function check_attr_or_const_compatible($connection_id, $num_cond, &$status)
{
global $dsleft;
global $attrleft;
global $const_val;
global $include_cond;
global $const_or_ds;
global $dsright;
global $attrright;
global $msg;
$attr_type_supported = array(0 => "integer", "float", "char", "varchar", "datetime", "date", "decimal", "money");
for ($num_rows = 0; $num_rows < $num_cond; $num_rows++) {
// Check for compatible values only if the condition has been included by the user
// (always include the first row as it is mandatory).
if (strcmp($include_cond[$num_rows], "checked") == 0 || $num_rows == 0) {
$attr_type = get_attr_type($connection_id, $dsleft[$num_rows], $attrleft[$num_rows]);
// If the user chooses a constant value on the right hand side to compare with the
// attribute on the left hand side, look for compatibility.
// (for eg., abc is not an integer, 40/43/2000 is not a valid date etc.)
if (strcmp($const_or_ds[$num_rows], "constant") == 0) {
$constant_val = $const_val[$num_rows];
for ($i = 0; $i < count($attr_type_supported); $i++) {
if (strncmp($attr_type_supported[$i], $attr_type, strlen($attr_type_supported[$i])) == 0) {
switch ($attr_type_supported[$i]) {
case "integer":
if (!ereg("^[ ]*(-?)([0-9]+)[ ]*\$", $constant_val)) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid integer. Enter an integer value.</div>";
}
break;
case "float":
case "decimal":
if (!ereg("^[ ]*(-?)[0-9]*\\.?[0-9]*[ ]*\$", $constant_val)) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid floating point number. Enter a valid floating point number.</div>";
}
break;
case "money":
if (!ereg("^[0-9]*\\.?[0-9]{0,2}\$", $constant_val)) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid money value. Enter a valid money value.</div>";
}
break;
case "char":
case "varchar":
break;
case "date":
if (ereg("^[ ]*([0-9]+)[ ]*/[ ]*([0-9]+)[ ]*/[ ]*([0-9]+)[ ]*\$", $attr_val, $val_arr)) {
if (checkdate($val_arr[2], $val_arr[3], $val_arr[1]) && $val_arr[1] < 10000) {
return;
}
}
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: constant {$constant_val} is not a valid date. Enter a valid date of the form YYYY/MM/DD</div>";
break;
case "datetime":
if (!check_datetime($attr_type_supported[$i], $constant_val, $num_rows)) {
$status = "invalid_value_error";
}
break;
default:
// None of the types match - These is something really wrong
print "<br>Error: SOMETHING IS REALLY WRONG. Please consult the Vigilert Pro Administrator.\n";
exit;
}
}
}
} else {
if (strcmp($const_or_ds[$num_rows], "ds") == 0) {
$right_attr_type = get_attr_type($connection_id, $dsright[$num_rows], $attrright[$num_rows]);
for ($i = 0; $i < count($attr_type_supported); $i++) {
if (strncmp($attr_type_supported[$i], $attr_type, strlen($attr_type_supported[$i])) == 0) {
switch ($attr_type_supported[$i]) {
case "integer":
if (strcmp($right_attr_type, "integer") != 0) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'integer' to compare with attribute on the left hand side.</div>";
}
break;
case "float":
case "decimal":
case "money":
if (strcmp($right_attr_type, "float") != 0 && strcmp($right_attr_type, "decimal") != 0 && strcmp($right_attr_type, "money") != 0 && strcmp($right_attr_type, "integer") != 0) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'float' or 'decimal' or 'money' or 'integer' to compare with attribute on the left hand side.</div>";
}
break;
case "char":
case "varchar":
if (strcmp($right_attr_type, "char") != 0 && strcmp($right_attr_type, "varchar") != 0) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'character' or 'varchar' to compare with attribute on the left hand side.</div>";
}
break;
case "date":
if (strcmp($right_attr_type, "date") != 0) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'date' to compare with attribute on the left hand side.</div>";
}
break;
case "datetime":
if (strcmp($right_attr_type, "datetime") != 0) {
$status = "invalid_value_error";
$msg[$num_rows] = "<div class=error_r>Error: attribute on the right hand side is not of type 'datetime' to compare with attribute on the left hand side.</div>";
}
break;
default:
//what are we doing here sash
print "<br>Error: SOMETHING IS REALLY WRONG. Please consult the Vigilert Pro Administrator.\n";
exit;
}
}
}
}
}
}
}
}
<?php
$sub_menu = '400400';
include_once './_common.php';
include_once './admin.shop.lib.php';
include_once G5_LIB_PATH . '/mailer.lib.php';
auth_check($auth[$sub_menu], "w");
check_admin_token();
$sql = " select * from {$g5['g5_shop_order_table']} where od_id = '{$od_id}' ";
$od = sql_fetch($sql);
if (!$od['od_id']) {
alert('주문자료가 존재하지 않습니다.');
}
if ($od_receipt_time) {
if (check_datetime($od_receipt_time) == false) {
alert('결제일시 오류입니다.');
}
}
// 결제정보 반영
$sql = " update {$g5['g5_shop_order_table']}\n set od_deposit_name = '{$_POST['od_deposit_name']}',\n od_bank_account = '{$_POST['od_bank_account']}',\n od_receipt_time = '{$_POST['od_receipt_time']}',\n od_receipt_price = '{$_POST['od_receipt_price']}',\n od_receipt_point = '{$_POST['od_receipt_point']}',\n od_refund_price = '{$_POST['od_refund_price']}',\n od_delivery_company= '{$_POST['od_delivery_company']}',\n od_invoice = '{$_POST['od_invoice']}',\n od_invoice_time = '{$_POST['od_invoice_time']}',\n od_send_cost = '{$_POST['od_send_cost']}',\n od_send_cost2 = '{$_POST['od_send_cost2']}'\n where od_id = '{$od_id}' ";
sql_query($sql);
// 주문정보
$info = get_order_info($od_id);
if (!$info) {
alert('주문자료가 존재하지 않습니다.');
}
$od_status = $od['od_status'];
$cart_status = false;
// 미수가 0이고 상태가 주문이었다면 입금으로 변경
if ($info['od_misu'] == 0 && $od['od_status'] == '주문') {
$od_status = '입금';
/**
* 邮件模板列表
*/
public function email($search = array(), $page = 1, $rows = 10, $sort = 'id', $order = 'desc')
{
//搜索
$where = array();
foreach ($search as $k => $v) {
if (strlen($v) < 1) {
continue;
}
switch ($k) {
case 'id':
case 'code':
$where[] = "`{$k}` = '{$v}'";
break;
case 'subject':
$where[] = "`{$k}` like '%{$v}%'";
break;
case 'addtime.begin':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`addtime` >= '{$v}'";
break;
case 'addtime.end':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`addtime` <= '{$v}'";
break;
case 'edittime.begin':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`edittime` >= '{$v}'";
break;
case 'edittime.end':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`edittime` <= '{$v}'";
break;
}
}
$where = implode(' and ', $where);
$this->datagrid(array('db' => M('email'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order, 'formatter' => function ($key, &$val, $info) {
switch ($key) {
case 'addtime':
case 'edittime':
$val = $val ? date('Y-m-d H:i:s', $val) : '-';
break;
}
return $val;
}));
}
/**
* 用户列表
*/
public function user($search = array(), $page = 1, $rows = 10, $sort = 'lastlogintime', $order = 'desc')
{
//搜索
$where = array("`status` = 1");
foreach ($search as $k => $v) {
if (strlen($v) < 1) {
continue;
}
switch ($k) {
case 'roleid':
case 'userid':
case 'email':
$where[] = "`{$k}` = '{$v}'";
break;
case 'username':
case 'realname':
case 'lastloginip':
$where[] = "`{$k}` like '%{$v}%'";
break;
case 'lastlogintime.begin':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`lastlogintime` >= '{$v}'";
break;
case 'lastlogintime.end':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`lastlogintime` <= '{$v}'";
break;
}
}
$where = implode(' and ', $where);
//角色列表
$roleList = M('admin_role')->getField('roleid,rolename,status', true);
$combobox = array();
foreach ($roleList as $info) {
array_push($combobox, array('value' => $info['roleid'], 'text' => $info['rolename']));
}
$this->datagrid(array('db' => D('Admin'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order, 'formatter' => function ($key, &$val, $info) use($roleList) {
switch ($key) {
case 'lastloginip':
case 'realname':
$val = $val ? $val : '-';
break;
case 'lastlogintime':
$val = $val ? date('Y-m-d H:i:s', $val) : '-';
break;
case 'roleid':
$val = isset($roleList[$val]) ? $roleList[$val]['status'] ? $roleList[$val]['rolename'] : '<font color="grey">' . $roleList[$val]['rolename'] . '[冻结]</font>' : '<font color="red">未设置角色</font>';
break;
}
return $val;
}, 'assign' => array('combobox' => $combobox)));
}
$propertyObj->set_paper_colour_scheme($userObject, $bgcolor, $fgcolor, $textsize, $marks_color, $themecolor, $labelcolor, $font, $unanswered_color, $dismiss_color);
$original_paper_type = $paper_type;
//store the original paper type - needed to retrieve answers from the correct log and functionality related decisions
$attempt = 1;
//default attempt to 1 overwritten if the student is resit candidate
$modIDs = array_keys(Paper_utils::get_modules($property_id, $mysqli));
$current_address = NetworkUtils::get_client_address();
$moduleID = $propertyObj->get_modules();
if ($userObject->has_role('Staff') and check_staff_modules($moduleID, $userObject)) {
// No further security checks.
} else {
// Treat as student with extra security checks.
// Check for additional password on the paper
check_paper_password($password, $string, $mysqli);
// Check time security
check_datetime($start_date, $end_date, $string, $mysqli);
// Check room security
$low_bandwidth = check_labs($propertyObj->get_paper_type(), $propertyObj->get_labs(), $current_address, $propertyObj->get_password(), $string, $mysqli);
// Get modules if the user is a student and the paper is not formative
$attempt = check_modules($userObject, $modIDs, $calendar_year, $string, $mysqli);
// Check for any metadata security restrictions
check_metadata($property_id, $userObject, $modIDs, $string, $mysqli);
}
// Get lab info used in log metadata
$lab_factory = new LabFactory($mysqli);
if ($lab_object = $lab_factory->get_lab_based_on_client($current_address)) {
$lab_name = $lab_object->get_name();
$lab_id = $lab_object->get_id();
}
if (time() > $end_date and ($paper_type == '1' or $paper_type == '2')) {
$paper_type = '_late';
if (is29year($year) == 1) {
if ($day > 29) {
set_result("FAILED", $prefix . "/date", i18n("Invalid day"));
return;
}
} else {
if ($day > 28) {
set_result("FAILED", $prefix . "/date", i18n("Invalid day"));
return;
}
}
}
}
if (isdigit($hour) == 0 || $hour < 0 || $hour > 23) {
set_result("FAILED", $prefix . "/time", i18n("Invalid hour"));
return;
}
if (isdigit($min) == 0 || $min < 0 || $min > 59) {
set_result("FAILED", $prefix . "/time", i18n("Invalid minute"));
return;
}
if (isdigit($sec) == 0 || $sec < 0 || $sec > 59) {
set_result("FAILED", $prefix . "/time", i18n("Invalid second"));
return;
}
set_result("OK", "", "");
}
check_datetime($FATLADY_prefix . "/runtime/device");
if ($_GLOBALS["FATLADY_result"] == "OK") {
set($FATLADY_prefix . "/valid", 1);
}
/**
* 操作日志
*/
public function operate($search = array(), $page = 1, $rows = 10, $sort = 'time', $order = 'desc')
{
$userid = user_info('userid');
//搜索
$where = array("`userid` = {$userid}");
foreach ($search as $k => $v) {
if (strlen($v) < 1) {
continue;
}
switch ($k) {
case 'controller':
case 'action':
case 'querystring':
case 'ip':
$where[] = "`{$k}` like '%{$v}%'";
break;
case 'time.begin':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$where[] = "`time` >= '{$v}'";
break;
case 'time.end':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$where[] = "`time` <= '{$v}'";
break;
}
}
$where = implode(' and ', $where);
$this->datagrid(array('db' => M('log'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order));
}
$lab_factory = new LabFactory($mysqli);
if ($lab_object = $lab_factory->get_lab_based_on_client($current_address)) {
$lab_name = $lab_object->get_name();
$lab_id = $lab_object->get_id();
}
$moduleID = $propertyObj->get_modules();
if ($userObject->has_role('Staff') and check_staff_modules($moduleID, $userObject)) {
// No further security checks.
} else {
// Treat as student with extra security checks.
// Get the module IDs for this paper
$modIDs = array_keys(Paper_utils::get_modules($propertyObj->get_property_id(), $mysqli));
// Check for additional password on the paper
check_paper_password($propertyObj->get_password(), $string, $mysqli);
// Check time security
check_datetime($propertyObj->get_start_date(), $propertyObj->get_end_date(), $string, $mysqli);
// Check room security
$low_bandwidth = check_labs($propertyObj->get_paper_type(), $propertyObj->get_labs(), $current_address, $propertyObj->get_password(), $string, $mysqli);
// Check modules if the user is a student and the paper is not formative
$attempt = check_modules($userObject, $modIDs, $propertyObj->get_calendar_year(), $string, $mysqli);
// Check for any metadata security restrictions
check_metadata($propertyObj->get_property_id(), $userObject, $modIDs, $string, $mysqli);
$summative_exam_session_started = false;
}
$is_preview = (isset($_POST['mode']) and $_POST['mode'] == 'preview');
$paper_scheduled = $propertyObj->get_start_date() !== null;
if ($propertyObj->get_exam_duration() != null and $propertyObj->get_paper_type() == '2') {
$log_lab_end_time = new LogLabEndTime($lab_id, $propertyObj, $mysqli);
$summative_exam_session_started = $log_lab_end_time->get_session_end_date_datetime();
}
if (!$is_preview and time() > $propertyObj->get_end_date() and ($propertyObj->get_paper_type() == '1' or $propertyObj->get_paper_type() == '2' and $paper_scheduled and $summative_exam_session_started == false)) {
/**
* 会员列表
*/
public function user($search = array(), $page = 1, $rows = 10, $sort = 'lastlogintime', $order = 'desc')
{
//搜索
$where = array();
foreach ($search as $k => $v) {
if (strlen($v) < 1) {
continue;
}
switch ($k) {
case 'memberid':
case 'gender':
case 'constellation':
case 'status':
$where[] = "`{$k}` = '{$v}'";
break;
case 'username':
case 'nick':
case 'mobile':
$where[] = "`{$k}` like '%{$v}%'";
break;
case 'regtime.begin':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`regtime` >= '{$v}'";
break;
case 'regtime.end':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`regtime` <= '{$v}'";
break;
case 'lastlogintime.begin':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`lastlogintime` >= '{$v}'";
break;
case 'lastlogintime.end':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`lastlogintime` <= '{$v}'";
break;
}
}
$where = implode(' and ', $where);
//角色列表
$typeList = M('member_type')->getField('typeid,typename,status', true);
$combobox = array();
foreach ($typeList as $info) {
array_push($combobox, array('value' => $info['typeid'], 'text' => $info['typename']));
}
$dict = dict('', 'Member');
$dictCombobox = array('gender' => array(), 'constellation' => array());
foreach ($dict['gender'] as $key => $val) {
array_push($dictCombobox['gender'], array('text' => $val, 'value' => $key));
}
foreach ($dict['constellation'] as $key => $val) {
array_push($dictCombobox['constellation'], array('text' => $val, 'value' => $key));
}
$this->datagrid(array('db' => M('member'), 'where' => $where, 'page' => $page, 'rows' => $rows, 'sort' => $sort, 'order' => $order, 'formatter' => function ($key, &$val, $info) use($typeList, $dict) {
switch ($key) {
case 'head':
$val = '<img class="easytp-layer" src="' . member_head($info['head']) . '" height="50"/>';
break;
case 'regtime':
case 'lastlogintime':
$val = $val ? date('Y-m-d H:i:s', $val) : '-';
break;
case 'lastloginip':
$val = $val ? $val : '-';
break;
case 'typeid':
$val = isset($typeList[$val]) ? $typeList[$val]['status'] ? $typeList[$val]['typename'] : '<font color="grey">' . $typeList[$val]['typename'] . '[冻结]</font>' : '<font color="red">未设置类型</font>';
break;
case 'status':
$val = $val ? '已认证' : '<font color="red">未认证</font>';
break;
case 'gender':
case 'constellation':
$val = isset($dict[$key][$val]) ? $dict[$key][$val] : '-';
break;
}
return $val;
}, 'assign' => array('combobox' => $combobox, 'dict' => $dictCombobox)));
}
/**
* 文章列表管理
*/
public function article($catid = 0, $search = array(), $page = 1, $rows = 10, $sort = 'istop,updatetime', $order = 'asc,desc')
{
$db = $this->db($catid);
if (IS_POST) {
//搜索
$where = array("catid = '{$catid}'");
foreach ($search as $k => $v) {
if (strlen($v) < 1) {
continue;
}
switch ($k) {
case 'id':
case 'istop':
case 'status':
$where[] = "`{$k}` = '{$v}'";
break;
case 'title':
case 'keywords':
case 'description':
case 'author':
$where[] = "`{$k}` like '%{$v}%'";
break;
case 'updatetime.begin':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`updatetime` >= '{$v}'";
break;
case 'updatetime.end':
if (!check_datetime($v)) {
unset($search[$k]);
continue;
}
$v = strtotime($v);
$where[] = "`regtime` <= '{$v}'";
break;
}
}
$where = implode(' and ', $where);
//排序,支持多个字段
$sorts = explode(',', $sort);
$orders = explode(',', $order);
$order = array();
foreach ($sorts as $k => $sort) {
$order[$sort] = $orders[$k];
}
$limit = ($page - 1) * $rows . "," . $rows;
$total = $db->where($where)->count();
$list = $total ? $db->where($where)->order($order)->limit($limit)->select() : array();
foreach ($list as &$info) {
foreach ($info as $key => &$val) {
switch ($key) {
case 'status':
$val = $val ? '发布' : '<font color="red">未发布</font>';
break;
case 'istop':
$val = $val ? '<font color="red">置顶</font>' : '未置顶';
break;
case 'updatetime':
$val = date('Y-m-d H:i:s', $val);
break;
}
}
}
$data = array('total' => $total, 'rows' => $list);
$this->ajaxReturn($data);
} else {
//面包屑
$category_db = D('Category');
$currentpos = $category_db->currentPos($catid);
//栏目位置
$menuid = I('get.menuid');
$menu_db = D('Menu');
$currentpos = $menu_db->currentPos(I('get.menuid')) . $currentpos;
//栏目位置
$this->assign('title', $currentpos);
//工具栏
$toolbars = $category_db->getToolbars($catid, $type);
$this->assign('toolbars', $toolbars);
$this->display();
}
}
