function check_attr_or_const_compatible($connection_id, $num_cond, &$status) { global $dsleft; global $attrleft; global $const_val; global $include_cond; global $const_or_ds; global $dsright; global $attrright; global $msg; $attr_type_supported = array(0 => "integer", "float", "char", "varchar", "datetime", "date", "decimal", "money"); for ($num_rows = 0; $num_rows < $num_cond; $num_rows++) { // Check for compatible values only if the condition has been included by the user // (always include the first row as it is mandatory). if (strcmp($include_cond[$num_rows], "checked") == 0 || $num_rows == 0) { $attr_type = get_attr_type($connection_id, $dsleft[$num_rows], $attrleft[$num_rows]); // If the user chooses a constant value on the right hand side to compare with the // attribute on the left hand side, look for compatibility. // (for eg., abc is not an integer, 40/43/2000 is not a valid date etc.) if (strcmp($const_or_ds[$num_rows], "constant") == 0) { $constant_val = $const_val[$num_rows]; for ($i = 0; $i < count($attr_type_supported); $i++) { if (strncmp($attr_type_supported[$i], $attr_type, strlen($attr_type_supported[$i])) == 0) { switch ($attr_type_supported[$i]) { case "integer": if (!ereg("^[ ]*(-?)([0-9]+)[ ]*\$", $constant_val)) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid integer. Enter an integer value.</div>"; } break; case "float": case "decimal": if (!ereg("^[ ]*(-?)[0-9]*\\.?[0-9]*[ ]*\$", $constant_val)) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid floating point number. Enter a valid floating point number.</div>"; } break; case "money": if (!ereg("^[0-9]*\\.?[0-9]{0,2}\$", $constant_val)) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid money value. Enter a valid money value.</div>"; } break; case "char": case "varchar": break; case "date": if (ereg("^[ ]*([0-9]+)[ ]*/[ ]*([0-9]+)[ ]*/[ ]*([0-9]+)[ ]*\$", $attr_val, $val_arr)) { if (checkdate($val_arr[2], $val_arr[3], $val_arr[1]) && $val_arr[1] < 10000) { return; } } $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid date. Enter a valid date of the form YYYY/MM/DD</div>"; break; case "datetime": if (!check_datetime($attr_type_supported[$i], $constant_val, $num_rows)) { $status = "invalid_value_error"; } break; default: // None of the types match - These is something really wrong print "<br>Error: SOMETHING IS REALLY WRONG. Please consult the Vigilert Pro Administrator.\n"; exit; } } } } else { if (strcmp($const_or_ds[$num_rows], "ds") == 0) { $right_attr_type = get_attr_type($connection_id, $dsright[$num_rows], $attrright[$num_rows]); for ($i = 0; $i < count($attr_type_supported); $i++) { if (strncmp($attr_type_supported[$i], $attr_type, strlen($attr_type_supported[$i])) == 0) { switch ($attr_type_supported[$i]) { case "integer": if (strcmp($right_attr_type, "integer") != 0) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'integer' to compare with attribute on the left hand side.</div>"; } break; case "float": case "decimal": case "money": if (strcmp($right_attr_type, "float") != 0 && strcmp($right_attr_type, "decimal") != 0 && strcmp($right_attr_type, "money") != 0 && strcmp($right_attr_type, "integer") != 0) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'float' or 'decimal' or 'money' or 'integer' to compare with attribute on the left hand side.</div>"; } break; case "char": case "varchar": if (strcmp($right_attr_type, "char") != 0 && strcmp($right_attr_type, "varchar") != 0) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'character' or 'varchar' to compare with attribute on the left hand side.</div>"; } break; case "date": if (strcmp($right_attr_type, "date") != 0) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'date' to compare with attribute on the left hand side.</div>"; } break; case "datetime": if (strcmp($right_attr_type, "datetime") != 0) { $status = "invalid_value_error"; $msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'datetime' to compare with attribute on the left hand side.</div>"; } break; default: //what are we doing here sash print "<br>Error: SOMETHING IS REALLY WRONG. Please consult the Vigilert Pro Administrator.\n"; exit; } } } } } } } }
<?php $sub_menu = '400400'; include_once './_common.php'; include_once './admin.shop.lib.php'; include_once G5_LIB_PATH . '/mailer.lib.php'; auth_check($auth[$sub_menu], "w"); check_admin_token(); $sql = " select * from {$g5['g5_shop_order_table']} where od_id = '{$od_id}' "; $od = sql_fetch($sql); if (!$od['od_id']) { alert('주문자료가 존재하지 않습니다.'); } if ($od_receipt_time) { if (check_datetime($od_receipt_time) == false) { alert('결제일시 오류입니다.'); } } // 결제정보 반영 $sql = " update {$g5['g5_shop_order_table']}\n set od_deposit_name = '{$_POST['od_deposit_name']}',\n od_bank_account = '{$_POST['od_bank_account']}',\n od_receipt_time = '{$_POST['od_receipt_time']}',\n od_receipt_price = '{$_POST['od_receipt_price']}',\n od_receipt_point = '{$_POST['od_receipt_point']}',\n od_refund_price = '{$_POST['od_refund_price']}',\n od_delivery_company= '{$_POST['od_delivery_company']}',\n od_invoice = '{$_POST['od_invoice']}',\n od_invoice_time = '{$_POST['od_invoice_time']}',\n od_send_cost = '{$_POST['od_send_cost']}',\n od_send_cost2 = '{$_POST['od_send_cost2']}'\n where od_id = '{$od_id}' "; sql_query($sql); // 주문정보 $info = get_order_info($od_id); if (!$info) { alert('주문자료가 존재하지 않습니다.'); } $od_status = $od['od_status']; $cart_status = false; // 미수가 0이고 상태가 주문이었다면 입금으로 변경 if ($info['od_misu'] == 0 && $od['od_status'] == '주문') { $od_status = '입금';
/** * 邮件模板列表 */ public function email($search = array(), $page = 1, $rows = 10, $sort = 'id', $order = 'desc') { //搜索 $where = array(); foreach ($search as $k => $v) { if (strlen($v) < 1) { continue; } switch ($k) { case 'id': case 'code': $where[] = "`{$k}` = '{$v}'"; break; case 'subject': $where[] = "`{$k}` like '%{$v}%'"; break; case 'addtime.begin': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`addtime` >= '{$v}'"; break; case 'addtime.end': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`addtime` <= '{$v}'"; break; case 'edittime.begin': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`edittime` >= '{$v}'"; break; case 'edittime.end': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`edittime` <= '{$v}'"; break; } } $where = implode(' and ', $where); $this->datagrid(array('db' => M('email'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order, 'formatter' => function ($key, &$val, $info) { switch ($key) { case 'addtime': case 'edittime': $val = $val ? date('Y-m-d H:i:s', $val) : '-'; break; } return $val; })); }
/** * 用户列表 */ public function user($search = array(), $page = 1, $rows = 10, $sort = 'lastlogintime', $order = 'desc') { //搜索 $where = array("`status` = 1"); foreach ($search as $k => $v) { if (strlen($v) < 1) { continue; } switch ($k) { case 'roleid': case 'userid': case 'email': $where[] = "`{$k}` = '{$v}'"; break; case 'username': case 'realname': case 'lastloginip': $where[] = "`{$k}` like '%{$v}%'"; break; case 'lastlogintime.begin': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`lastlogintime` >= '{$v}'"; break; case 'lastlogintime.end': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`lastlogintime` <= '{$v}'"; break; } } $where = implode(' and ', $where); //角色列表 $roleList = M('admin_role')->getField('roleid,rolename,status', true); $combobox = array(); foreach ($roleList as $info) { array_push($combobox, array('value' => $info['roleid'], 'text' => $info['rolename'])); } $this->datagrid(array('db' => D('Admin'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order, 'formatter' => function ($key, &$val, $info) use($roleList) { switch ($key) { case 'lastloginip': case 'realname': $val = $val ? $val : '-'; break; case 'lastlogintime': $val = $val ? date('Y-m-d H:i:s', $val) : '-'; break; case 'roleid': $val = isset($roleList[$val]) ? $roleList[$val]['status'] ? $roleList[$val]['rolename'] : '<font color="grey">' . $roleList[$val]['rolename'] . '[冻结]</font>' : '<font color="red">未设置角色</font>'; break; } return $val; }, 'assign' => array('combobox' => $combobox))); }
$propertyObj->set_paper_colour_scheme($userObject, $bgcolor, $fgcolor, $textsize, $marks_color, $themecolor, $labelcolor, $font, $unanswered_color, $dismiss_color); $original_paper_type = $paper_type; //store the original paper type - needed to retrieve answers from the correct log and functionality related decisions $attempt = 1; //default attempt to 1 overwritten if the student is resit candidate $modIDs = array_keys(Paper_utils::get_modules($property_id, $mysqli)); $current_address = NetworkUtils::get_client_address(); $moduleID = $propertyObj->get_modules(); if ($userObject->has_role('Staff') and check_staff_modules($moduleID, $userObject)) { // No further security checks. } else { // Treat as student with extra security checks. // Check for additional password on the paper check_paper_password($password, $string, $mysqli); // Check time security check_datetime($start_date, $end_date, $string, $mysqli); // Check room security $low_bandwidth = check_labs($propertyObj->get_paper_type(), $propertyObj->get_labs(), $current_address, $propertyObj->get_password(), $string, $mysqli); // Get modules if the user is a student and the paper is not formative $attempt = check_modules($userObject, $modIDs, $calendar_year, $string, $mysqli); // Check for any metadata security restrictions check_metadata($property_id, $userObject, $modIDs, $string, $mysqli); } // Get lab info used in log metadata $lab_factory = new LabFactory($mysqli); if ($lab_object = $lab_factory->get_lab_based_on_client($current_address)) { $lab_name = $lab_object->get_name(); $lab_id = $lab_object->get_id(); } if (time() > $end_date and ($paper_type == '1' or $paper_type == '2')) { $paper_type = '_late';
if (is29year($year) == 1) { if ($day > 29) { set_result("FAILED", $prefix . "/date", i18n("Invalid day")); return; } } else { if ($day > 28) { set_result("FAILED", $prefix . "/date", i18n("Invalid day")); return; } } } } if (isdigit($hour) == 0 || $hour < 0 || $hour > 23) { set_result("FAILED", $prefix . "/time", i18n("Invalid hour")); return; } if (isdigit($min) == 0 || $min < 0 || $min > 59) { set_result("FAILED", $prefix . "/time", i18n("Invalid minute")); return; } if (isdigit($sec) == 0 || $sec < 0 || $sec > 59) { set_result("FAILED", $prefix . "/time", i18n("Invalid second")); return; } set_result("OK", "", ""); } check_datetime($FATLADY_prefix . "/runtime/device"); if ($_GLOBALS["FATLADY_result"] == "OK") { set($FATLADY_prefix . "/valid", 1); }
/** * 操作日志 */ public function operate($search = array(), $page = 1, $rows = 10, $sort = 'time', $order = 'desc') { $userid = user_info('userid'); //搜索 $where = array("`userid` = {$userid}"); foreach ($search as $k => $v) { if (strlen($v) < 1) { continue; } switch ($k) { case 'controller': case 'action': case 'querystring': case 'ip': $where[] = "`{$k}` like '%{$v}%'"; break; case 'time.begin': if (!check_datetime($v)) { unset($search[$k]); continue; } $where[] = "`time` >= '{$v}'"; break; case 'time.end': if (!check_datetime($v)) { unset($search[$k]); continue; } $where[] = "`time` <= '{$v}'"; break; } } $where = implode(' and ', $where); $this->datagrid(array('db' => M('log'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order)); }
$lab_factory = new LabFactory($mysqli); if ($lab_object = $lab_factory->get_lab_based_on_client($current_address)) { $lab_name = $lab_object->get_name(); $lab_id = $lab_object->get_id(); } $moduleID = $propertyObj->get_modules(); if ($userObject->has_role('Staff') and check_staff_modules($moduleID, $userObject)) { // No further security checks. } else { // Treat as student with extra security checks. // Get the module IDs for this paper $modIDs = array_keys(Paper_utils::get_modules($propertyObj->get_property_id(), $mysqli)); // Check for additional password on the paper check_paper_password($propertyObj->get_password(), $string, $mysqli); // Check time security check_datetime($propertyObj->get_start_date(), $propertyObj->get_end_date(), $string, $mysqli); // Check room security $low_bandwidth = check_labs($propertyObj->get_paper_type(), $propertyObj->get_labs(), $current_address, $propertyObj->get_password(), $string, $mysqli); // Check modules if the user is a student and the paper is not formative $attempt = check_modules($userObject, $modIDs, $propertyObj->get_calendar_year(), $string, $mysqli); // Check for any metadata security restrictions check_metadata($propertyObj->get_property_id(), $userObject, $modIDs, $string, $mysqli); $summative_exam_session_started = false; } $is_preview = (isset($_POST['mode']) and $_POST['mode'] == 'preview'); $paper_scheduled = $propertyObj->get_start_date() !== null; if ($propertyObj->get_exam_duration() != null and $propertyObj->get_paper_type() == '2') { $log_lab_end_time = new LogLabEndTime($lab_id, $propertyObj, $mysqli); $summative_exam_session_started = $log_lab_end_time->get_session_end_date_datetime(); } if (!$is_preview and time() > $propertyObj->get_end_date() and ($propertyObj->get_paper_type() == '1' or $propertyObj->get_paper_type() == '2' and $paper_scheduled and $summative_exam_session_started == false)) {
/** * 会员列表 */ public function user($search = array(), $page = 1, $rows = 10, $sort = 'lastlogintime', $order = 'desc') { //搜索 $where = array(); foreach ($search as $k => $v) { if (strlen($v) < 1) { continue; } switch ($k) { case 'memberid': case 'gender': case 'constellation': case 'status': $where[] = "`{$k}` = '{$v}'"; break; case 'username': case 'nick': case 'mobile': $where[] = "`{$k}` like '%{$v}%'"; break; case 'regtime.begin': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`regtime` >= '{$v}'"; break; case 'regtime.end': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`regtime` <= '{$v}'"; break; case 'lastlogintime.begin': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`lastlogintime` >= '{$v}'"; break; case 'lastlogintime.end': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`lastlogintime` <= '{$v}'"; break; } } $where = implode(' and ', $where); //角色列表 $typeList = M('member_type')->getField('typeid,typename,status', true); $combobox = array(); foreach ($typeList as $info) { array_push($combobox, array('value' => $info['typeid'], 'text' => $info['typename'])); } $dict = dict('', 'Member'); $dictCombobox = array('gender' => array(), 'constellation' => array()); foreach ($dict['gender'] as $key => $val) { array_push($dictCombobox['gender'], array('text' => $val, 'value' => $key)); } foreach ($dict['constellation'] as $key => $val) { array_push($dictCombobox['constellation'], array('text' => $val, 'value' => $key)); } $this->datagrid(array('db' => M('member'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order, 'formatter' => function ($key, &$val, $info) use($typeList, $dict) { switch ($key) { case 'head': $val = '<img class="easytp-layer" src="' . member_head($info['head']) . '" height="50"/>'; break; case 'regtime': case 'lastlogintime': $val = $val ? date('Y-m-d H:i:s', $val) : '-'; break; case 'lastloginip': $val = $val ? $val : '-'; break; case 'typeid': $val = isset($typeList[$val]) ? $typeList[$val]['status'] ? $typeList[$val]['typename'] : '<font color="grey">' . $typeList[$val]['typename'] . '[冻结]</font>' : '<font color="red">未设置类型</font>'; break; case 'status': $val = $val ? '已认证' : '<font color="red">未认证</font>'; break; case 'gender': case 'constellation': $val = isset($dict[$key][$val]) ? $dict[$key][$val] : '-'; break; } return $val; }, 'assign' => array('combobox' => $combobox, 'dict' => $dictCombobox))); }
/** * 文章列表管理 */ public function article($catid = 0, $search = array(), $page = 1, $rows = 10, $sort = 'istop,updatetime', $order = 'asc,desc') { $db = $this->db($catid); if (IS_POST) { //搜索 $where = array("catid = '{$catid}'"); foreach ($search as $k => $v) { if (strlen($v) < 1) { continue; } switch ($k) { case 'id': case 'istop': case 'status': $where[] = "`{$k}` = '{$v}'"; break; case 'title': case 'keywords': case 'description': case 'author': $where[] = "`{$k}` like '%{$v}%'"; break; case 'updatetime.begin': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`updatetime` >= '{$v}'"; break; case 'updatetime.end': if (!check_datetime($v)) { unset($search[$k]); continue; } $v = strtotime($v); $where[] = "`regtime` <= '{$v}'"; break; } } $where = implode(' and ', $where); //排序,支持多个字段 $sorts = explode(',', $sort); $orders = explode(',', $order); $order = array(); foreach ($sorts as $k => $sort) { $order[$sort] = $orders[$k]; } $limit = ($page - 1) * $rows . "," . $rows; $total = $db->where($where)->count(); $list = $total ? $db->where($where)->order($order)->limit($limit)->select() : array(); foreach ($list as &$info) { foreach ($info as $key => &$val) { switch ($key) { case 'status': $val = $val ? '发布' : '<font color="red">未发布</font>'; break; case 'istop': $val = $val ? '<font color="red">置顶</font>' : '未置顶'; break; case 'updatetime': $val = date('Y-m-d H:i:s', $val); break; } } } $data = array('total' => $total, 'rows' => $list); $this->ajaxReturn($data); } else { //面包屑 $category_db = D('Category'); $currentpos = $category_db->currentPos($catid); //栏目位置 $menuid = I('get.menuid'); $menu_db = D('Menu'); $currentpos = $menu_db->currentPos(I('get.menuid')) . $currentpos; //栏目位置 $this->assign('title', $currentpos); //工具栏 $toolbars = $category_db->getToolbars($catid, $type); $this->assign('toolbars', $toolbars); $this->display(); } }