n\t\t\t\t\t\t <td width = '150'>{$row["sum(qty)"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["on_hand"]}</td>\n\t\t\t\t\t\t <td width = '150'>{$row["sum(price)"]}</td>\n\t\t\t\t\t\t </tr>";
}
echo "</table>";
} else {
echo " No matched record";
}
}
function getRegions()
{
// Connect to the server
if (!($connection = @mysql_connect(DB_HOST, DB_USER, DB_PW))) {
showerror();
}
if (!mysql_select_db(DB_NAME, $connection)) {
showerror();
}
// Query to find distinct values of $attributeName in $tableName
$distinctQuery = "SELECT DISTINCT region_id, region_name FROM region";
// Run the distinctQuery on the databaseName
if (!($resultId = @mysql_query($distinctQuery, $connection))) {
showerror();
}
$regions = array();
// Retrieve each row from the query
while ($row = @mysql_fetch_array($resultId)) {
// Get the value for the attribute to be displayed
$regions[$row['region_name']] = $row['region_name'];
}
return $regions;
}
function authenticateUser($connection, $username, $password)
{
// Test the username and password parameters
if (!isset($username) || !isset($password)) {
return false;
}
// Formulate the SQL find the user
$password = md5($password);
$query = "SELECT password FROM users WHERE user_name = '{$username}'\n AND password = '******'";
/* $result = mysql_query($query, $connection);
if(!$result || (mysql_numrows($result) < 1)){
return false; //Indicates username failure
}
// Retrieve password from result
$dbarray = mysql_fetch_array($result);
// Validate that password is correct
if($password == $dbarray['password']){
return true; //Success! Username and password confirmed
}
else{
return false; //Indicates password failure
}
*/
// Execute the query
if (!($result = @mysql_query($query, $connection))) {
showerror();
}
// Is the returned result exactly one row? If so, then we have found the user
if (mysql_num_rows($result) != 1) {
return false;
} else {
return true;
}
}
/*
Redirect to target URL.
*/
require_once 'lib-core.php';
if (is_string($_GET['u'])) {
$val = $mysqli->real_escape_string($_GET['u']);
} else {
echo "Sorry. You didn't enter a valid ending.";
die;
}
if (strstr($val, "t-")) {
$query = "SELECT `rurl` FROM `redirinfo-temp` WHERE baseval='{$val}'";
} else {
$query = "SELECT `rurl`,`lkey` FROM `redirinfo` WHERE baseval='{$val}'";
}
$result = $mysqli->query($query) or showerror();
$row = mysqli_fetch_assoc($result);
if (!isset($row['rurl']) || strlen($row['rurl']) < 1) {
header("Location: 404.php", true, 302);
die;
}
if (strtolower($row['rurl']) == "disabled") {
require_once 'layout-headerlg.php';
echo "<h2>The link you are trying to reach has been disabled.</h2><br>" . "Sorry for the inconvienience.";
require_once 'layout-footerlg.php';
die;
}
$lkey = @$row['lkey'];
if (strlen($lkey) > 1) {
// check for key
$sent_lkey = isset($_GET[$lkey]);
public function mudaPassword()
{
if( validaUtilizador($user, $pass) )
{
if (strcmp($newPassword1, $newPassword2) == 0)
{
$digest = $this->codificaSenha($newPassword1);
//$update_query = "UPDATE users SET password = '******' WHERE user_name = '{$_SESSION["loginUsername"]}'";
$this->pass = $digest;
if (!$result = @ mysql_query ($update_query, $connection)){
showerror();
$_SESSION["passwordMessage"] = "Password changed for '{$_SESSION["loginUsername"]}'";
}
else
{
$_SESSION["passwordMessage"] = "Could not change password for '{$_SESSION["loginUsername"]}'";
}
}
}
}
$uc_authcode = getgpc('uc_authcode', 'C');
if (empty($uc_authcode) || authcode($uc_authcode, 'DECODE', UC_KEY) != UC_FOUNDERPW) {
$uc_founderpw = getgpc('uc_founderpw');
if (empty($uc_founderpw) || UC_FOUNDERPW != md5(md5($uc_founderpw) . UC_FOUNDERSALT)) {
echo '<form method="post">';
echo '请输入UCenter创始人密码:<input type="password" name="uc_founderpw" /> <input type="submit" value="提交" />';
exit;
} else {
setcookie('uc_authcode', authcode(UC_FOUNDERPW, 'ENCODE', UC_KEY));
header("Location: upgrade2.php?action=upgsecques");
exit;
}
}
if (!is_dir(UC_ROOT . './data/upgsecques')) {
showheader();
showerror('请先将论坛下 ./forumdata/upgsecques 目录上传到UCenter 目录 ./data/ 下,之后<a href="javascript:location.reload();" target="_self">刷新此页面</a>');
}
$num = getgpc('num');
$num = $num ? intval($num) : 1;
$random = getgpc('random');
if (empty($random)) {
$dir = UC_ROOT . './data/upgsecques';
$directory = dir($dir);
while ($entry = $directory->read()) {
if (preg_match('/^secques_(\\w+)_\\d+/', $entry, $match)) {
break;
}
}
$random = $match[1];
}
$dump_file = UC_ROOT . './data/upgsecques/secques_' . $random . '_' . $num . '.sql';
} else {
switchConnection("characters", REALM_NAME);
// The arenateam ID was set.. Now, get information on the arenateam //
$arenateamId = (int) $_GET["arenateamid"];
$arenateamquery = execute_query("SELECT * FROM `arena_team`,`arena_team_stats` WHERE `arena_team`.`arenateamid` = `arena_team_stats`.`arenateamid` AND `arena_team_stats`.`arenateamid` = " . $arenateamId . " LIMIT 1");
// If there were no results, the arenateam did not exist //
if (!($arenateam = mysql_fetch_assoc($arenateamquery))) {
showerror("Arena does not exist", "The arenateam with ID "" . $arenateamId . "" does not exist.");
$do_query = 0;
} else {
// The arenateam exists //
// Basic Information on Arena Team //
// Get the arenateam captain if it exists //
if (!$arenateam["captainguid"]) {
// Arena Team has no master? err //
showerror("<Arena Team has no captain>", "The arenateam with the ID "" . $arenateamId . "" has no captain.");
$do_query = 0;
} else {
$do_query = 1;
}
}
}
if ($do_query) {
// Return the captain of the arenateam //
$captaindata = mysql_fetch_assoc(execute_query("SELECT `name`, `race`, `class`, `data` FROM `characters` WHERE `guid` = " . $arenateam["captainguid"] . " LIMIT 1"));
$char_data = explode(" ", $captaindata["data"]);
$captaindata["level"] = $char_data[$defines["LEVEL"][CLIENT]];
$captain_gender = dechex($char_data[$defines["GENDER"][CLIENT]]);
unset($char_data);
$captain_gender = str_pad($captain_gender, 8, 0, STR_PAD_LEFT);
$captaindata["gender"] = $captain_gender[3];
//prevent user from registering
}
$opts = array('cost' => 10, 'salt' => $salt);
$hashed = password_hash($reg['password'], PASSWORD_BCRYPT, $opts);
$reg['password'] = $hashed;
if ($regtype == "free") {
$active = "1";
} else {
$active = "0";
}
//$qr = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES ('{$reg['username']}','{$reg['email']}','{$hashed}','{$reg['rkey']}','{$active}', '{$ip}');";
//$rr = $mysqli->query($qr) or showerror();
$qp = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES (?,?,?,?,?,?)";
$st = $mysqli->prepare($qp) or showerror();
$st->bind_param('ssssss', $reg['username'], $reg['email'], $hashed, $reg['rkey'], $active, $ip) or showerror();
$st->execute() or showerror();
if ($regtype == 'email') {
$sglink = "http://{$wsa}/activate.php?key=" . $reg['rkey'] . '&user='******'username'];
$sgmsg = "Please validate your {$wsn} Account by clicking the link below or pasting it into your browser:<br>" . '<a href="' . $sglink . '">' . $sglink . '</a>' . "<br><br>If you did not register at {$wsn} (<a href='//{$wsa}'>{$wsn}</a>), please disregard this email." . "<br>";
$to = $reg['email'];
$sm = $sgmail->sendmail($to, 'Polr Account Validation', $sgmsg);
require_once 'layout-headerlg.php';
echo "Thanks for registering. Check your email for an activation link. You must activate your account before logging in (top right corner)";
require_once 'layout-footerlg.php';
die;
} else {
require_once 'layout-headerlg.php';
echo "Thanks for registering. You may now login (top right corner)";
require_once 'layout-footerlg.php';
die;
}
echo _ADMIN_GOBACK;
?>
</A> <IMG SRC="images/icon/arrow_wap.gif" BORDER="0" ALIGN="absmiddle"> <a href="?name=admin&file=member"><?php
echo _ADMIN_MEMBER_MENU_TITLE;
?>
</a> <IMG SRC="images/icon/arrow_wap.gif" BORDER="0" ALIGN="absmiddle"> <a href="?name=admin&file=member_mail"><?php
echo _ADMIN_MEMBER_MENU_MAILTO_MEM;
?>
</a></B> <BR>
<?php
if ($result) {
echo "<center><font size='3' face='MS Sans Serif'>" . _ADMIN_MEMBER_MESSAGE_DEL_MEM_OK . " {$member_id} " . _ADMIN_MEMBER_MESSAGE_DEL_MEM_OK1 . "";
echo "<br><br>" . _ADMIN_MEMBER_MESSAGE_DEL_MEM_WAIT . "</font></center>";
echo "<meta http-equiv='refresh' content='2;url=?name=admin&file=member'>";
//exit() ;
} else {
$showmsg = "<br><br><center><font size='3' face='MS Sans Serif'><b>" . _ADMIN_MEMBER_MESSAGE_NO_DEL . "</b></font><br><br>\n<input type='button' value='" . _ADMIN_MEMBER_MESSAGE_NO_DEL_GOBACK . "' onclick='history.back();'></center>";
showerror($showmsg);
}
?>
</TD>
</TR>
</TABLE></td>
</tr>
</table>
</TD>
</TR>
</TABLE>
<?php
}
}
} else {
switchConnection("characters", REALM_NAME);
// The guild ID was set.. Now, get information on the guild //
$guildId = (int) $_GET["guildid"];
$guildquery = execute_query("SELECT * FROM `guild` WHERE `guildid` = " . $guildId . " LIMIT 1");
// If there were no results, the guild did not exist //
if (!($guild = mysql_fetch_assoc($guildquery))) {
showerror("Guild does not exist", "The guild with ID "" . $guildId . "" does not exist.");
$do_query = 0;
} else {
// The guild exists //
// Basic Information on Guild //
// Get the guild leader if it exists //
if (!$guild["leaderguid"]) {
// Guild has no master? err //
showerror("<Guild has no leader>", "The guild with the ID "" . $guildId . "" has no leader.");
$do_query = 0;
} else {
$do_query = 1;
}
}
}
if ($do_query) {
// Return the leader of the guild //
$gleader = execute_query("SELECT `name`, `race`, `class`, `data` FROM `characters` WHERE `guid` = " . $guild["leaderguid"] . " LIMIT 1");
$gmdata = mysql_fetch_assoc($gleader);
$char_data = explode(" ", $gmdata["data"]);
$gmdata["level"] = $char_data[$defines["LEVEL"][CLIENT]];
$gm_gender = dechex($char_data[$defines["GENDER"][CLIENT]]);
unset($char_data);
$gm_gender = str_pad($gm_gender, 8, 0, STR_PAD_LEFT);
function remote_install()
{
global $family;
$token = '';
$pars = array();
$pars['host'] = $_SERVER['HTTP_HOST'];
$pars['version'] = '0.7';
$pars['release'] = '';
$pars['type'] = 'install';
$pars['product'] = '';
$url = 'http://v2.addons.we7.cc/gateway.php';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $pars);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, '__remote_install_headers');
$content = curl_exec($ch);
curl_close($ch);
$sign = __remote_install_headers();
$ret = array();
if (empty($content)) {
return showerror(-1, '获取安装信息失败,可能是由于网络不稳定,请重试。');
}
$ret = unserialize($content);
if ($sign != md5($ret['data'] . $token)) {
return showerror(-1, '发生错误: 数据校验失败,可能是传输过程中网络不稳定导致,请重试。');
}
$ret['data'] = unserialize($ret['data']);
return $ret['data'];
}
ALTER TABLE uc_applications CHANGE ip ip varchar(15) NOT NULL default '';
ALTER TABLE uc_applications CHANGE viewprourl viewprourl varchar(255) NOT NULL default '';
ALTER TABLE uc_applications CHANGE apifilename apifilename varchar(128) NOT NULL default 'uc.php';
ALTER TABLE uc_applications CHANGE charset charset varchar(16) NOT NULL default '';
ALTER TABLE uc_applications CHANGE dbcharset dbcharset varchar(16) NOT NULL default '';
ALTER TABLE uc_applications CHANGE extra extra text NOT NULL;
ALTER TABLE uc_applications CHANGE tagtemplates tagtemplates text NOT NULL;
REPLACE INTO uc_settings (k, v) VALUES ('privatepmthreadlimit','25');
REPLACE INTO uc_settings (k, v) VALUES ('chatpmthreadlimit','30');
REPLACE INTO uc_settings (k, v) VALUES ('chatpmmemberlimit','35');
REPLACE INTO uc_settings (k, v) VALUES ('version','1.6.0');
EOT;
if (file_exists($lock_file)) {
showheader();
showerror('Upgrade is locked!<br>For continue the upgrade you need to remove the ' . str_replace(UC_ROOT, '', $lock_file) . ' file, and then restart the operation');
showfooter();
}
if (!$action) {
showheader();
?>
<p>This procedure is used to upgrade UCenter 1.5.2 to UCenter 1.6.0</p>
<p>Before running the upgrade process, make sure you have uploaded UCenter 1.6.0 all files and directories</p>
<p>Strongly recommended to backup the UCenter database before upgrade!</p>
<p>If you confirm completion of the above step, <a href="<?php
echo $PHP_SELF;
?>
?action=db">please click here to start upgrade</a></p>
<?php
// if there isn't exactly one match, we have serious problems. ABORT!
if (mysql_num_rows($result) !== 1) {
message($ttf_label, $ttf_msg["fatal_error"], $ttf_msg["passkeydne"]);
die;
}
// otherwise, grab the infos
list($user_id, $password) = mysql_fetch_array($result);
// use the information to change the active password
$sql = "UPDATE ttf_user " . "SET password='******' " . "WHERE user_id='{$user_id}' ";
if (!($result = mysql_query($sql))) {
showerror();
}
// get rid of the recovery record
$sql = "DELETE FROM ttf_recover WHERE passkey='{$passkey}'";
if (!($result = mysql_query($sql))) {
showerror();
}
// tell the user it worked, kill the agent
message($ttf_label, $ttf_msg["successtitl"], $ttf_msg["pwdchanged"]);
die;
}
echo <<<EOF
<div class="contenttitle">activate your password</div>
<div class="contentbox">
<form action="activate.php" method="post">
<div>
enter your passkey to activate your new password.<br /><br />
<input type="text" name="passkey" size="36" /><br /><br />
<input type="submit" value="activate" />
</div>
</form>
function demoinfo()
{
showerror($caption = 'Info', $errormessage = 'Info message', $this->getbaseurl(), 'defaulterror', 'info');
}
