/**
* @param $type
* @param $user_id
* @return array
*/
public function read_files_by_type_owner($type, $user_id, $limit = '')
{
check_int($user_id, 'user_id');
check_string($type, 'type');
$sql = "SELECT\n user_files.id AS user_files_id,\n user_file_types.name type,\n files.name file_name,\n files.date_added,\n files.id files_id\n\n FROM user_files\n INNER JOIN user_file_states ON user_file_states.id = user_files.user_file_states_id\n INNER JOIN user_file_types ON user_file_types.id = user_files.user_file_types_id\n INNER JOIN files ON files.id = user_files.files_id\n INNER JOIN users ON users.id = user_files.users_id\n WHERE users.id = {$user_id} AND user_file_types.name = '{$type}'\n ORDER BY files.date_added DESC\n " . ((int) $limit > 0 ? "LIMIT {$limit}" : "") . "\n ;";
return $this->common($sql);
}
function nick()
{
$reg_mb_nick = $this->input->post('reg_mb_nick');
$TRUE = $FALSE = FALSE;
// 별명은 한글, 영문, 숫자만 가능
$this->load->helper('chkstr');
if (!check_string($reg_mb_nick, _RT_HANGUL_ + _RT_ALPHABETIC_ + _RT_NUMERIC_)) {
$FALSE = '별명은 공백없이 한글, 영문, 숫자만 입력 가능합니다.';
} else {
if (strlen($reg_mb_nick) < 4) {
$FALSE = '한글 2글자, 영문 4글자 이상 입력 가능합니다.';
} else {
$row = $this->Register_model->is('mb_nick', $reg_mb_nick);
if ($row != 0) {
$FALSE = '이미 존재하는 별명입니다.';
} else {
if (preg_match("/[\\,]?" . $reg_mb_nick . "/i", $this->config->item('cf_prohibit_id'))) {
$FALSE = '예약어로 사용할 수 없는 별명 입니다.';
} else {
$TRUE = '사용하셔도 좋은 별명 입니다.';
}
}
}
}
if ($TRUE) {
echo '<span class="text-success">' . $TRUE . '</span>';
} else {
if ($FALSE) {
echo '<span class="text-danger">' . $FALSE . '</span>';
}
}
}
/**
* @param $id
* @param $field
* @param $value
* @param $table
* @return array
*/
public function update_field($id, $field, $value, $table)
{
check_int($id, 'id');
check_string($field, 'field');
check_string($value, 'value');
check_string($table, 'table');
$sql = "UPDATE `{$table}` SET `{$field}` = " . $this->db->escape($value) . " WHERE id = " . $this->db->escape($id) . ";";
return $this->common($sql);
}
function isAuthorized()
{
global $db, $CNF;
session_start();
$cookie_id = check_string($_COOKIE["user_id"], "digits");
$cookie_hash = check_string($_COOKIE["hash"], "string");
if (isset($cookie_id) and isset($cookie_hash)) {
$db = new DBLayer($CNF["db_host"], $CNF["db_user"], $CNF["db_pass"], $CNF["db_name"]);
$db->query("SET NAMES utf8");
$query_auth = $db->query("SELECT `uid`,`login`,`lastname`,`firstname`,`settings` FROM users WHERE `gid`=1 AND `uid`='{$cookie_id}' AND `pass_hash`='{$cookie_hash}'");
if ($db->num_rows($query_auth) == 1) {
$auth = $db->fetch_assoc($query_auth);
return $auth;
}
}
return false;
}
<?php
require 'conf.php';
require 'subs.php';
session_start();
// -- begin ENV -- //
$name = empty($_POST['name']) ? '' : check_string($_POST['name'], 'string');
// Login
$msg_class = empty($_POST['msg_class']) ? '' : $_POST['msg_class'];
// Класс сообщения (failed или success)
$msg = empty($_POST['msg']) ? '' : $_POST['msg'];
// Сообщения
// -- end ENV -- //
// ----- BEGIN ----- //
if (!isset($_POST['stage'])) {
include './forms/login.html';
/*Форма для ввода имени и пароля*/
} else {
if ($_POST['stage'] == 'Go') {
$admin_login = get_data_from_db(array("0" => "SELECT id,login,fio,email,permission FROM admins WHERE login='******' and pass='******'pass']) . "'"));
if ($admin_login[0] != '' and count($admin_login[0]) == 1) {
$_SESSION['valid'] = true;
$_SESSION['admin_id'] = $admin_login[0][0]['id'];
$_SESSION['admin'] = $admin_login[0][0]['login'];
$_SESSION['admin_fio'] = $admin_login[0][0]['fio'];
$_SESSION['admin_email'] = $admin_login[0][0]['email'];
$_SESSION['permission'] = $admin_login[0][0]['permission'];
unset($_POST['name'], $_POST['pass'], $_POST['stage']);
header("Location: index2.php");
} else {
$msg_class = 'failed';
<?php
session_start();
ob_start();
include 'db.inc.php';
include 'functions.php';
$action = $_POST['action'];
if ($action == "addfeedback") {
$url = "personal_trainings.php";
$error_msg = "";
$registration_id = $_SESSION['registration_id'];
$trainer_registraion_id = $_POST['trainer_registraion_id'];
$post_date = date('Y-m-d h:i:s');
$feed_description = check_string($_POST['feed_description']);
if ($feed_description == 1) {
$error_msg .= "<li>Enter Some Description</li>";
} else {
$feed_description = $_POST['feed_description'];
}
if ($error_msg == "") {
$check = $conn->query("select * from master_feedback where trainer_id='{$trainer_registraion_id}' and registration_id='{$registration_id}'");
$checkrows = $check->num_rows;
if ($checkrows > 0) {
$error_msg .= "Feedback is Alredy given";
} else {
if ($conn->query("insert into master_feedback set registration_id='{$registration_id}',trainer_id='{$trainer_registraion_id}',feed_description='{$feed_description}',status='1',post_date='{$post_date}'") == TRUE) {
$error_msg = "success";
} else {
$error_msg = "";
$url = "error.php";
}
$level = is_null($level) ? 'testsuite' : $level;
break;
}
}
$args->action = $action;
$smarty->assign('level', $level);
$smarty->assign('page_title', lang_get('container_title_' . $level));
if ($init_opt_transfer) {
$opt_cfg = initializeOptionTransfer($tproject_mgr, $tsuite_mgr, $args, $action);
}
// create web editor objects
list($oWebEditor, $webEditorHtmlNames, $webEditorTemplateKey) = initWebEditors($action, $level, $editorCfg);
if ($get_c_data) {
$name_ok = 1;
$c_data = getValuesFromPost($webEditorHtmlNames);
if ($name_ok && !check_string($c_data['container_name'], $g_ereg_forbidden)) {
$msg = $l18n['string_contains_bad_chars'];
$name_ok = 0;
}
if ($name_ok && $c_data['container_name'] == "") {
$msg = $l18n['warning_empty_testsuite_name'];
$name_ok = 0;
}
}
switch ($action) {
case 'fileUpload':
switch ($level) {
case 'testsuite':
fileUploadManagement($db, $args->testsuiteID, $args->fileTitle, $tsuite_mgr->getAttachmentTableName());
$gui = initializeGui($tsuite_mgr, $args->testsuiteID, $args, $l18n);
$gui->refreshTree = 0;
//$str = "\$mb_id = trim(strip_tags(mysql_real_escape_string(\$_POST[mb_id])));
$str = "if (preg_match(\"/[^0-9a-z_]+/i\", \$mb_id)) {\n alert(\"회원아이디는 영문자, 숫자, _ 만 사용할수 있습니다.\");\n}";
$file = str_replace("<?php", "", $file);
$file = str_replace("<?", "", $file);
$file = str_replace("?" . ">", "", $file);
$file = str_replace($str, "", $file);
//g5
$str = 'if ($msg = valid_mb_id($mb_id))';
$file = str_replace($str, "//", $file);
$str = <<<HEREDOC
echo "
<html><title>회원정보수정</title><meta http-equiv='Content-Type' content='text/html; charset=\$g4[charset]'></html><body>
<form name='fregisterupdate' method='post' action='{\$https_url}/register_form.php'>
<input type='hidden' name='w' value='u'>
<input type='hidden' name='mb_id' value='{\$mb_id}'>
<input type='hidden' name='mb_password' value='{\$tmp_password}'>
<input type='hidden' name='is_update' value='1'>
</form>
<script type='text/javascript'>
alert('회원 정보가 수정 되었습니다.');
document.fregisterupdate.submit();
</script>
</body>
</html>";
HEREDOC;
$file = str_replace($str, "alert('회원정보가 수정되었습니다.', \$g4[path]);", $file);
if (!check_string($member['mb_name'], _G4_HANGUL_)) {
$file = str_replace("set mb_nick", "set mb_name = '\$mb_name', mb_nick", $file);
}
eval($file);
exit;
function mysql_update_query($table, $rsnew, $id_key)
{
$upd_query = "UPDATE {$table} SET ";
$flag = false;
$updates_value = array();
foreach ($rsnew as $key => $value) {
/* echo "<br><br>analisi campo $key";
echo "<br>vecchio valore ".$rsold->fields($key);
echo "<br>nuovo valore ".$updates[$key];*/
//se è il campo id vado al campo successivo
if ($key == $id_key) {
continue;
}
if ($value == 'NOW()') {
$newvalue = $value;
} elseif ($value == 'null') {
$newvalue = 'null';
} else {
$newvalue = "'" . check_string($value) . "'";
}
$updates_value[] = " {$key} = {$newvalue} ";
}
return $upd_query . " " . implode(',', $updates_value) . " WHERE {$id_key} = '" . $rsnew[$id_key] . "'; ";
}
<?php
#---------------------------------------------#
# ********* RotorCMS ********* #
# Author : Vantuz #
# Email : visavi.net@mail.ru #
# Site : http://visavi.net #
# ICQ : 36-44-66 #
# Skype : vantuzilla #
#---------------------------------------------#
require_once 'includes/start.php';
require_once 'includes/functions.php';
require_once 'includes/header.php';
$act = isset($_GET['act']) ? check($_GET['act']) : 'index';
$domain = check_string($config['home']);
switch ($act) {
############################################################################################
## Авторизация ##
############################################################################################
case 'index':
$login = isset($_REQUEST['login']) ? check(utf_lower($_REQUEST['login'])) : '';
$pass = isset($_REQUEST['pass']) ? md5(md5(trim($_REQUEST['pass']))) : '';
if (!empty($_POST['cookietrue']) || !empty($_GET['login'])) {
$cookietrue = 1;
}
if (!empty($login) && !empty($pass)) {
$udata = DB::run()->queryFetch("SELECT `users_login`, `users_pass` FROM `users` WHERE LOWER(`users_login`)=? OR LOWER(`users_nickname`)=? LIMIT 1;", array($login, $login));
if (!empty($udata)) {
if ($pass == $udata['users_pass']) {
if (!empty($cookietrue)) {
setcookie('cooklog', $udata['users_login'], time() + 3600 * 24 * 365, '/', $domain);
if ($_FILES['upload_cv']['name'] != "") {
$upload_cv = uploadFile($file_name, $file_temp, $file_type, $file_size, "cv");
if (preg_match("<li>", $upload_cv)) {
$error_msg .= $upload_cv;
}
} else {
if ($check_upload_cv != '') {
$upload_cv = $check_upload_cv;
} else {
$error_msg .= "<li>Please Upload your CV</li>";
}
}
} else {
$upload_cv = "";
}
$preffered_location_flag = check_string($_POST['preffered_location']);
if ($preffered_location_flag == 1) {
$error_msg .= "<li>Please enter valid location</li>";
} else {
$preffered_location = $_POST['preffered_location'];
}
$brief_profile_flag = $_POST['brief_profile'];
if ($brief_profile_flag == "") {
$error_msg .= "<li>Please enter valid text in your profile</li>";
} else {
$brief_profile = $_POST['brief_profile'];
}
$brief_profile = ereg_replace("\n", "<br/>", $_POST['brief_profile']);
$keyword_skill_flag = $_POST['keyword_skill'];
if ($keyword_skill_flag == "") {
$error_msg .= "<li>Please enter valid text in your keyword</li>";
$rating = check_string($_REQUEST['rating'], 'digits');
$result = rateTicket($admin_login["uid"], $ticket, $rating);
break;
case "changeTicketStatus":
$ticket = check_string($_REQUEST['ticket'], 'digits');
$status = check_string($_REQUEST['status'], 'digits');
$result = changeTicketStatus($admin_login["uid"], $ticket, $status);
break;
case 'reloadComments':
require_once "../vendor/autoload.php";
Twig_Autoloader::register();
$loader = new Twig_Loader_Filesystem("../templates/helpdesk");
$twig = new Twig_Environment($loader, array("cache" => ""));
$c['users'] = getUsers();
$c['uid'] = $admin_id;
$ticket_id = check_string($_REQUEST['ticket_id'], 'digits');
$hide_autocomments = check_string($_REQUEST['hide_autocomments'], 'text');
$c['ticket']['comments'] = getTicketComments($ticket_id);
$template = $hide_autocomments == 0 ? 'ticket_edit_comments.twig' : 'client/ticket_view_comments.twig';
$result['comments_block'] = $twig->render($template, $c);
$result['success'] = true;
unset($result['msg']);
break;
}
}
/* Возвращаем результат также в виде JSON-объекта.
* В случае безошибочного получения результата,
* Делаем $result['success'] = true;
* Остальные параметры - опциональные
* */
print_r(json_encode($result));
$company_contact_email = $_POST['company_contact_email'];
}
$comapny_landline = $_REQUEST['comapny_landline'];
$address1_flag = check_string($_REQUEST['address1']);
if ($address1_flag == 1) {
$error_msg .= "<li>Enter valid address1</li>";
} else {
$address1 = $_REQUEST['address1'];
}
$address2_flag = check_string($_REQUEST['address2']);
if ($address2_flag == 1) {
$error_msg .= "<li>Enter valid address2</li>";
} else {
$address2 = $_REQUEST['address2'];
}
$address3 = $_POST['address3'];
$pincode_flag = check_string($_REQUEST['pincode']);
if ($pincode_flag == 1) {
$error_msg .= "<li>Enter valid pincode</li>";
} else {
$pincode = $_REQUEST['pincode'];
}
if ($error_msg == "") {
if ($conn->query("update job_profile set fname='{$fname}',company_name='{$company_name}',company_profile='{$company_profile}',company_contact_email='{$company_contact_email}',comapny_landline='{$comapny_landline}',address1='{$address1}',address2='{$address2}',address3='{$address3}',pincode='{$pincode}' where registration_id='{$registration_id}'") == TRUE) {
$error_msg = "success";
} else {
$url = "error.php";
$error_msg = "";
}
}
echo json_encode(array('url' => $url, 'error_msg' => $error_msg));
$form_admin = empty($_POST['form_admin']) ? '' : check_string($_POST['form_admin'], 'string');
// Логин админа с формы
$form_permission_id = empty($_POST['form_permission_id']) ? '' : check_string($_POST['form_permission_id'], 'digits');
// Права доступа админа (группа) с формы
if (isset($_POST['form_admin_email']) and $_POST['form_admin_email'] != '') {
if (check_string($_POST['form_admin_email'], 'email')) {
$form_admin_email = $_POST['form_admin_email'];
} else {
$form_admin_email = '';
}
} else {
$form_admin_email = '';
}
$form_admin_pass = empty($_POST['form_admin_pass']) ? '' : $_POST['form_admin_pass'];
// Пароль админа с формы
$action = empty($_REQUEST['action']) ? '' : check_string($_REQUEST['action'], 'string');
// Действие
//$msg_class = empty($_POST['msg_class']) ? '' : $_POST['msg_class']; // Класс сообщения (failed или success)
$page_name = 'Личный кабинет: ' . $admin_fio;
// -- end ENV -- //
// ----- BEGIN ----- //
switch ($action) {
case 'cabinet_edit':
//Проверка введённых данных
if (strlen($form_admin_fio) > 3 and strlen($form_admin) > 3 and $form_permission_id != '' and $form_admin_email != '') {
if ($permission_id == 1) {
if ($form_admin_pass != '') {
$query_cabinet_edit = "UPDATE admins SET login='******',fio='" . $form_admin_fio . "',pass='******',email='" . $form_admin_email . "',permission=" . $form_permission_id . " WHERE id=" . $admin_id;
} else {
// Иначе пароль не указан, пароль не менять
$query_cabinet_edit = "UPDATE admins SET login='******',fio='" . $form_admin_fio . "',email='" . $form_admin_email . "',permission=" . $form_permission_id . " WHERE id=" . $admin_id;
if ($permissions["bills"] == 'deny') {
unset($TITLE["bills"]);
}
if ($permissions["users"] == 'deny') {
unset($TITLE["users"]);
}
$c['sections'] = $TITLE;
$c['dir'] = "helpdesk/reports";
$c['admin_fio'] = $c["lastname"] . " " . $c["firstname"];
$c['notify'] = getBurnedCounts($c["uid"]);
$admins = getAdmins(true);
$performer = isset($_REQUEST["performer"]) ? check_string($_REQUEST["performer"], "digits") : null;
$p = isset($performer) ? array($admins[$performer]['uid'] => $admins[$performer]) : $admins;
// print_r($p);
$month = (int) (isset($_REQUEST["m"]) ? check_string($_REQUEST["m"], "digits") : date("m"));
$year = isset($_REQUEST["y"]) ? check_string($_REQUEST["y"], "digits") : date("Y");
$days = date("t", strtotime("{$year}-{$month}-1"));
if ($month > 0) {
$dates = "{$year}-{$month}-1,{$year}-{$month}-{$days} 23:59:59";
} else {
$dates = "{$year}-1-1,{$year}-12-31 23:59:59";
}
$c["performer"] = $performer;
$c["MONTHS"] = $MONTHS;
$c["MONTHS"][0] = "весь год";
$c["month"] = $month;
$c["year"] = $year;
$c["dates"] = $dates;
foreach ($p as $admin) {
$uid = $admin['uid'];
$p[$uid]['filter_opened'] = '{"performers":"@' . $uid . '@","dates":"' . $dates . '"}';
// Разбитая дата: Array ( [0] => day [1] => month [2] => year )
for ($i = 2; $i >= 0; $i--) {
@($birthday .= $date_expl[$i]);
}
// Дата в SQL-формате: yearmonthday
} else {
$msg = 'Дата рождения не верна!';
$msg_class = 'failed';
$birthday = '00000000';
}
// - Переменные модулей: $mod_(modulename)_(varname)
$mod_ad_login = empty($_POST['mod_ad_login']) ? '' : check_string($_POST['mod_ad_login'], 'string');
// Имя пользователя в АД (pkobzev)
$mod_ad_passwd = empty($_POST['mod_ad_passwd']) ? '' : check_string($_POST['mod_ad_passwd'], 'string');
$mod_aexpres_login = empty($_POST['mod_aexpres_login']) ? '' : check_string($_POST['mod_aexpres_login'], 'string');
$mod_mail_login = empty($_POST['mod_mail_login']) ? '' : check_string($_POST['mod_mail_login'], 'email');
// -
unset($sprav_data, $areaArray, $postArray, $gildArray, $date_expl);
// Удаление временных переменных
// -- end ENV -- //
// ----- BEGIN ----- //
switch ($action) {
case 'add':
if ($stage == 'save') {
$query_add = "INSERT INTO users(date_add,fio1,fio2,fio3,birthday,photo,post_id,area_id,gild_id,status,comment,admin_add_id) VALUES (NOW(),'" . $fio1 . "','" . $fio2 . "','" . $fio3 . "'," . $birthday . ",'" . $photoname . "'," . $post_id . "," . $area_id . "," . $gild_id . ",1,'" . $comment . "',(SELECT id from admins WHERE login='******'))";
if (write_data_to_db($query_add, 'insert')) {
$msg = 'Заявка отправлена';
$msg_class = 'success';
$msg_mail = "Сотрудник " . $fio1 . ' ' . $fio2 . ' ' . $fio3 . " принят на должность " . $posts[$post_id] . " с " . date('d.m.Y') . "г." . $cfg_mail_sign;
mail_send($cfg_mailto, "Новый сотрудник: " . $fio1 . " " . $fio2 . " " . $fio3, $msg_mail);
} else {
/**
* Checks a test project name for sintax correctness
*
* @param string $name the name to check
* @return map with keys: status_ok, msg
**/
function checkNameSintax($name)
{
$forbidden_pattern = config_get('ereg_forbidden');
$ret['status_ok'] = 1;
$ret['msg'] = 'ok';
if ($name == "") {
$ret['msg'] = lang_get('info_product_name_empty');
$ret['status_ok'] = 0;
}
if ($ret['status_ok'] && !check_string($name, $forbidden_pattern)) {
$ret['msg'] = lang_get('string_contains_bad_chars');
$ret['status_ok'] = 0;
}
return $ret;
}
function init_args(&$treeMgr)
{
$args = new stdClass();
$_REQUEST = strings_stripSlashes($_REQUEST);
$args->containerType = isset($_REQUEST['containerType']) ? $_REQUEST['containerType'] : 'testsuite';
$args->details = isset($_REQUEST['details']) ? $_REQUEST['details'] : '';
$args->midAirCollisionTimeStamp = isset($_REQUEST['midAirCollisionTimeStamp']) ? $_REQUEST['midAirCollisionTimeStamp'] : '';
$args->userID = $_SESSION['userID'];
$args->userObj = $_SESSION['currentUser'];
$args->tproject_name = '';
$args->tproject_id = isset($_REQUEST['tproject_id']) ? intval($_REQUEST['tproject_id']) : 0;
if ($args->tproject_id) {
$dummy = $treeMgr->get_node_hierarchy_info($args->tproject_id);
$args->tproject_name = $dummy['name'];
}
$args->refreshTree = testproject::getUserChoice($args->tproject_id, array('tcaseTreeRefreshOnAction', 'edit_mode'));
$keys2loop = array('nodes_order' => null, 'tcaseSet' => null, 'target_position' => 'bottom', 'doAction' => '');
foreach ($keys2loop as $key => $value) {
$args->{$key} = isset($_REQUEST[$key]) ? $_REQUEST[$key] : $value;
}
$args->tsuite_name = isset($_REQUEST['testsuiteName']) ? $_REQUEST['testsuiteName'] : null;
$args->bSure = isset($_REQUEST['sure']) && $_REQUEST['sure'] == 'yes';
$args->assigned_keyword_list = isset($_REQUEST['assigned_keyword_list']) ? $_REQUEST['assigned_keyword_list'] : "";
// integer values
$keys2loop = array('testsuiteID' => null, 'containerID' => null, 'objectID' => null, 'copyKeywords' => 0);
foreach ($keys2loop as $key => $value) {
$args->{$key} = isset($_REQUEST[$key]) ? intval($_REQUEST[$key]) : $value;
}
// hmmm IMHO depends on action
// Would like to remove
if (is_null($args->containerID)) {
$args->containerID = $args->tproject_id;
}
if (isset($_REQUEST['container_name'])) {
$args->nameIsOK = true;
$args->msg = '';
$args->container_name = $args->name = trim($_REQUEST['container_name']);
if (!check_string($args->container_name, config_get('ereg_forbidden'))) {
$args->msg = lang_get('string_contains_bad_chars');
$args->nameIsOK = false;
}
if ($args->nameIsOK && $args->container_name == '') {
$args->msg = lang_get('warning_empty_com_name');
$args->nameIsOK = false;
}
}
return $args;
}
function valid_mb_name($mb_name)
{
if (!check_string($mb_name, G5_HANGUL)) {
return "이름은 공백없이 한글만 입력 가능합니다.";
} else {
return "";
}
}
$config['themes'] = 'default';
}
if ($config['nickname'] == '' && file_exists(BASEDIR . 'INSTALL.php') && !strstr($php_self, 'INSTALL.php')) {
header('Location: ' . BASEDIR . 'INSTALL.php?' . SID);
exit;
}
if ($config['closedsite'] == 1 && !strstr($php_self, 'pages/closed.php') && !strstr($php_self, 'input.php') && $log != $config['nickname']) {
header('Location: ' . $config['home'] . '/pages/closed.php?' . SID);
exit;
}
$header_title = '';
############################################################################################
## Кто-откуда ##
############################################################################################
if ($http_referer != 'Не определено') {
$checkref = check_string($http_referer);
if ($checkref != $config['servername']) {
if (preg_match('#^([a-z0-9_\\-\\.])+(\\.([a-z0-9\\/])+)+$#', $checkref)) {
$refstring = search_string(DATADIR . 'referer.dat', $checkref, 0);
if ($refstring) {
$textref = no_br($checkref . '|' . ($refstring[1] + 1) . '|' . SITETIME . '|' . $ip . '|');
replace_lines(DATADIR . 'referer.dat', $refstring['line'], $textref);
} else {
$textref = no_br($checkref . '|1|' . SITETIME . '|' . $ip . '|');
write_files(DATADIR . 'referer.dat', $textref . "\r\n");
}
$refcount = counter_string(DATADIR . 'referer.dat');
if ($refcount >= $config['referer']) {
delete_lines(DATADIR . 'referer.dat', array(0, 1));
}
}
$mh_reply = preg_replace('#[^0-9\\-]#', '', trim($mh_reply));
$mh_message = clean_xss_tags(trim($mh_message));
if (!$mh_reply) {
alert('보내는 번호를 입력해주세요.');
}
if (!$mh_message) {
alert('메세지를 입력해주세요.');
}
if ($is_admin != 'super') {
$mh_reply = get_hp($mh_reply, 0);
if (!$mh_reply) {
alert("보내는 번호가 올바르지 않습니다.");
}
} else {
$mh_reply = str_replace("-", "", $mh_reply);
if (!check_string($mh_reply, G5_NUMERIC)) {
alert("보내는 번호가 올바르지 않습니다.");
}
}
$mh_hp = explode(',', $mh_hp);
if ($mb_id) {
$mb = get_member($mb_id);
if (!$mb['mb_sms'] || !$mb['mb_open']) {
alert("정보를 공개하지 않았습니다.");
}
if ($mb['mb_hp']) {
array_push($mh_hp, $mb['mb_hp']);
}
}
if (!count($mh_hp)) {
alert('받는 번호를 입력해주세요.');
function mb_nick_check($str)
{
if (!check_string($str, _RT_HANGUL_ + _RT_ALPHABETIC_ + _RT_NUMERIC_)) {
$this->form_validation->set_message('mb_nick_check', '별명은 공백없이 한글, 영문, 숫자만 입력 가능합니다.');
return FALSE;
}
if (preg_match("/[\\,]?" . $str . "/i", $this->config->item('cf_prohibit_id'))) {
$this->form_validation->set_message('mb_nick_check', $str . ' 은(는) 예약어로 사용하실 수 없는 별명입니다.');
return FALSE;
}
if (!$this->input->post('w') || $this->input->post('mb_nick_default') != $this->input->post('mb_nick')) {
$row = $this->Register_model->is('mb_nick', $str);
if ($row != 0) {
$this->form_validation->set_message('mb_nick_check', $str . ' 은(는) 이미 다른분이 사용중인 별명이므로 사용이 불가합니다.');
return FALSE;
}
}
return TRUE;
}
/**
* @param $users_id
* @param $data
* @return array
*/
public function update_user_work_experience($users_id, $data)
{
$id = $data['id'];
check_int($id, 'id');
check_int($users_id, 'users_id');
foreach ($data as $index => $value) {
if ($value === 'users_id') {
check_int($value, $index);
} elseif (in_array($index, array('users_id', 'position', 'year_from', 'month_from', 'company')) === true) {
check_string($value, $index);
}
}
$date_from = date('Y-m-d', strtotime($data['year_from'] . ' ' . $data['month_from']));
$date_to = date('Y-m-d', strtotime($data['year_to'] . ' ' . $data['month_to']));
$data['monthly_salary'] = '';
$data['is_present'] = 0;
if ($data['month_to'] === 'Present') {
$data['is_present'] = 1;
$date_to = '';
}
$sql = "UPDATE user_work_experieces\n SET\n position = " . $this->db->escape($data['position']) . ",\n date_from = " . $this->db->escape($date_from) . ",\n " . (strlen($date_to) > 0 ? "date_to = " . $this->db->escape($date_to) . "," : "") . "\n is_present = " . $this->db->escape($data['is_present']) . ",\n monthly_salary = " . $this->db->escape($data['monthly_salary']) . ",\n company = " . $this->db->escape($data['company']) . ",\n description = " . $this->db->escape($data['description']) . "\n WHERE id = {$id} AND users_id = {$users_id}\n ";
return $this->common($sql);
}
// id-картриджа
$model = isset($_REQUEST["model"]) ? check_string($_REQUEST["model"], "digits") : 0;
// Модель картриджи
$full = isset($_REQUEST["full"]) ? check_string($_REQUEST["full"], "digits") : null;
// Кол-во полных картриджей
$use = isset($_REQUEST["use"]) ? check_string($_REQUEST["use"], "digits") : null;
// Кол-во картриджей в работе
$comment = isset($_REQUEST["comment"]) ? check_string($_REQUEST["comment"], "text") : null;
// Комментарий к картриджам
$find_text = isset($_REQUEST["find_text"]) ? check_string($_REQUEST["find_text"], "text") : null;
// Текст для поиска
$msg_class = isset($_REQUEST["msg_class"]) ? check_string($_REQUEST["msg_class"], "text") : null;
// Класс сообщения
$msg = isset($_REQUEST["msg"]) ? check_string($_REQUEST["msg"], "text") : null;
// Сообщения
$page_num = isset($_REQUEST["page_num"]) ? check_string($_REQUEST["page_num"], "digits") : 0;
// Номер страницы
$notifies = getBurnedCounts($admin_login["uid"]);
// $order_by = isset($_SESSION["order_by"]) ? "ORDER BY ".$_SESSION["order_by"] : "ORDER BY `id`";// Настройка сортировки
// Фильтр для использования в SQL-запросах:
$filter_sql = " WHERE `deleted` != 1 ";
$filter_sql .= $area != 0 ? " AND `area`={$area}" : "";
$filter_sql .= $model != 0 ? " AND `model`={$model}" : "";
// Фильтр для использования c GET-параметрами:
$filter = $area != 0 ? "&area={$area}" : "&area=0";
$filter .= $model != 0 ? "&model={$model}" : "&model=0";
// Заполнение селекторов территорий, отделов и должностей
$query_models = $db->query("SELECT `id`, `name`, `cartridge4u_id`,\r\n (select count(*) from supply where `model` = supply_models.`id` and `use` > 0) as `count`\r\n FROM supply_models\r\n WHERE `deleted` is null ORDER BY `name`");
while ($models_res = $db->fetch_row($query_models)) {
$models[$models_res[0]] = $models_res[1];
$cartridge4u_id[$models_res[0]] = $models_res[2];
$TPm = str_replace('[max_len]', $config['max_pm_len'], $TPm);
} else {
// usereingaben checken ---------------------------
$err_mess = '';
$r_user = db_query("SELECT \n\t\t user_id,\n\t\t user_name,\n\t\t\t user_mail,\n\t\t\t pm_count,\n\t\t\t groupids\n\t\t FROM " . $pref . "user WHERE user_name='" . addslashes($username) . "'");
if (db_rows($r_user) != 1) {
$err_mess .= 'Es ist kein User mit diesem Namen registriert.';
} else {
$user = db_result($r_user);
if ($user['user_id'] == U_ID) {
$err_mess .= 'Du kannst keine Nachricht an Dich selbst senden.';
}
if ($art == 1 && ($user['user_mail'] == '' || $config['mail_func'] == 0)) {
$err_mess .= ($err_mess == '' ? '' : '<br />') . 'Ein Versand per E-Mail ist leider nicht möglich.';
}
$err_mess .= ($err_mess == '' ? '' : '<br />') . check_string($topic, 1);
if (strlen($text) < 3) {
$err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu kurz.';
}
if (strlen($text) > $config['max_pm_len']) {
$err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu lang.';
}
if ($user['pm_count'] == $config['max_pm_count']) {
$P = globalPermissions($user['groupids']);
if ($P[19] == 0) {
$err_mess .= ($err_mess == '' ? '' : '<br />') . 'Die PMbox des Empfängers ist leider voll.';
db_query("UPDATE " . $pref . "user SET\n\t\t\t\t\t pm_overflow='1'\n\t\t\t\t\t WHERE user_id='{$user['user_id']}'");
}
}
}
if ($err_mess != '') {
<?php
/*
* index.php
* general page
*
*/
ini_set('display_errors', 1);
error_reporting(E_ALL ^ E_NOTICE);
session_start();
require 'subs.php';
require 'conf.inc.php';
require "lib/dblayer.php";
require_once 'vendor/autoload.php';
// Twig инициализация
$loader = new Twig_Loader_Filesystem('templates');
// Twig папка с шаблонами
$twig = new Twig_Environment($loader, array('cache' => ''));
// Twig no cache
$stage = isset($_REQUEST['stage']) ? check_string($_REQUEST['stage'], 'string') : null;
// Стадия
if (isset($_SESSION['valid']) and $_SESSION['valid'] == true) {
// -- vars -- Установка, проверка переменных и введённых данных
$admin_fio = $_SESSION['admin_fio'];
// -- end vars
// --------- НАЧАЛО ------------------------------------ //
echo $twig->render('base.html', array('dir' => basename(__DIR__), 'title' => 'Главная страница', 'admin_fio' => $admin_fio, 'section' => basename(__DIR__) == 'www' ? '' : basename(__DIR__), 'sections' => array('' => 'Главная', 'bills' => 'Счета', 'users' => 'Пользователи', 'supply' => 'Расходники')));
// --------- КОНЕЦ ------------------------------------- //
} else {
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/auth.php');
}
}
if (!$mb_email) {
alert('E-mail 이 넘어오지 않았습니다.');
}
if (preg_match("/[\\,]?{$mb_id}/i", $config['cf_prohibit_id'])) {
alert("\\'{$mb_id}\\' 은(는) 예약어로 사용하실 수 없는 회원아이디입니다.");
}
if (preg_match("/[\\,]?{$mb_nick}/i", $config['cf_prohibit_id'])) {
alert("\\'{$mb_nick}\\' 은(는) 예약어로 사용하실 수 없는 별명입니다.");
}
// 이름은 한글만 가능
if (!check_string($mb_name, _G4_HANGUL_)) {
alert('이름은 공백없이 한글만 입력 가능합니다.');
}
// 별명은 한글, 영문, 숫자만 가능
if (!check_string($mb_nick, _G4_HANGUL_ + _G4_ALPHABETIC_ + _G4_NUMERIC_)) {
alert('별명은 공백없이 한글, 영문, 숫자만 입력 가능합니다.');
}
if ($w == '') {
if (strtolower($mb_id) == strtolower($mb_recommend)) {
alert('본인을 추천할 수 없습니다.');
}
$sql = " select count(*) as cnt from {$g4['member_table']} where mb_nick = '{$mb_nick}' ";
$row = sql_fetch($sql);
if ($row['cnt']) {
alert("\\'{$mb_nick}\\' 은(는) 이미 다른분이 사용중인 별명이므로 사용이 불가합니다.");
}
$sql = " select count(*) as cnt from {$g4['member_table']} where mb_email = '{$mb_email}' ";
$row = sql_fetch($sql);
if ($row['cnt']) {
alert("\\'{$mb_email}\\' 은(는) 이미 다른분이 사용중인 E-mail이므로 사용이 불가합니다.");
$new['user_id'] = $post['user_id'];
$new['guest_name'] = $post['guest_name'];
$new['text'] = $post['post_text'];
$new['topic'] = $thread['thread_topic'];
$data['boardtable'] = editForm($new, $boardid, $threadid, $postid, $config['mail_func'], $config['smilies'], 1);
} else {
$new['user_id'] = $post['user_id'];
$data['boardtable'] = editForm($new, $boardid, $threadid, $postid, $config['mail_func'], $config['smilies'], $new['code']);
}
} else {
// check entrys -----------------------
$err_mess = '';
if ($post['user_id'] == 0) {
$err_mess = check_string($new['autor'], 0);
}
$err_mess = check_string($new['topic'], 1);
if (strlen($text) < $config['min_post_len']) {
$err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu kurz.';
}
if (strlen($text) > $config['max_post_len']) {
$err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu lang.';
}
if ($err_mess != '') {
$mess = '<form action="edit.php" method="post" name="sendback">
' . $err_mess . '
<input type="hidden" name="boardid" value="' . $boardid . '" />
<input type="hidden" name="threadid" value="' . $threadid . '" />
<input type="hidden" name="postid" value="' . $postid . '" />
<input type="hidden" name="new[page]" value="' . $page . '" />
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="back" value="1" />';
$create_dir = "upload/training_doc/" . $registration_id;
if (!file_exists($create_dir)) {
mkdir($create_dir, 0777);
}
$area_of_interest = $_POST['area_of_interest'];
if ($area_of_interest == "") {
$error_msg .= "<li>Please Select a category</li>";
}
$description = $_POST['description'];
if ($description == "") {
$error_msg .= "<li>Enter Some Description</li>";
} else {
$description = $_REQUEST['description'];
}
$description = ereg_replace("\n", "<br/>", $_POST['description']);
$title = check_string($_POST['title']);
if ($title == 1) {
$error_msg .= "<li>Enter Title</li>";
} else {
$title = $_REQUEST['title'];
}
$file_name = $_FILES['doc']['name'];
$file_temp = $_FILES['doc']['tmp_name'];
$file_type = $_FILES['doc']['type'];
$file_size = $_FILES['doc']['size'];
if ($_FILES['doc']['name'] != "") {
$doc = uploadFile($file_name, $file_temp, $file_type, $file_size, "training_doc");
if (preg_match("<li>", $upload_cv)) {
$error_msg .= $upload_cv;
}
} else {
<li>current lang: <?php
_pass($ESPCONFIG['lang']);
?>
</li>
<li>available langs: <?php
_pass(implode(', ', esp_getlocales()));
?>
<br />
(<?php
_pass(implode(', ', array_keys(esp_getlocale_map())));
?>
)
</li>
<li>GNU Gettext test: <?php
esp_setlocale('en_US');
check_string(_('%%%% Gettext Test Failed'), 'Passed');
?>
</li>
<li>Catalog Open Test: <?php
$ret = fopen($ESPCONFIG['locale_path'] . '/en_US/LC_MESSAGES/messages.mo', 'r');
check_bool($ret !== false, true);
fclose($ret);
?>
</li>
</ul></td></tr>
<tr><th>PHP Session Test</th></tr>
<tr><td><ul>
<li>session.save_path: <?php
if (stristr(PHP_OS, 'win') && substr(ini_get('session.save_path'), 0, 1) == '/') {
_fail(ini_get('session.save_path'));
