function regKunde() { $fornavn = $this->fornavn; $etternavn = $this->etternavn; $adresse = $this->adresse; $postnr = $this->postnr; $telefonnr = $this->telefonnr; $epost = $this->epost; $db = new sql(); $resultat = $db->query("INSERT INTO webprosjekt_kunde (Fornavn,Etternavn,Adresse,PostNr,Telefonnr,Epost,Passord)" . " VALUES('{$fornavn}','{$etternavn}','{$adresse}','{$postnr}','{$telefonnr}','{$epost}','temporary')"); $KNr = $db->insert_id; if ($db->affected_rows < 1) { return "<p class=\"feilmelding\">Databasefeil ved registrering av ny bruker. Vennligst forsøk på nytt eller ta kontakt med supporten. (Errno NK01)</p>"; } $passord = genPassord(); $dbPassord = cryptPass($passord, $KNr . $epost); $resultat = $db->query("UPDATE webprosjekt_kunde SET Passord='{$dbPassord}' WHERE KNr='{$KNr}'"); if ($db->affected_rows < 1) { return "<p class=\"feilmelding\">Databasefeil ved registrering av ny bruker. Vennligst forsøk på nytt eller ta kontakt med supporten. (Errno NK02)</p>"; } $db->close(); $emne = "Registrering i Nettbutikken"; $tekst = "Hei\r\n\r\n" . "Din nye bruker i HBHL nettbutikk er nå registrert.\r\n\r\n" . "Her er din innloggingsinformasjon:\r\n" . "Brukernavn: {$epost} \r\n" . "Passord: {$passord} \r\n\r\n" . "For å logge inn, gå til http://nettbutikk.henrikh.net/ \r\n" . "Du kan selvsagt bytte passord når du har logget inn.\r\n\r\n" . "Hilsen,\r\nHiranBårdHenrikLars."; $hode = 'From: nettbutikk@henrikh.net' . "\r\n" . 'Reply-To: nettbutikk@henrikh.net' . "\r\n" . 'Content-type: text/plain; charset=iso-8859-1' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $resultat = @mail($epost, $emne, $tekst, $hode); if ($resultat) { return "<p class=\"okmelding\">Brukeren din har nå blitt opprettet. Brukernavn og passord er sendt på e-post til {$epost}.</p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>"; } else { return "<p class=\"okmelding\">Brukeren din har nå blitt opprettet.</p>" . "<p>Her er din innloggingsinformasjon:<br>" . "Brukernavn: {$epost} <br>" . "Passord: {$passord} </p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>"; } }
function check_login_info($_username, $_password) { $sql = new sql(); $query = "select id, password, date_creation from qcs_users where username = '******'"; $rs = $sql -> dquery($query); if ($rs[0] > 0) { $date_creation = substr($rs[1]['date_creation'], 0, 10); $input_password = md5(md5($_password).$date_creation); $db_password = $rs[1]['password']; $user_id = $rs[1]['id']; if ($input_password != $db_password) $user_id = -1; // echo "password = "******"rs[1]['password'] = " . $rs[1]['password']; // exit(); if($rs[1]['password'] == md5($_password)) $user_id = $rs[1]['id']; } else $user_id = -1; $sql -> dclose(); return $user_id; }
protected static function loginPost() { $email = type::post('email', 'string'); $password = type::post('password', 'string'); $remember = type::post('remember', 'int'); if (is_null($email) || is_null($password) || $email == '' || $password == '') { echo message::info(lang::get('fill_out_both')); return; } $sql = new sql(); $sql->query('SELECT password, salt, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"'); if (!$sql->num()) { echo message::danger(sprintf(lang::get('email_not_found'), htmlspecialchars($email)), true); $shake = 1; return; } $sql->result(); if (!self::checkPassword($password, $sql->get('salt'), $sql->get('password'))) { echo message::danger(lang::get('wrong_pw')); $shake = 1; return; } self::loginSession(); self::$userID = $sql->get('id'); $_SESSION['login'] = $sql->get('id'); if ($remember) { setcookie("remember", $sql->get('id'), time() + 3600 * 24 * 7); } }
/** * Fill an array with the data of Articles, which is ready to paste in a ComaLate-Template * @access public * @param integer Maximum The maximum count of Articles, which should be loaded, if it is -1 all Articles will be loaded * @param boolean ParserDate Should the timsamp of each article parsed to a hunam-readable value? * @param boolean DisplayAutor Put the author into the array? if it's 'false' the value of the config is decisive if not the name will be shown * @return array A ComaLate ready Array */ function FillArray($Maximum = 6, $ParserDate = true, $DisplayAuthor = false) { $entries = array(); $sql = "SELECT *\n\t\t\t\tFROM " . DB_PREFIX . "articles\n\t\t\t\tORDER BY article_date DESC\n\t\t\t\tLIMIT 0, {$Maximum}"; // if $Maximum is -1 then show all entries if ($Maximum == -1) { $sql = "SELECT *\n\t\t\t\t\tFROM " . DB_PREFIX . "news\n\t\t\t\t\tORDER BY date DESC"; } $entriesResult = $this->_SqlConnection->SqlQuery($sql); $displayAuthor = false; if ($this->_Config->Get('news_display_author', 1) == 1) { $displayAuthor = true; } if ($DisplayAuthor) { $displayAuthor = true; } $dateFormat = ''; // get the date-format-string if the date should be human-readable if ($ParserDate) { $dateFormat = $this->_Config->Get('news_date_format', 'd.m.Y'); $dateFormat .= ' ' . $this->_Config->Get('news_time_format', 'H:i:s'); } // paste all entries into the array while ($entrie = mysql_fetch_object($entriesResult)) { $newsAuthor = ''; // set the author if it should be so if ($displayAuthor) { $newsAuthor = $this->_ComaLib->GetUserByID($entrie->userid); } $entries[] = array('NEWS_DATE' => $ParserDate ? date($dateFormat, $entrie->date) : $entrie->date, 'NEWS_TEXT' => nl2br($entrie->text), 'NEWS_AUTHOR' => $newsAuthor, 'NEWS_TITLE' => $entrie->title, 'NEWS_ID' => $entrie->id); } return $entries; }
function logout() { $sql = new sql(); $table = "session"; $campos = "date_logout=now()"; $where = "session='" . $_SESSION['session'] . "'"; $sql->update($table, $campos, $where, 'N'); $_SESSION['cod_usuario'] = ""; $_SESSION['user'] = ""; $_SESSION['loged'] = false; $_SESSION['session'] = ""; $_SESSION['cod_empresa'] = ""; $_SESSION['razao_social'] = ""; $_SESSION['endereco'] = ""; $_SESSION['numero'] = ""; $_SESSION['complemento'] = ""; $_SESSION['cep'] = ""; $_SESSION['cidade'] = ""; $_SESSION['uf'] = ""; $_SESSION['cnpj'] = ""; $_SESSION['logo'] = ""; $_SESSION['email'] = ""; $_SESSION['telefone'] = ""; //header("Location: index.php"); }
function defaultAction() { $db = new sql(); $db->connect(); $chid = $this->chid; include "lib/pagination.class.php"; include "lib/orderby.class.php"; $adminConfig = admin::adminConfig(); for ($i = 1; $i < 4; $i++) { $voteTR = ""; $orderBy = new orderBy("?chid=" . $this->chid . "&", array("id" => "№", "time" => "Дата", "name" => "Заголовок", "company" => "Компания", "gsum" => "Средний бал", "gcount" => "Проголосовало"), array("gsum" => "desc"), $this->field[$i], $this->order[$i], array("field[{$i}]", "order[{$i}]")); $pagination = new pagination($orderBy->urlForPage(), $this->page, $adminConfig["recPerPage"], '', "projects", "id"); $res = $db->query("select projects.id, name, company, category_name, date, sum(IF(grade is null,0, grade))/count(IF(grade is null,0, grade)) as gsum, count(grade) as gcount FROM (projects LEFT JOIN categories ON projects.category = categories.category_id) left join votes on projects.id=votes.id where category={$i} group by projects.id, name, company, category_name, date " . $orderBy->orderByQuery() . " " . $pagination->limit()); $page = $this->page ? "&page=" . $this->page : ""; while ($data = $db->fetch_array($res)) { $data["date"] = date("d.m.Y", $data["date"]); eval('$voteTR.="' . admin::template("voteTR") . '";'); } $pageBar = $pagination->bar(); $th = $orderBy->bar(); eval('$content.="' . admin::template("voteMain") . '";'); $content .= "<br>"; } $this->elements["content"] = $content; }
static function getUpdateDate($format = 'd.m.Y') { global $REX; $query = 'SELECT updatedate FROM ' . $REX['TABLE_PREFIX'] . 'article WHERE updatedate <> 0 ORDER BY updatedate DESC LIMIT 1'; $sql = new sql(); $sql->setQuery($query); return date($format, $sql->getValue('updatedate')); }
function email_exists($_email) { $sql = new sql(); $query = "select id from member where email = '".$_email."'"; $rs = $sql -> dquery($query); $sql -> dclose(); if ($rs[0] > 0) return FALSE; else return TRUE; }
public function __construct($id) { if ($id) { $sql = new sql(); $sql->query('SELECT * FROM ' . sql::table('user') . ' WHERE id=' . $id)->result(); $this->entrys = $sql->result; $this->entrys['perms'] = explode('|', $this->get('perms')); } }
function rightBar() { $db = new sql(); $db->connect(); $res = $db->query(" select * from news order by time desc limit 0, 3"); while ($data = $db->fetch_array($res)) { $this->elements["rightBar"] .= '<table><tr><th>' . $data["title"] . ':</th></tr><tr><td>' . $data["text"] . '</td></tr></table>'; } $this->elements["rightBar"] = '<td valign="top" style="padding-left: 1em;">' . $this->elements["rightBar"] . '<p align="right"><a href="/news/">¬се новости →</a></p><br><i>¬ принципе, вы можете зайти и ознакомитьс¤ с <a href="/timeline/" target="_self">хронологией моих работ</a> (благо, их пока не так уж много).</i><p align="right"><a href="/card/" target="_self"> арта сайта →</a></p></td>'; }
function getAllProjects() { global $TABLE_PREFIX; $sql = new sql(); $sql->query("SELECT * FROM " . $TABLE_PREFIX . "projects;"); $ret = array(); while ($row = $sql->getNextRow()) { array_push($ret, $row); } return $ret; }
function getAllBugs() { global $TABLE_PREFIX; $sql = new sql(); $sql->query("SELECT * FROM " . $TABLE_PREFIX . "bugs ORDER BY bID DESC;"); $ret = array(); while ($row = $sql->getNextRow()) { array_push($ret, $row); } return $ret; }
/** * @access public */ function searchCategoryByName($name) { $query = 'SELECT id FROM ' . OOMedia::getTableName() . ' WHERE name = "' . addslashes($name) . '"'; $sql = new sql(); $result = $sql->get_array($query); $media = array(); foreach ($result as $line) { $media[] = OOMediaCategory::getCategoryById($line['id']); } return $media; }
function appendEdit() { $this->fields["time"] = mktime(0, 0, 0, $this->date["month"], $this->date["day"], $this->date["year"]); foreach ($this->fields as $key => $value) { $query .= "{$key}='{$value}', "; } $query = substr($query, 0, strlen($s) - 2); $db = new sql(); $db->connect(); $db->query("update news set {$query} where id=" . $this->fields["id"]); header("Location: ?chid=" . $this->chid . "&m=3"); }
public static function getAll() { if (!count(self::$all)) { $sql = new sql(); $sql->query('SELECT name FROM ' . sql::table('addons') . ' WHERE `install` = 1 AND `active` = 1')->result(); while ($sql->isNext()) { self::$all[] = $sql->get('name'); $sql->next(); } } return self::$all; }
function _rex_installDump($file, $debug = false) { $sql = new sql(); $sql->debugsql = $debug; $error = ''; foreach (readSqlDump($file) as $query) { $sql->setQuery($query); if (($sqlerr = $sql->getError()) != '') { $error .= $sqlerr . "\n<br/>"; } } return $error; }
function got_child($id) { $db = new sql(); $db->connect(); $res = $db->query(_QUERY . " where pid={$id}"); if ($db->num_rows($res) > 0) { return true; exit; } else { return false; exit; } }
function CHECKONOFFSTATUS() { $db = new sql(); $today = date("Ymd"); $sql = "\n\tSELECT id,status\n\tFROM rex_article WHERE\n\t(online_von <= '{$today}' AND online_von != '' AND online_bis = '' AND status='0')\n\tOR\n\t(online_von <= '{$today}' AND online_von != '' AND online_bis >= '{$today}' AND status='0')\n\tOR\n\t(online_von = '' AND online_bis >= '{$today}' AND status='0')\n\tOR\n\t(online_von < '{$today}' AND online_bis < '{$today}' AND online_von != '' AND online_bis != '' AND status='0')\n\tOR\n\t(online_bis < '{$today}' AND online_bis != '' AND online_von = '' AND status='1')\n\tOR\n\t(online_bis < '{$today}' AND online_bis != '' AND online_von > '{$today}' AND status='1')\n\tOR\n\t(online_bis < '{$today}' AND online_von < '{$today}' AND online_von != '' AND online_bis != '' AND status='1')\n\tOR\n\t(online_bis > '{$today}' AND online_von > '{$today}' AND online_von != '' AND online_bis != '' AND status='1')\n\t"; $result = $db->get_array($sql); if (is_array($result)) { foreach ($result as $var) { $status = $var[status] == 0 ? 1 : 0; $sql = "UPDATE rex_article SET status = '{$status}' WHERE id='{$var['id']}'"; $db->setQuery($sql); } } }
/** * Glossar Addon * < * @author staab[at]public-4u[dot]de Markus Staab * @author <a href="http://www.public-4u.de">www.public-4u.de</a> * @package redaxo3 * @version $Id: function_replace.inc.php,v 1.4 2008/01/25 09:48:36 kills Exp $ */ function rex_glossar_replace($params) { global $REX, $mypage, $I18N_GLOSSAR; $string = $params['subject']; // Aufteilen des Strings, damit nur im Body ersetzt wird $bodystart = strpos($string, '<body>'); $header = substr($string, 0, $bodystart); $body = substr($string, $bodystart); // Bereiche ersetzen, in denen keine Glossar ersetzungen durchgeführt werden sollen // welche nicht innerhalb des Tags sind $back_srch = array(); $back_rplc = array(); $mtchs = array(); if (preg_match_all('/(<textarea.*?>(.*?)<\\/textarea>)/s', $body, $mtchs)) { foreach ($mtchs[2] as $key => $mtch) { $back_srch[$key] = '###SPACER###' . $key . '###'; $back_rplc[$key] = $mtch; $body = str_replace($mtch, '###SPACER###' . $key . '###', $body); } } $sql = new sql(); //$sql->debugsql = true; $sql->setQuery('SELECT * FROM rex_13_glossar, rex_13_glossar_lang WHERE language = lang_id ORDER BY CHAR_LENGTH(shortcut) DESC'); // IE doesnt support <abbr> if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE')) { $replacetag = 'acronym'; } else { $replacetag = 'abbr'; } $replaceformat = '<' . $replacetag . ' class=\\"abbr\\" title=\\"%desc% (%lang%)\\">%short%</' . $replacetag . '>'; $searches = array(); $replaces = array(); for ($i = 0; $i < $sql->getRows(); $i++) { $language = htmlspecialchars($sql->getValue('lang_name')); $shortcut = htmlspecialchars($sql->getValue('shortcut')); $description = htmlspecialchars($sql->getValue('description')); $casesense = $sql->getValue('casesense'); // Escape Shortcut for preg_match $escapedshortcut = preg_quote($shortcut, '/'); $escapedentitiesshortuct = htmlentities($escapedshortcut); if ($escapedentitiesshortuct == $escapedshortcut) { $search = '/((<[^>]*)|' . $escapedshortcut . ')/e'; } else { $search = '/((<[^>]*)|' . $escapedshortcut . '|' . $escapedentitiesshortuct . ')/e'; } $replacer = _rex_glossar_parse_replace_format($replaceformat, array('lang' => $language, 'desc' => $description, 'short' => $shortcut)); $replace = '"\\2"=="\\1" && strpos( "\\1", "<' . $replacetag . '>") === false ? "\\1":"' . $replacer . '"'; if ($casesense == 0) { $search .= 'i'; } $searches[] = $search; $replaces[] = $replace; $sql->next(); } // Ersetzungen durchführen $body = stripslashes(preg_replace($searches, $replaces, $body)); // Vorher ausgeschlossene Bereiche wieder einpflegen $body = str_replace($back_srch, $back_rplc, $body); return $header . $body; }
function defaultAction() { global $HTTP_SERVER_VARS; include "./lib/config.inc.php"; $db = new sql(); $db->connect(); $result = $db->query('SELECT VERSION() AS version'); if ($result != FALSE && $db->num_rows($result) > 0) { $row = $db->fetch_array($result); $match = $row['version']; } else { $result = $db->query('SHOW VARIABLES LIKE \'version\''); if ($result != FALSE && $db->num_rows($result) > 0) { $row = $db->fetch_array($result); $match = $row[1]; } } $this->MYSQL_VER = $match; $this->PHP_OS = PHP_OS; $this->PHP_VERSION = PHP_VERSION; $this->CMS = $admin_config["name"] . " " . $admin_config["version"]; $this->AUTHOR = $admin_config["author"]; $this->HOME_PAGE = $admin_config["home_page"]; $content = admin::template("info", $this); $this->elements["content"] = $content; }
function glossar_replace($string) { global $REX, $mypage; $I18N_GLOSSAR = new i18n($REX[LANG], $REX[INCLUDE_PATH] . "/addons/{$mypage}/lang/"); // CREATE LANG OBJ FOR THIS ADDON $sql = new sql(); $sql->setQuery("select * from rex__glossar order by shortcut"); for ($i = 0; $i < $sql->getRows(); $i++) { $language = $sql->getValue("language"); if ($language == "0") { $language = $I18N_GLOSSAR->msg('lang_de_short'); } elseif ($language == "1") { $language = $I18N_GLOSSAR->msg('lang_en_short'); } else { $language = $I18N_GLOSSAR->msg('lang_fr_short'); } $id = $sql->getValue("short_id"); $shortcut = htmlentities($sql->getValue("shortcut")); $escapedshortcut = str_replace('.', '\\.', $shortcut); $description = htmlentities($sql->getValue("description")); $language = trim($language); $casesense = $sql->getValue("casesense"); $search = "/((<[^>]*)|{$escapedshortcut})/e"; $replace = '"\\2"=="\\1"? "\\1":"<span lang=\\"' . $language . '\\" xml:lang=\\"' . $language . '\\" title=\\"' . $language . ': ' . $description . '\\" class=\\"shortcut\\">' . $shortcut . '</span>"'; $subject = $string; if ($casesense == 0) { $search .= 'i'; } $string = preg_replace($search, $replace, $subject); $sql->counter++; } return $string; }
/** * Gibt den HTML Content zurück */ function get() { $table = $this->getTable(); $field = $this->getField(); $foreignField = $this->getForeignField(); $value = $this->formatValue(); $qry = 'SELECT ' . $field . ' FROM ' . $table . ' WHERE ' . $foreignField . ' = "' . $value . '"'; $sql = new sql(); // $sql->debugsql = true; $sql->setQuery($qry); if ($sql->getRows() == 1) { return $sql->getValue($field); } return ''; }
function pagination($curUrl, $curPage, $recPerPage, $totalCount, $tableName = "", $fieldName = "", $where = "") { $this->url = $curUrl; $this->page = $curPage ? $curPage : 1; $this->recPerPage = $recPerPage; if ($totalCount) { $this->totalRecCount = $totlaCount; } else { $db = new sql(); $db->connect(); $db->query("select count({$fieldName}) as rec_count from {$tableName} {$where}"); $data = $db->fetch_array($db->result); $this->totalRecCount = $data["rec_count"]; } }
public static function registerUser() { $sql = sql::factory(); $sql->setTable('community_user'); $sql->getPosts(['username' => 'string', 'password' => 'string', 'email' => 'string']); $validator = new validator(); $email = $sql->getPost('email'); $username = $sql->getPost('username'); $password = $sql->getPost('password'); $validUsername = $validator->costum($username, function () { preg_match('/\\w{4,}/', $username, $match); return $match[0] == $username; }); if (!$validUsername) { return 'Username darf nur aus Buchstaben Zahlen und Unterstrich bestehen und muss mindestens 4 Zeichen lang sein.'; } if ($sql->num('SELECT id FROM ' . sql::table('community_user') . ' WHERE `username`= "' . $sql->escape($username) . '"')) { return 'Benutzername schon vorhanden'; } if (!$validator->email($email)) { return 'Bitte geben Sie eine E-Mail Adresse an'; } $salt = userLogin::generateSalt(); $sql->addDatePost('registerdate', 'now'); $sql->addPost('salt', $salt); extension::get('COMMUNITY_USER_REGISTER', $sql); $password = userLogin::hash($password, $salt); $sql->addPost('password', $password); $sql->save(); //Mail send return true; }
protected static function loginPost() { $email = type::post('email', 'string'); $password = type::post('password', 'string'); // Formular ganz abgesendet? if (is_null($email) || is_null($password) || $email == '' || $password == '') { echo message::info(lang::get('login_form_notfull'), true); return; } $sql = sql::factory(); $sql->query('SELECT password, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"'); // Username mit E-Mail vorhanden? if (!$sql->num()) { echo message::danger(sprintf(lang::get('login_no_user'), $email), true); return; } $sql->result(); // Password nicht gleich? if (!self::checkPassword($password, $sql->get('password'))) { echo message::danger(lang::get('login_pwd_false'), true); return; } self::loginSession(); self::$userID = $sql->get('id'); $_SESSION['login'] = $sql->get('id') . '||' . self::hash($password); }
public function getData($all = false, $order = '', $find = '', $idstr = '') { $ret = array(); $sql = "SELECT *,if((krost>ost),'<span style=\"color:red\"><b>мало</b></span>','') as malo,sk_arc_{$this->sklad}_spr.id\n FROM {$this->db}`sk_arc_{$this->sklad}_spr`\n JOIN {$this->db}sk_arc_{$this->sklad}_ost\n ON sk_arc_{$this->sklad}_ost.spr_id=sk_arc_{$this->sklad}_spr.id\n WHERE nazv!='' " . (!empty($find) ? " AND nazv LIKE '%{$find}%' " : "") . (!empty($order) ? "ORDER BY {$order} " : "ORDER BY nazv ") . ($all ? "" : "LIMIT 20"); $ret = sql::fetchAll($sql); return $ret; }
/** * Initialisation des variables * @param String $prenom * @param String $nom * @param String $email */ function __construct($prenom, $nom, $email) { parent::__construct(); $this->prenom = $prenom; $this->nom = $nom; $this->email = $email; }
function edit_user($user_id = '') { if (!common::update_permit()) { common::redirect(); } if ($_POST['save']) { if ($this->form_validation->run('valid_user')) { $this->mod_user->update_user(); //Don't Change $this->session->set_flashdata('msg', 'Content Updated Successfully!'); redirect('user'); } } $id = $user_id; if ($id == '') { redirect('user'); } $data = sql::row("scic_user", "id={$id}"); $this->session->set_userdata('edit_user_id', $data['id']); //Don't Change $data['nav_array'] = array(array('title' => 'Manage Users', 'url' => site_url('user')), array('title' => 'Add New User', 'url' => '')); $data['dir'] = 'user'; $data['action'] = 'user/edit_user/' . $user_id; $data['page'] = 'user_form'; //Don't Change $data['page_title'] = 'Edit User'; $this->load->view('main', $data); }
function getURLbyID($ArticleID) { if (!$ArticleID) { return ''; } global $REX; if ($REX[MOD_REWRITE]) { $db = new sql(); $sql = "SELECT name FROM rex_article WHERE id='{$ArticleID}'"; $res = $db->get_array($sql); $url = $ArticleID . "-" . ModRewriteName($res[0][name]); } else { $url = 'index.php?article_id=' . $ArticleID; } return $url; }
public function getData($all = false, $order = '', $find = '', $idstr = '') { $ret = parent::getData($all, $order, $find, $idstr); $sql = "SELECT * \n FROM moneyfororder " . (!empty($find) ? "WHERE (`customer` LIKE '%{$find}%' OR `order` LIKE '%{$find}%' ) " : "") . "GROUP BY `customer`, `order`,`mater`,`trud` " . (!empty($order) ? "ORDER BY {$order} " : "ORDER BY customer DESC ") . ($all ? "LIMIT 500" : "LIMIT 20"); $ret = sql::fetchAll($sql); return $ret; }