Esempio n. 1
0
include_once 'classes/config.php';
include_once 'classes/sessions.php';
// load required javascripts used in main_1.htm
$ahah = 1;
$tag_cloud = make_tag_cloud('audios');
$tag_cloud_block = $tag_cloud[1];
$channel = $_GET['cid'];
$channel = mysql_real_escape_string($channel);
$limit = $config['see_more_limits'];
//$config['search_page_limits'];
$codes = $_GET['code'];
$sql1 = "SELECT * FROM genre WHERE has_audio = 'yes' AND channel_name = '{$channel}'";
$query1 = @mysql_query($sql1);
if (@mysql_num_rows($query1) == 0) {
    @mysql_close();
    error_redirect(121);
}
// get all genre that has an audio file, we only show genre with content
$all_categories = array();
$sql = "SELECT * FROM genre WHERE has_audio = 'yes' order by channel_name";
$query = @mysql_query($sql);
while ($result = @mysql_fetch_array($query)) {
    $channel_name = $result['channel_name'];
    $channel_name = mysql_real_escape_string($channel_name);
    $sql0 = "SELECT * FROM audios WHERE channel = '{$channel_name}' AND approved = 'yes' AND public_private = 'public' ORDER BY indexer DESC";
    $query0 = @mysql_query($sql0);
    $count_audios = mysql_num_rows($query0);
    $audio_count = array('audio_count' => $count_audios);
    $new_array = @array_merge($result, $audio_count);
    $all_categories[] = $new_array;
}
Esempio n. 2
0
    @mysql_close();
    error_redirect(123);
    //"You are already a member OR have already selected to join this group"
    die;
}
//else proceed
//check if group is privatei.e if admin approval is needed
$sql1 = "SELECT * FROM group_profile WHERE indexer = {$group_id} AND public_private = 'private'";
$query1 = @mysql_query($sql1);
$approved = 'no';
if (@mysql_num_rows($query1) == 0) {
    $approved = 'yes';
}
//add this member into group membership as group admin
$sql = "INSERT into group_membership (member_id, group_admin, group_id, today_date, member_username, approved)\r\n        \t\tVALUES ('{$user_id}', 'no', {$group_id}, '{$todays_date}', '{$user_name}', '{$approved}')";
@mysql_query($sql);
@mysql_close();
if (@mysql_num_rows($query1) != 0) {
    @mysql_close();
    error_redirect(122);
    //"This groups requires admin approval to join. Your application has been sent out"
    die;
} else {
    @mysql_close();
    error_redirect(120);
    //"Thank you, you have now been added to this group"
    die;
}
?>
Esempio n. 3
0
        $owner_details = mysql_fetch_array($addfav_query);
        $owner_id = $owner_details['user_id'];
        //check if its not in my fav already
        $add_audio_id = mysql_real_escape_string($add_audio_id);
        $user_id = mysql_real_escape_string($user_id);
        $addfav_sql = "SELECT * FROM audio_favorites WHERE audio_id = {$add_audio_id} and user_id = {$user_id}";
        $addfav_query = @mysql_query($addfav_sql);
        $addfav_count = @mysql_num_rows($addfav_query);
        //procede with adding and redirect
        if ($addfav_count == 0) {
            $addfav_sql = "INSERT INTO audio_favorites (user_id, audio_id, owner_id) VALUES ({$user_id}, {$add_audio_id}, {$owner_id})";
            $addfav_query = @mysql_query($addfav_sql);
            @mysql_close();
            error_redirect(108);
            //"The audio has now been added to your favorites"
        } else {
            @mysql_close();
            error_redirect(109);
            //"The audio is already in your favorites"
        }
    }
} elseif ($add_audio_id == "") {
    error_redirect(107);
    //"An error has occured. the audio could not be added"
} elseif ($add_vid_id == "") {
    error_redirect(107);
    //"An error has occured. the video could not be added"
}
?>
Esempio n. 4
0
    $count = @mysql_num_rows($query);
    if ($count != 0) {
        $sql = "SELECT * FROM group_membership WHERE member_id = {$user_id} AND group_id = {$group_id} AND approved = 'yes'";
        $count = @mysql_num_rows($query);
        if ($count == 0) {
            //error_redirect(127);//"This group is marked as private, only members can view it"
        }
    }
}
//check if group is public or private (for visitors browsing)
if ($user_id == "") {
    $sql = "SELECT * FROM group_profile WHERE indexer = {$group_id} AND public_private = 'private'";
    $query = @mysql_query($sql);
    $count = @mysql_num_rows($query);
    if ($count != 0) {
        error_redirect(127);
        //"This group is marked as private, only members can view it"
    }
}
if ($action == "") {
    $mygroups = array();
    //get each groups details
    $sql1 = "SELECT * FROM group_profile WHERE indexer = {$group_id}";
    $query1 = @mysql_query($sql1);
    $result1 = @mysql_fetch_array($query1);
    $group_name = $result1['group_name'];
    $page_title = $group_name;
    //count the number of videos the group has
    $sql2 = "SELECT * FROM group_videos WHERE group_id = {$group_id} AND video_status='active'";
    $query2 = mysql_query($sql2);
    $count_group_videos = mysql_num_rows($query2);
Esempio n. 5
0
    }
} elseif (count($_POST) > 0 && $_POST['action'] == 'recover') {
    $email = @$_POST['email'];
    $password = @$_POST['password'];
    $password2 = @$_POST['password2'];
    function emailU($v)
    {
        global $email;
        return $v['email'] == $email;
    }
    if (empty($USER) && !empty($email) && !empty($password) && !empty($password2) && $password == $password2 && count(array_filter($USERS, emailU)) == 1) {
        $recovers = recoversImport($fileRecoversBase);
        $recoverId = uniqid();
        $recover = array('email' => $email, 'password' => $password);
        $recovers[$recoverId] = $recover;
        recoversExport($fileRecoversBase, $recovers);
        $mailTo = sprintf('<%s>', $email);
        $mailSubject = sprintf('Password recover.');
        $mailMessage = sprintf('<a href="//greece/recover/%s">recover</a>', $recoverId);
        $mailHeaders = 'From: webmaster@greece' . "\r\n" . 'Reply-To: webmaster@greece' . "\r\n";
        mail($mailTo, $mailSubject, $mailMessage, $mailHeaders);
        header("HTTP/1.1 302 Redirect");
        header(sprintf('Location: %s', $url));
    } else {
        error_redirect();
    }
} else {
    error_redirect();
}
usersExport($fileUsersBase, $USERS);
session_write_close();
Esempio n. 6
0
                $mspr = MSPR::get($user);
                $name = $user->getFirstname() . " " . $user->getLastname();
                $page_title = $name . "'s MSPR page";
                $url = ENTRADA_URL . "/admin/users/manage/students?section=mspr&id=" . $user_id;
                if ($mspr->saveMSPRFiles()) {
                    success_redirect($url, $page_title, "<p>Report successfully generated.</p>");
                } else {
                    error_redirect($url, $page_title, "<p>Error generating report for " . $name . ".</p>");
                }
                break;
            case "group_mode":
                $timestamp = time();
                foreach ($user_ids as $user_id) {
                    $user = User::get($user_id);
                    $mspr = MSPR::get($user);
                    $name = $user->getFirstname() . " " . $user->getLastname();
                    if (!$mspr->saveMSPRFiles($timestamp)) {
                        add_error("Error generating report for {$name}.");
                    }
                }
                $page_title = "Class of " . $year . " MSPR page";
                $url = ENTRADA_URL . "/admin/mspr?mode=year&year=" . $year;
                if (!has_error()) {
                    success_redirect($url, $page_title, "<p>Reports successfully generated.</p>");
                } else {
                    error_redirect($url, $page_title, "");
                }
                break;
        }
    }
}
Esempio n. 7
0
<?php

include '../lib/common.inc.php';
$id = $_REQUEST['question_id'];
if (!($question = Question::get("SELECT **, (SELECT count(*) FROM answers WHERE question_id=questions.id) AS answer_count FROM _T_ WHERE id = %s", $id))) {
    error_redirect("/", "Извините, этот вопрос уже удален.");
}
echo render_partial('question.haml', array('question' => $question));
Esempio n. 8
0
    }
}
//delete video from group video
if ($action == "del_vid") {
    //SECURITY CHECK\\ -- check if group_id and video_id taly before deleting
    $sql = "SELECT * FROM group_videos WHERE video_id = {$action_id} AND group_id ={$group_id}";
    $query = @mysql_query($sql);
    $count = @mysql_num_rows($query);
    if ($count != 0) {
        $sql1 = "DELETE FROM group_videos WHERE video_id = {$action_id} AND group_id ={$group_id}";
        mysql_query($sql1);
        @mysql_close();
        error_redirect(125);
        //"Your request has been completed"
    } else {
        error_redirect(126);
        //"An error has occurred"    <> trying to hack system by deleting a video that does not belong to user
    }
}
if ($action == "private") {
    $sql1 = "UPDATE group_profile SET public_private = 'private' WHERE indexer ={$group_id}";
    mysql_query($sql1);
    @mysql_close();
    echo '<p align="center"><font color="#009933" face="Arial"><b>' . $config["request_completed"] . '</b></font>';
}
if ($action == "public") {
    $sql1 = "UPDATE group_profile SET public_private = 'public' WHERE indexer ={$group_id}";
    mysql_query($sql1);
    @mysql_close();
    echo '<p align="center"><font color="#009933" face="Arial"><b>' . $config["request_completed"] . '</b></font>';
}
Esempio n. 9
0
<?php

include '../lib/common.inc.php';
$test_id = $_REQUEST['test_id'];
if (!Test::get("SELECT id FROM tests WHERE id=?", $test_id)) {
    error_redirect('', 'Такого теста больше нет');
}
foreach ($_REQUEST['question_order'] as $qid => $order) {
    dbkit_execute("UPDATE questions SET `order`=? WHERE test_id=? AND id=?", $order, $test_id, $qid);
}
Esempio n. 10
0
            $is_closed = $mspr->isClosed();
            $rev = $mspr->getMSPRRevisions("html");
            if ($is_closed) {
                if (!empty($rev)) {
                    if (isset($_POST['action']) && $_POST['action'] == 'save') {
                        if (isset($_POST['edit-html']) && ($edit_html = trim($_POST['edit-html']))) {
                            $ts = time();
                            $pdf = $mspr->generatePDF($edit_html);
                            $wrote_html = $mspr->saveMSPRFile("html", $edit_html, $ts);
                            $wrote_pdf = $mspr->saveMSPRFile("pdf", $pdf, $ts);
                            if ($wrote_html && $wrote_pdf) {
                                $mspr->setGeneratedTimestamp($ts);
                                success_redirect($success_url, $success_title, "Successfully edited HTML and generated PDF.");
                            }
                        } else {
                            error_redirect(ENTRADA_URL . "/admin/users/manage/students?section=mspr-edit&id=" . $PROXY_ID . "&from=" . $from . $rev_append, "Edit MSPR", "No content provided. Cannot create empty MSPR.");
                        }
                    } else {
                        if ($REVISION) {
                            $html_file = $mspr->getMSPRFile("html", $REVISION);
                        } else {
                            $html_file = $mspr->getMSPRFile("html");
                        }
                        load_rte("mspr");
                        ?>
						<h1>Edit MSPR: <?php 
                        echo $user->getFullName();
                        ?>
</h1>
						<form method="post">
						<input type="hidden" name="action" value="save" />