function do_cryptdb_sql($cdbh, $q) { global $last_sth, $last_sql, $reccount, $out_message, $SQLq, $SHOW_T; $SQLq = $q; if (!do_multi_sql($q)) { $out_message = "Error: " . $cdbh->error; } else { if ($last_sth && $last_sql) { $SQLq = $last_sql; if (preg_match("/^select|show|explain|desc/i", $last_sql)) { if ($q != $last_sql) { $out_message = "Results of the last select displayed:"; } display_select($last_sth, $last_sql); } else { $reccount = mysql_affected_rows($cryptdbh); $out_message = "Done."; if (preg_match("/^insert|replace/i", $last_sql)) { $out_message .= " Last inserted id=" . get_identity(); } if (preg_match("/^drop|truncate/i", $last_sql)) { do_sql($SHOW_T); } } } } }
function weekly_planned_totals($athlete_id, $end_epoch) { // Returns html output of weekly totals of training which is planned // but not yet done. // assuming date has been sent in epoch seconds format // need to calculate 7 days back so calc a week in seconds: // $end_epoch is probably Monday, we want Sunday so subtract 30mins to make sure $end_epoch = $end_epoch - 30 * 60; // and a week of seconds will take us back from 23:30 Sunday to 23:30 Sunday // previously so take off an extra few hours hour $weeksecs = 60 * 60 * 24 * 7 - 360 * 60; $weekagoepoch = $end_epoch - $weeksecs; $weekstart = date("Y/n/j", $weekagoepoch); $weekend = date("Y/n/j", $end_epoch); $totals = array(); $results = do_sql("SELECT sum(elapsed_time) FROM log \n WHERE athlete_id={$athlete_id} AND exercise_type!='REST' \n AND parent_session = 0 \n AND start_date BETWEEN '{$weekstart}' AND '{$weekend}' \n AND entry_type IN \n ('plan', 'planned - not done', 'event - tentative', 'event - to enter', 'event - entered', 'event - enter by' ) \n "); $row = pg_fetch_array($results, null, PGSQL_ASSOC); #$week_total = $row['sum']; $totals['Total To Do'] = $row['sum']; $results = do_sql("SELECT exercise_type, sum(elapsed_time) FROM log \n WHERE athlete_id={$athlete_id} AND exercise_type!='REST' \n AND parent_session = 0 \n AND entry_type IN \n ('plan', 'planned - not done', 'event - tentative', 'event - to enter', 'event - entered', 'event - enter by' ) \n AND start_date BETWEEN '{$weekstart}' AND '{$weekend}' \n GROUP BY exercise_type "); while ($row = pg_fetch_array($results, null, PGSQL_ASSOC)) { # $row now holds 1 exercise type $ex_type = $row['exercise_type']; $total_time = $row['sum']; #$totals = "$totals <nobr> <b>$ex_type:</b> $total_time</nobr>"; $totals[$ex_type] = $total_time; } #$totals = "<b>Total To Do:</b>\n $week_total <br>\n $totals \n"; return $totals; }
function get_column_names() { # Get all log Column names $query = "SELECT * from log\n WHERE session_id = 1 "; $result = do_sql($query); $details = pg_fetch_array($result, null, PGSQL_ASSOC); $columns = array_keys($details); return $columns; }
function build_to_delete($id) { $to_delete = array(); $query = "SELECT session_id FROM log WHERE parent_session = {$id} "; $result = do_sql($query) or die('Query failed: ' . pg_last_error()); #if ( pg_num_rows($result) == 0 ) { return $to_delete ; } ; while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) { array_push($to_delete, $row['session_id']); // call self to cascade until all splits of splits are found $returned_array = build_to_delete($row['session_id']); foreach ($returned_array as $id) { array_push($to_delete, $id); } } return $to_delete; }
function log_logout($athlete_id) { // writes logouts to a log file which can be viewed by users $logfile = "/var/log/tlog/logins.log"; $results = do_sql("SELECT name,surname,country FROM athlete WHERE athlete_id={$athlete_id}"); while ($row = pg_fetch_array($results)) { $name = $row['name']; if ($row['surname'] . "X" != "X") { $surname = $row['surname']; } if ($row['country'] . "X" != "X") { $country = " from " . $row['country']; } } $loghandle = fopen($logfile, "a") or die("cannot open {$logfile}"); $date = date("Y/m/d H:i"); $line = "LOGGED OUT {$date} - {$name} {$surname} ({$athlete_id}) {$country}\n"; fwrite($loghandle, $line); fclose($loghandle); }
<?php session_start(); $_SESSION['athlete_id']; $_SESSION['encpass']; $_SESSION['login']; $login = $_POST["login"]; $password = $_POST["password"]; include_once "logit.php"; include_once "sql_functions.php"; logit("Login {$login} start"); $query = "SELECT athlete_id, encpass FROM athlete WHERE login = '******'"; #$result = pg_query($query) or die('Query failed: ' . pg_last_error()); $result = do_sql($query); $row = pg_fetch_array($result, null, PGSQL_ASSOC); $athlete_id = $row['athlete_id']; $encpass = $row['encpass']; # Check whether any rows were retrieved, ie. whether the login exists $num_rows = pg_num_rows($result); if ($num_rows == 0) { header("Location:index.php?message=Login Incorrect"); logit("Login {$login} incorrect"); exit("Incorrect Login"); } elseif ($num_rows > 1) { logit("Login {$login} : multiple occurences of login found "); header("Location:index.php?message=Login problem - multiple occurrences detected."); exit("Login problem - multiple occurrences detected.'"); } # create sha1 encrypted version of entered password $received_encpass = sha1($password); # Compare this with the encrypted password in the db.
if ($_POST['bid'] != "" && $_SESSION['id'] != '') { // deleting a blog $send = ''; $res = check_vote_on_post($_POST['bid'], $mysqli); $where['votes_blog_id'] = $_POST['bid']; $where['votes_people_id'] = $_SESSION['id']; if ($res) { do_sql('votes', $send, 'delete', $mysqli, $where); } else { do_sql('votes', $where, 'insert', $mysqli, $where['votes_blog_id'] . ' AND ' . $where['votes_people_id']); } } break; case 'send_response': if ($_POST['bid'] != "" && $_SESSION['id'] != '' && $_POST['sendResponse'] != "") { // deleting a blog $send['response_blog_id'] = $_POST['bid']; $send['response_people_id'] = $_SESSION['id']; $send['response_text'] = htmlentities($_POST['sendResponse']); do_sql('response', $send, 'insert', $mysqli, $send); } break; case 'approvePeople': if ($_POST['pid'] != "") { $where['people_id'] = $_POST['pid']; $send['people_addedBy'] = '0'; echo do_sql('people', $send, 'update', $mysqli, $where); } break; } echo 1;
*/ if ($_POST['cryptdb_describe_table']) { $q = "describe " . $DB['db'] . "." . $_POST['cryptdb_describe_table']; do_sql($q); } } else { if (isset($_REQUEST['refresh'])) { check_xss(); do_sql('show databases'); } elseif (preg_match('/^show\\s+(?:databases|status|variables|process)/i', $SQLq)) { check_xss(); do_sql($SQLq); } else { $err_msg = "Select Database first"; if (!$SQLq) { do_sql("show databases"); } } } } } $time_all = ceil((microtime_float() - $time_start) * 10000) / 10000; print_screen(); } } else { $_SESSION['logoff'] = false; print_cfg(); } function print_header() { global $err_msg, $VERSION, $DB, $CRYPTDB, $dbh, $self, $is_sht, $xurl, $SHOW_T;
function get_session_owner($session_id) { // Gets the id of the athlete who owns this session $query = "SELECT athlete_id FROM log WHERE session_id = {$session_id} "; $result = do_sql($query) or die('Query failed: ' . pg_last_error()); $row = pg_fetch_array($result, null, PGSQL_ASSOC); return $row['athlete_id']; // END OF FUNCTION }
function do_sht() { global $SHOW_T; $cb = $_REQUEST['cb']; if (!is_array($cb)) { $cb = array(); } $sql = ''; switch ($_REQUEST['dosht']) { case 'exp': $_REQUEST['t'] = join(",", $cb); print_export(); exit; case 'drop': $sq = 'DROP TABLE'; break; case 'trunc': $sq = 'TRUNCATE TABLE'; break; case 'opt': $sq = 'OPTIMIZE TABLE'; break; } if ($sq) { foreach ($cb as $v) { $sql .= $sq . " {$v};\n"; } } if ($sql) { do_sql($sql); } do_sql($SHOW_T); }
function update_log_row($athlete_id, $details, $post_data) { $columns = array(); $columns = validate_form_data($details, $post_data); $session_id = $columns['session_id']; // Find out who owns this session and check that this user // has permission to edit the owner's log $session_owner = get_session_owner($session_id); if ($athlete_id == $session_owner) { } elseif ($athlete_id != $session_owner && check_share_permission($session_owner, "edit log {$athlete_id}")) { $athlete_id = $session_owner; } else { echo "You do not have permission to edit this athlete's log<br>"; return false; } # Build insert query $query = "UPDATE log SET "; #foreach ($details as $column){ foreach (array_keys($columns) as $column) { $entry = $columns[$column]; $query = "{$query} {$column} = '{$entry}' ,"; } # remove final comma from query $query = substr($query, 0, strlen($query) - 1); $query = "{$query} WHERE athlete_id = {$athlete_id} AND session_id = {$session_id} "; #echo "DEBUG Entry update query:<br>$query"; # Update session using build UPDATE query $result = do_sql($query) or die('Query failed: ' . pg_last_error()); ## END OF FUNCTION }
function jump($action) { switch ($action) { case "go": do_sql($_REQUEST['SQLfield']); // don't need stripslashes here? break; } return; }
function display_menubar() { if (!isset($_SESSION['athlete_id'])) { echo <<<ENDHTML \t<H2>Your session has expired</H2> \t<FONT size=1>Please <a href=index.php >return to the <u>login page</u> and log in again.<a></FONT><br> ENDHTML; exit; } $login = $_SESSION['login']; $athlete_id = $_SESSION['athlete_id']; require_once "access_check.php"; $filename = basename(__FILE__); #access_check( $filename ) ; // Connect to DB include_once "sql_functions.php"; #$dbconn = pg_connect("host=localhost dbname=training_diary user=athlete password=ironman") # or die('Could not connect: ' . pg_last_error()); $query = "SELECT name from athlete WHERE athlete_id = {$athlete_id}"; #$result = pg_query($query) or die('Query failed: ' . pg_last_error()); $result = do_sql($query); $row = pg_fetch_array($result, null, PGSQL_ASSOC); $firstname = $row['name']; $query = "SELECT function FROM user_access WHERE athlete_id = '{$athlete_id}'"; $result = do_sql($query) or die('Query failed: ' . pg_last_error()); $allowed = pg_fetch_all_columns($result, 0); echo <<<HTMLEND <TABLE> <TR><TD align=right class=fitnessmad > <b><font size=3 color=#885555 > <i> FitnessMad.Net </i> </FONT><br/> <font color=#AA5555 > Training Log </FONT> </b> </TD><TD class=mainmenu align=right valign=bottom > You are logged in {$firstname}<br> </TD> </TR> </TABLE> <HR> HTMLEND; echo <<<ENDHTML <TABLE><TR><TD> <UL class="nav"> ENDHTML; // Assume we want to jump to today's date, won't do anything if // this is not in the date range selected. $jumpto = "anchorD" . date("Ymd"); // View My Log if (in_array("view_log.php", $allowed)) { echo <<<HTMLEND <LI class=menuheader ><a href="view_log.php#{$jumpto}"> View My Log</a> </LI> HTMLEND; } // Add Log Entry $date = date("d/m/Y"); if (in_array("add_log_entry.php", $allowed)) { echo <<<HTMLEND <LI class=menuheader > <!-- <a href="javascript:launchRemote('add_log_entry.php#{$jumpto}')" > --> <a href="javascript:launchRemote('add_log_entry.php?start_date={$date}')" > Add Log entry</a> </LI> HTMLEND; } // Start dropdown menu for Configuration options echo <<<CONFIGMENU <li class=menuheader ><a >Configuration</a> <ul> CONFIGMENU; if (in_array("configure_view.php", $allowed)) { echo <<<CONFIGMENU \t<li><a href="configure_view.php"> \t\tConfigure View</a></li> CONFIGMENU; } if (in_array("configure_log_entry.php", $allowed)) { echo <<<CONFIGMENU \t<li><a href="configure_log_entry.php"> \t\tConfigure Log Entry Fields</a></li> CONFIGMENU; } if (in_array("configure_exercise_types.php", $allowed)) { echo <<<CONFIGMENU \t<li><a href="configure_exercise_types.php"> \t\tConfigure Exercise Types</a></li> \t</ul> \t</li> CONFIGMENU; } //User admin Menu echo <<<USERMENU <li class=menuheader ><a>User</a> <ul> USERMENU; if (in_array("change_password.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="change_password.php" >Change Password</a> \t</LI> HTMLEND; } if (in_array("newuser.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="newuser.php" > Add New User</a> \t</LI> HTMLEND; } if (in_array("configure_share_permissions.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="configure_share_permissions.php" > \tConfigure Shared Access</a> \t</LI> HTMLEND; } if (in_array("configure_security_access.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="configure_security_access.php" > Configure User Access</a> \t</LI> HTMLEND; } if (in_array("access_other_user.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="access_other_user.php"> View Other Athlete's Log</a> \t</LI> HTMLEND; } if (in_array("see_who_is_online.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="see_who_is_online.php"> Currently Connected Users</a> \t</LI> HTMLEND; } if (in_array("view_login_log.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="view_login_log.php"> View log of recent logins</a> \t</LI> HTMLEND; } if (in_array("logout.php", $allowed)) { echo <<<HTMLEND \t<LI><a href="logout.php" > Logout</a> \t</LI> HTMLEND; } echo <<<ENDUSER </UL> </LI> ENDUSER; if (in_array("logout.php", $allowed)) { echo <<<HTMLEND \t<LI class=menuheader ><a href="logout.php"> \tLogout</a> \t</LI> HTMLEND; } echo <<<HTMLEND \t<LI class=menuheader ><a href="loggedin.php" > \tHelp</a> \t</LI> HTMLEND; echo <<<HTMLEND </LI> </UL> </TD></TR></TABLE> HTMLEND; //END of function display_menubar }
ENDHTML; // Cannot directly read "/var/lib/php5" because the dir is not traversable by // www-data. // There is a perl script in /usr/local/bin run by the /etc/cron.d/www which // writes a list of athlete ids which it finds in the session files every minute // to /var/log/tlog/loggedin $file = "/var/log/tlog/current_logins"; $handle = fopen($file, "r"); while ($line = fgets($handle)) { $ldata = explode(",", $line); // Athlete_id is the second field in the line: $athids[] = $ldata[1]; } fclose($handle); foreach ($athids as $id) { $results = do_sql("SELECT name,surname,country FROM athlete WHERE athlete_id={$id}"); while ($row = pg_fetch_array($results)) { $name = $row['name']; if ($row['surname'] . "X" != "X") { $surname = $row['surname']; } if ($row['country'] . "X" != "X") { $country = " from " . $row['country']; } echo "<b>{$name} {$surname}</b>{$country} is logged in.<br>\n"; } } echo <<<ENDHTML </BODY> </HTML> ENDHTML
$send['app_people_id'] = $_SESSION['id']; do_sql('approval', $send, 'insert', $mysqli); // add_score $sql = "UPDATE position SET position_approvalScore=position_approvalScore+" . $_SESSION['score'] . " WHERE position_id='" . $pos_id . "';"; if ($mysqli->query($sql) === false) { trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $mysqli->error, E_USER_ERROR); } else { $affected_rows = $mysqli->affected_rows; } echo '<p>score added'; } // update top role // fetching user id $getUID = $mysqli->prepare('SELECT position_people_id FROM position WHERE position_id=? ') or die('Couldn\'t check the userid'); $getUID->bind_param('s', $pos_id); $getUID->execute(); $getUID->store_result(); $getUID->bind_result($user_id); while ($getUID->fetch()) { $top_role = get_top_role($user_id, $mysqli); } echo '<p>got top_role : ' . $top_role . " and user id : " . $user_id; // now updating table with top_role $upd['people_id'] = $user_id; $upd['people_topCode'] = $top_role; do_sql('people', $upd, 'update', $mysqli); echo '<p>update added'; } break; } echo 1;
<?php session_start(); include 'db.php'; include 'modules.php'; $id = $mysqli->real_escape_string($_GET['id']); $getResponse = $mysqli->prepare('SELECT ppl.people_id,res.response_text, ppl.people_name, res.response_lastUpdated FROM response res INNER JOIN people ppl ON res.response_people_id = ppl.people_id WHERE res.response_blog_id=?') or die('Couldn\'t check the responses'); $getResponse->bind_param('s', $id); $getResponse->execute(); $getResponse->store_result(); $getResponse->bind_result($pid, $text, $pname, $time); while ($getResponse->fetch()) { $res .= ' <h4><a href="profile.php?id=' . $pid . '" title="Visit Profile">' . $pname . '</a></h4> <small> ' . $time . ' </small> <div class="well"> ' . $text . ' </div> '; } // updating seen-state $send = ''; $where = ''; $send['response_seen'] = 1; $where['response_blog_id'] = $id; do_sql('response', $send, 'update', $mysqli, $where); echo $res;
function get_subsession($level, $parent_id, $details_to_view, $split, $extra) { # get the subsession info for this parent_id $athlete_id = $GLOBALS['athlete_id']; $level++; $numcols = count($details_to_view); # put children rows into sub_rows array $sub_rows = do_sql("SELECT * from log WHERE athlete_id = '{$athlete_id}' and parent_session='{$parent_id}' ORDER BY start_date, start_time, stage "); #this session is a subsession so hide it $num = $numcols + 2; echo "<TR><TD class=firstcolumn > </TD>\n\t<TD class=subtable colspan={$num} align=right >\n\t<DIV ID='el{$parent_id}' CLASS='hiddentext' >\n"; # Print Column headers and open sub-table $details_to_view = get_details_to_view($athlete_id); display_column_headers($details_to_view); # then print each subsession and check whether it has subsessions while ($sub_row = pg_fetch_array($sub_rows, null, PGSQL_ASSOC)) { # sub_row now holds 1 subsession # check whether this row has any subsessions $session_id = $sub_row['session_id']; $subtest = do_sql("SELECT * from log WHERE athlete_id = '{$athlete_id}' and parent_session='{$session_id}' "); $numsubs = pg_num_rows($subtest); #echo "NUMsubs: $numsubs <br> \n"; // Start the row echo "\n<TR><TD class=firstcolumn></TD>\n"; if ($numsubs > 0) { if ($split == $session_id) { print_row(1, $level, $sub_row, $details_to_view, $athlete_id, $split); #display_row_editor($session_id, $athlete_id, $extra ); } else { print_row(1, $level, $sub_row, $details_to_view, $athlete_id, 0); #display_row_editor($session_id, $athlete_id, $extra ); } # call self to get subs of this sub get_subsession($level, $sub_row['session_id'], $details_to_view, $split, $extra); } else { if ($split == $session_id) { print_row(0, $level, $sub_row, $details_to_view, $athlete_id, $split); #display_row_editor($session_id, $athlete_id, $extra ); } else { print_row(0, $level, $sub_row, $details_to_view, $athlete_id, 0); #display_row_editor($session_id, $athlete_id, $extra ); } } } echo "\n</TABLE>\n\t<font size=2 > <br> </font>\n\t</DIV>\n\n"; }
function session_edit_form($session_id, $athlete_id, $error_message) { # Put columns we never want to show in this array: $do_not_show = array("athlete_id", "session_id", "parent_session"); $columns = get_column_names(); # Get an array of fields user does want to display $display_details = array(); $query = "SELECT detail from athlete_log_preferences\n where athlete_id={$athlete_id} "; # ORDER BY display_sequence"; $result = do_sql($query) or die('Query failed: ' . pg_last_error()); // pg_fetch_array returns the next whole row as an array at each iteration while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) { foreach ($row as $prev_detail) { array_push($display_details, $prev_detail); } } echo "{$error_message} \n"; # Start Form and Table echo "<DIV id=mainlogentry > <a name=log_entry_form></a>"; echo "<FORM action=update_log_entry.php method=post >\n"; echo "<input type=hidden name='session_id' value={$session_id}>\n"; echo "\n\n<TABLE class=mainlogentry ><TR><TD>\n\n"; // Get Current row data $query = "SELECT * from log\n where session_id={$session_id} "; $result = do_sql($query) or die('Query failed: ' . pg_last_error()); // pg_fetch_array returns the next whole row as an array at each iteration // there really should only be 1 row returned here. // Check for date fields because we need to convert them $date_fields = array(); $num = pg_num_fields($result); for ($fieldnum = 0; $fieldnum < $num; $fieldnum++) { if (pg_field_type($result, $fieldnum) == 'date') { // put names of all date fields into $date_fields $fieldname = pg_field_name($result, $fieldnum); array_push($date_fields, $fieldname); } } // Now stick the info for the row the user wants to edit into an array $session_details = pg_fetch_array($result, null, PGSQL_ASSOC); // Check for date fields and convert them // Get the fields names foreach (array_keys($session_details) as $field_name) { // and see if they are in the date_fields array if (in_array($field_name, $date_fields)) { // If they are then convert the date from pg format to d/m/y $session_details[$field_name] = convert_date_from_pg($session_details[$field_name]); } } // Dates are converted // // Display Entry fields // Save text/notes fields (ie data_type text or var > 50 ) in a variable to // display last $notes_fields = ""; echo "<TR>\n"; $maxnumcols = 6; $colcount = $maxnumcols; foreach ($display_details as $colname) { if (!in_array($colname, $do_not_show) && in_array($colname, $display_details)) { if ($colcount-- == 0) { echo "\n</TR>\n"; $colcount = $maxnumcols - 1; } $colinfo = get_column_info($colname); $input_type = "text"; $value = $session_details[$colname]; if (preg_match("/^var/", $colinfo['data_type'])) { // Get the var length $typearray = explode(" ", $colinfo['data_type']); $varlen = $typearray[1]; } if (preg_match("/^select/", $colinfo['data_type'])) { // We have a select list type. There should be a corresponding table // which lists the select info echo " <td align=center ><font size=1 > \n"; echo $colinfo['log_col_long_name'] . " <BR>\n"; generate_select_form($colname, $colinfo['data_type'], $value); } elseif (preg_match("/^pref/", $colinfo['data_type'])) { // We have a prefer select list type. There should be a corresponding table // which lists the prefered select info echo " <td align=center ><font size=1 > \n"; echo $colinfo['log_col_long_name'] . " <BR>\n"; generate_prefer_select_form($colname, $colinfo['data_type'], $value, $athlete_id); } elseif ($colinfo['data_type'] == "text" || $varlen >= 30) { // Set maximum field size to 80 if ($varlen <= 80) { $size = $varlen; } else { $size = 80; } $notes_fields = "{$notes_fields} <TR><TD> " . $colinfo['log_col_long_name'] . "</TD> <TD colspan=20 ><INPUT type=text name ={$colname} value='{$value}' size={$size} > </TD></TR>\n"; } else { echo " <td align=center ><font size=1 > \n"; echo $colinfo['log_col_long_name'] . " <BR>\n"; echo "<INPUT type={$input_type} name={$colname} value='{$value}' size=10>\n"; } echo "</font> </td>\n"; } } echo "</TR>\n"; echo "{$notes_fields}\n"; echo "</TABLE>"; echo "<input type=submit value='Submit entries'>"; echo "</FORM>"; echo "</DIV>"; ## END of FUNCTION }
do_sql($query, $conn); } /* izlabota ielādes kļūda XML - <RevusedReason> nebija vērtības pie parastā brāķa*/ //-------------------------------------------------------------------------------- //-------------------------------------------------------------------------------- if ((double) $versija < '1.30') { $query = "UPDATE parametrs SET vertiba='1.30' WHERE nosaukums='versija'"; do_sql($query, $conn); } /* pievienotd dinamiskā redukcija - atkarībā no baļķa diametra pirms redukcijas, tiek pielietots atbilstošs koeficents, var uzrādīt katrai sugai savas vērtības*/ //-------------------------------------------------------------------------------- //-------------------------------------------------------------------------------- if ((double) $versija < '1.31') { $query = "UPDATE parametrs SET vertiba='1.31' WHERE nosaukums='versija'"; do_sql($query, $conn); } /* pievienotd dinamiskā redukcija - atkarībā no baļķa diametra pirms redukcijas, tiek pielietots atbilstošs koeficents, var uzrādīt katrai sugai savas vērtības*/ //-------------------------------------------------------------------------------- //-------------------------------------------------------------------------------- if ((double) $versija < '1.32') { $query = "UPDATE parametrs SET vertiba='1.32' WHERE nosaukums='versija'"; do_sql($query, $conn); } /* Batch parsers pielabots - lai dzēš nevajadzīgās pavadzīmes un XML dod 0-79 MALKA*/ //-------------------------------------------------------------------------------- $query = "select vertiba from parametrs where nosaukums='versija'"; $res = mysql_query($query); if ($res = mysql_fetch_array($res)) { $versija = $res['vertiba']; } echo "<hr>Versija: {$versija} ";
<H3>Select User Training Log to View</H3> ENDHTML; // Get users who have granted this athlete access $query = " SELECT athlete_id, name, surname, login from athlete\n\twhere athlete_id IN \n\t(select athlete_id from share_permissions \n\tWHERE permission LIKE 'view % {$athlete_id}'\n \tOR \n\tpermission LIKE 'view % local' OR\n\tpermission LIKE 'view % global'\n\t)"; $result = do_sql($query) or die('Query failed: ' . pg_last_error()); $users = array(); while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) { $name = $row['name']; $surname = $row['surname']; $login = $row['login']; $id = $row['athlete_id']; $users[$id] = "{$name} {$surname} (login: {$login} )"; } // Get permissions which are granted to this user $query = "SELECT athlete_id, permission from share_permissions \n\twhere permission LIKE 'view % {$athlete_id}' OR \n\tpermission LIKE 'view % local' OR\n\tpermission LIKE 'view % global' "; $result = do_sql($query) or die('Query failed: ' . pg_last_error()); $perms = array(); while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) { preg_match_all("/\\S+/", $row['permission'], $matches); $parts = $matches[0]; $action = $parts[0]; $object = $parts[1]; $shareid = $row['athlete_id']; $shareuser = $users[$shareid]; #$perms[$shareid] = "$action $shareuser's $object" ; $perms[$shareid] = "View {$object} for {$shareuser} "; } foreach (array_keys($perms) as $shareid) { // Skip if share is for self if ($shareid == $athlete_id) { continue;
function role_update($mysqli) { include 'db-config.php'; // get the person for whom this position as meant to be $getPosName = $mysqli->prepare('SELECT position_lastUpdate,position_id,position_code,position_people_id FROM position WHERE 1') or die('Couldn\'t check the vote.'); $getPosName->execute(); $getPosName->store_result(); $getPosName->bind_result($pos_last_updates, $pos_id, $pos_code, $pos_ppl); $base = 0; while ($getPosName->fetch()) { $pos_deletion_score = get_deletion_on_position($pos_id, $mysqli); $then = strtotime($pos_last_updates); $now = time(); $diff = $now - $then; $year_diff = date('Y', $diff); $mon_diff = date('n', $diff); $day_diff = date('j', $diff); // checking if 7 days have expired since last update if ($year_diff > 1970 || $mon_diff > 1) { $day_diff = 8; } if ($day_diff > $expiry_days && is_role_active($pos_id, $mysqli) || $pos_deletion_score > $position_deletion_ceil) { // check if he is active or his deletion status is high $sql = "DELETE FROM position WHERE position_id='" . $pos_id . "'"; // delete from positions if ($mysqli->query($sql) === false) { trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $mysqli->error, E_USER_ERROR); } else { $affected_rows = $mysqli->affected_rows; } $sql = "DELETE FROM approval WHERE app_position_id='" . $pos_id . "'"; // delete from approvals if ($mysqli->query($sql) === false) { trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $mysqli->error, E_USER_ERROR); } else { $affected_rows = $mysqli->affected_rows; } } } // Updating the topCode $getPplName = $mysqli->prepare('SELECT people_id FROM people WHERE people_archive=0') or die('Couldn\'t check the ppl.'); $getPplName->execute(); $getPplName->store_result(); $getPplName->bind_result($ppl_id); while ($getPplName->fetch()) { $where['people_id'] = $ppl_id; $upd['people_topCode'] = get_top_role($ppl_id, $mysqli); do_sql('people', $upd, 'update', $mysqli, $where); } }
function do_sht() { $cb = $_REQUEST['cb']; switch ($_REQUEST['dosht']) { case 'exp': $_REQUEST['t'] = join(",", $cb); print_export(); exit; case 'drop': $sq = 'DROP TABLE'; break; case 'trunc': $sq = 'TRUNCATE TABLE'; break; case 'opt': $sq = 'OPTIMIZE TABLE'; break; } if ($sq && is_array($cb)) { foreach ($cb as $v) { $sql .= $sq . " {$v};\n"; } do_sql($sql); } do_sql('show tables'); }
/** * The following functions were hijacked from PHPMiniAdmin, * found here: http://phpminiadmin.sourceforge.net */ function do_multi_sql($insql, $fname) { $sql = ''; $ochar = ''; $is_cmt = ''; $GLOBALS['insql_done'] = 0; while ($str = get_next_chunk($insql, $fname)) { $opos = -strlen($ochar); $cur_pos = 0; $i = strlen($str); while ($i--) { if ($ochar) { list($clchar, $clpos) = get_close_char($str, $opos + strlen($ochar), $ochar); if ($clchar) { if ($ochar == '--' || $ochar == '#' || $is_cmt) { $sql .= substr($str, $cur_pos, $opos - $cur_pos); } else { $sql .= substr($str, $cur_pos, $clpos + strlen($clchar) - $cur_pos); } $cur_pos = $clpos + strlen($clchar); $ochar = ''; $opos = 0; } else { $sql .= substr($str, $cur_pos); break; } } else { list($ochar, $opos) = get_open_char($str, $cur_pos); if ($ochar == ';') { $sql .= substr($str, $cur_pos, $opos - $cur_pos + 1); if (!do_sql($sql)) { return 0; } $sql = ''; $cur_pos = $opos + strlen($ochar); $ochar = ''; $opos = 0; } else { if (!$ochar) { $sql .= substr($str, $cur_pos); break; } else { $is_cmt = 0; if ($ochar == '/*' && substr($str, $opos, 3) != '/*!') { $is_cmt = 1; } } } } } } if ($sql) { if (!do_sql($sql)) { return 0; } $sql = ''; } return 1; }