<?php // used in integration tests to see if POST method works. // for security reasons we allow max 3 post vars, each key and value is only allowed to have max 6 hex characters function accept($key) { if (ctype_xdigit($key) && strlen($key) <= 6) { return $key; } } if (count($_POST) > 4) { exit; } $values = array(); foreach ($_POST as $key => $value) { if (accept($key) && accept($value)) { $values[$key] = $value; } } if (!empty($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) === 'post') { $values['method'] = 'post'; } echo json_encode($values); exit;
# # # # # Get settings require "settings.php"; require "core-settings.php"; require "libs/ext.lib.php"; # decide what to do if (isset($_GET["invid"])) { $OUTPUT = details($_GET); } else { if (isset($_POST["key"])) { switch ($_POST["key"]) { case "accept": $OUTPUT = accept($_POST); break; default: $OUTPUT = "<li class=err>Invalid use of module."; } } else { $OUTPUT = "<li class=err>Invalid use of module."; } } # Get templete require "template.php"; # Details function details($_GET) { # Get vars foreach ($_GET as $key => $value) {
<!DOCTYPE html> <html lang="en"> <?php include_once 'header.php'; include_once '../includes/functions.php'; if (!loggedinadmin()) { die("<script>location.href = 'login.php'</script>"); } if (isset($_GET['del'])) { $no = $_GET['del']; delete($no); } elseif (isset($_GET['acpt'])) { $no = $_GET['acpt']; accept($no); } elseif (isset($_GET['actv'])) { $no = $_GET['actv']; active($no); } elseif (isset($_GET['inac'])) { $no = $_GET['inac']; inactive($no); } function delete($no) { require_once "../includes/sql.php"; $conexion = db_connect(); $sql = "DELETE FROM user WHERE user_id='" . $no . "'"; $result = $conexion->query($sql) or die("oopsy, error when tryin to delete "); } function accept($no) { require_once "../includes/sql.php";
if ($vc->status != "cancelled") { $html .= CHtml::ajaxLink('Cancel', Yii::app()->createAbsoluteUrl('videoConference/cancel/' . $vc->id), array('type' => 'post', 'data' => array('id' => $vc->id, 'type' => 'post'), 'update' => 'message', 'success' => 'function(response) { $(".message").html(response); location.reload(); }'), array('confirm' => 'Are you sure you want to cancel this conference?', "visible" => $ismoderator, 'role' => "button", "class" => "btn btn-warning")); } } else { $invitation = VCInvitation::model()->findByAttributes(array('videoconference_id' => $vc->id, 'invitee_id' => $user->id)); if ($invitation->status == "Unknown") { $html .= accept($vc->id); $html .= reject($vc->id); } else { if ($invitation->status == "Accepted") { $html .= reject($vc->id); } else { $html .= accept($vc->id); } } } $html .= "</div>"; $html = str_replace("%SUBJECT%", $vc->subject, $html); $html = str_replace("%MSTATUS%", $vc->status, $html); $html = str_replace("%MSTATUS%", $vc->status, $html); if ($vc->status == "cancelled") { $html = str_replace("%STATUS%", "<p style='font-weight: bold'>Status: Cancelled</p>", $html); } else { $html = str_replace("%STATUS%", "", $html); } $html = str_replace("%DATE%", $user_friendly_date, $html); $html = str_replace("%NOTE%", $vc->notes, $html); $html = str_replace("%PARTICIPANTS%", $vc->findParticipantsHTMLList(), $html);
<form> <p style="text-align: center"> <span style="font-size: 150%;"> <?php if (isset($_POST['accept'])) { $trans_id = $_POST['trans_id']; accept($con, $trans_id, $_SESSION['uid']); } ?> Search Transactions </span> <br /><br /> Zip Code:
$z = $single["coordinateZ"]; if ($single["timeChecked"] == "" || isset($single["timeChecked"])) { $already = 1; } } $quest = array(); $quest = questInfo($qId, $mysqli); foreach ($quest as $single) { $name = $single["questName"]; $description = $single["questDescription"]; $detailedDescription = $single["questDetailedDescription"]; $materials = $single["recommendedMaterials"]; $xp = $single["givenXp"]; } if (isset($_GET["action"]) && $_GET["action"] == "accept") { accept($completed, $uId, $xp, $mysqli); } if (isset($_GET["action"]) && $_GET["action"] == "reject") { deny($completed, $mysqli); } if (isset($_GET["action"]) && $_GET["action"] == "delete") { delete($completed, $mysqli); } //$uId = getPlayerId($_COOKIE["MTU"],$mysqli); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
{ //echo '<br />Dodaj nowego newsa!<br /><br />'; if (isset($_GET['id'])) { $n_id = $_GET['id']; // 0 nie kliknal domyslne // 1 kliknal tak // 2 kliknal nie if ($_GET['accept'] == 'true') { $n_accept = 1; echo '<br /><br /><br /><b>Dodano maila. Oferta zostanie przesłana niebawem. Dziękujemy za zainteresowanie!</b>'; } else { if ($_GET['accept'] == 'false') { echo '<br /><br /><br /><b>Mail nie zostanie dodany do bazy. W każdej chwili możecie Państwo zmienić swoje zdanie na temat oferty klikając w mailu TAK.</b>'; $n_accept = 2; } } $baza = polacz_z_baza(); $sql = "UPDATE mail_sender SET accept_offer = '{$n_accept}' WHERE id = {$n_id}"; mysql_query($sql) or die(mysql_error()); mysql_close($baza); echo '<meta http-equiv="Refresh" content="5; URL=http://abc.com.pl/" />'; //echo '<meta http-equiv="Refresh" content="3; URL=cms.php?page=start">'; } else { echo '<meta http-equiv="Refresh" content="0; URL=http://abc.com.pl/" />'; } } accept(); ?> </body> </html>
$ectemplates->display('step'); } elseif ($dbclass == 1) { $dbhost = accept('dbhost', 'R'); $dbname = accept('dbname', 'R'); $dbuser = accept('dbuser', 'R'); $dbpw = accept('dbpw', 'R'); $tablepre = accept('tablepre', 'R'); $username = accept('username', 'R'); $password = accept('password', 'R'); $password2 = accept('password2', 'R'); $demodb = accept('demodb', 'R'); $setupdbtype = accept('setupdbtype', 'R'); $sitename = accept('sitename', 'R'); $domain = accept('domain', 'R'); $admine_mail = accept('admine_mail', 'R'); $apptype = accept('apptype', 'R'); $setupcreatsql = "DROP TABLE IF EXISTS esp_admin_member,esp_admin_powergroup,esp_album_file,esp_album_images,esp_apply,esp_city,esp_config,esp_document,esp_document_album,esp_document_attr,esp_document_content,esp_document_label,esp_document_message,esp_enquiry,esp_enquiry_info,esp_filename,esp_form_attr,esp_form_group,esp_form_value,esp_keylink,esp_keylink_type,esp_lng,esp_lngpack,esp_logs,esp_mailinvite_list,esp_mailinvite_type,esp_mailsend,esp_mailsend_log,esp_member,esp_member_attr,esp_member_class,esp_member_value,esp_menulink,esp_moblie_list,esp_moblie_type,esp_model,esp_model_att,esp_order,esp_order_info,esp_order_pay,esp_order_payreceipt,esp_order_shipping,esp_order_shipreceipt,esp_site,esp_skin,esp_smssendlist,esp_subjectlist,esp_templates,esp_typelist"; foreach ($func_app as $key => $value) { if ($value['isdel'] && in_array($value['appcode'], $apptype)) { $setupcreatsql .= $value['dbsql']; } } $dbarray = explode(',', $setupcreatsql); $setupcreatsql = str_replace(ORIG_TABLEPRE, $tablepre, $setupcreatsql); $postlist = $_POST; if (empty($dbname)) { message($LAN['dbname_invalid'], $LAN['dbnameempay']); } else { if (!@mysql_connect($dbhost, $dbuser, $dbpw)) { $errno = mysql_errno(); $error = mysql_error();
if ($model->status != "cancelled") { $html .= CHtml::ajaxLink('Cancel', Yii::app()->createAbsoluteUrl('videoConference/cancel/' . $model->id), array('type' => 'post', 'data' => array('id' => $model->id, 'type' => 'post'), 'update' => 'message', 'success' => 'function(response) { $(".message").html(response); location.reload(); }'), array('confirm' => 'Are you sure you want to cancel this conference?', "visible" => $ismoderator, 'role' => "button", "class" => "btn btn-warning")); } } else { $invitation = VCInvitation::model()->findByAttributes(array('videoconference_id' => $model->id, 'invitee_id' => $user->id)); if ($invitation->status == "Unknown") { $html .= accept($model->id); $html .= reject($model->id); } else { if ($invitation->status == "Accepted") { $html .= reject($model->id); } else { $html .= accept($model->id); } } } $html .= "</div>"; $html = str_replace("%SUBJECT%", $model->subject, $html); $html = str_replace("%MSTATUS%", $model->status, $html); if ($model->status == "cancelled") { $html = str_replace("%STATUS%", "<p style='font-weight: bold'>Status: Cancelled</p>", $html); } else { $html = str_replace("%STATUS%", "", $html); } $html = str_replace("%SUBJECT%", $model->subject, $html); $html = str_replace("%DATE%", $user_friendly_date, $html); $html = str_replace("%NOTE%", $model->notes, $html); $html = str_replace("%PARTICIPANTS%", $model->findParticipantsHTMLList(), $html);
function Process($db, $min, $max) { /* echo '<br><strong style="color:red">Accept/Reject these papers NOT YET IMPLEMENTED</strong><br>'; return;*/ $papersSQL = "SELECT * FROM " . $GLOBALS["DB_PREFIX"] . "Paper"; $papersSQL .= " WHERE Withdraw = 'false'"; $papers = $db->Execute($papersSQL); while ($papers && ($paperInfo = $papers->FetchNextObj())) { if ($paperInfo->OverallRating <= $max) { reject($paperInfo->PaperID); } if ($paperInfo->OverallRating >= $min) { accept($paperInfo->PaperID); } } }
$ectemplates->assign('domain', admin_URL); $ectemplates->display('step'); } elseif ($dbclass == 1) { $dbhost = accept('dbhost', 'R'); $dbname = accept('dbname', 'R'); $dbuser = accept('dbuser', 'R'); $dbpw = accept('dbpw', 'R'); $tablepre = accept('tablepre', 'R'); $username = accept('username', 'R'); $password = accept('password', 'R'); $password2 = accept('password2', 'R'); $demodb = accept('demodb', 'R'); $setupdbtype = accept('setupdbtype', 'R'); $sitename = accept('sitename', 'R'); $domain = accept('domain', 'R'); $admine_mail = accept('admine_mail', 'R'); $setupcreatsql = "DROP TABLE IF EXISTS esp_admin_member,esp_admin_powergroup,esp_advert,esp_advert_type,esp_album_file,esp_album_images,esp_bbs,esp_bbs_typelist,esp_calling,esp_city,esp_config,esp_document,esp_document_album,esp_document_attr,esp_document_content,esp_document_label,esp_document_message,esp_enquiry,esp_enquiry_info,esp_filename,esp_form_attr,esp_form_group,esp_form_value,esp_keylink,esp_keylink_type,esp_lng,esp_lngpack,esp_logs,esp_mailinvite_list,esp_mailinvite_type,esp_mailsend,esp_mailsend_log,esp_member,esp_member_attr,esp_member_class,esp_member_value,esp_menubotton,esp_menulink,esp_model,esp_model_att,esp_order,esp_order_info,esp_order_pay,esp_order_payreceipt,esp_order_shipping,esp_order_shipreceipt,esp_skin,esp_subjectlist,esp_templates,esp_typelist"; $setupcreatsql = str_replace(ORIG_TABLEPRE, $tablepre, $setupcreatsql); $postlist = $_POST; if (empty($dbname)) { message($LAN['dbname_invalid'], $LAN['dbnameempay']); } else { if (!@mysql_connect($dbhost, $dbuser, $dbpw)) { $errno = mysql_errno(); $error = mysql_error(); if ($errno == 1045) { message($LAN['database_errno_1045'], $error); } elseif ($errno == 2003) { message($LAN['database_errno_2003'], $error); } else { message($LAN['database_connect_error'], $error);
<?php require_once "./connect.php"; include "./sendsms.php"; header("Content-Type: text/html; charset=utf-8"); $id = ""; if (isset($_POST["id"])) { $id = $_POST["id"]; } echo json_encode(array_values(accept($link, $id))); function accept($link, $id) { $query = "SELECT status, id_trip FROM tickets WHERE id_ticket='{$id}'"; if (!($result = mysqli_query($link, $query))) { return "false"; } $row = mysqli_fetch_assoc($result); $id_trip = $row["id_trip"]; if ($row["status"] != 0) { return "false"; } else { $query = "SELECT p.phone, tr.date, ti.place, ti.together FROM passengers p, tickets ti, trip tr\n WHERE ti.id_ticket = '{$id}' AND p.id_pass = ti.id_pass AND tr.id_trip = ti.id_trip;"; if (!($result = mysqli_query($link, $query))) { return "false"; //die ("Error: " . mysqli_error($link)); } $row = mysqli_fetch_assoc($result); $together = $row["together"]; $query2 = "SELECT place, id_ticket FROM tickets WHERE together = '{$together}'\n AND id_trip='{$id_trip}' AND status = '0';"; if (!($result = mysqli_query($link, $query2))) { return "false";
$clash = requestClash($roomRecords['eventStartDate'], $roomRecords['eventEndDate'], $roomRecords['eventStartTime'], $roomRecords['eventEndTime'], $roomRecords['room']); while ($req = mysql_fetch_assoc($clash)) { //print_r($req); if ($req['reqNo'] != $rID) { //echo $req['reqNo']; //echo "<HI><br><br><br><br>\n"; $otherQuery = "update Requests set appStatus = 'Rejected', reqRejectReason = 'A request conflicting with your request was accepted.' where reqNo = {$req['reqNo']}"; //echo $otherQuery."\n"; execute($otherQuery); reject($req['creator'], $req['creatorEmail'], $req['room'], $req['reqNo'], getCC($rID)); reject($req['concernedPName'], $req['concernedPEmail'], $req['room'], $req['reqNo'], getCC($rID)); } } $req = getRequestByID($rID); accept($req['creator'], $req['creatorEmail'], $req['room'], $req['reqNo'], getCC($rID)); accept($req['concernedPName'], $req['concernedPEmail'], $req['room'], $req['reqNo'], getCC($rID)); } else { if ($_POST['reqAction'] == $c) { $sq = "update Requests set concernedAdmin = {$_POST['forwardID']} where reqNo = {$_POST['reqID']}"; $req = getRequestByID($rID); $emails = getEmails($_POST['forwardID']); //print_r($emails); foreach ($emails as $email) { forward($req['concernedPName'], $email, $req['room'], $req['reqNo'], $req['concernedPEmail'], getCC($rID)); } } } } //echo $sq; execute($sq); //echo "<br />";