}
$db = mysql_connect($dbInfo['server'], $dbInfo['username'], $dbInfo['password']);
mysql_select_db($dbInfo['database_name'], $db);
mysql_query("SET NAMES 'utf8'", $db);
//mysql_query("SET lc_time_names = 'cs_CZ'", $db);
/**
* Ziskani vysledku z MySQL resultu primo do asociativniho pole
*
* @param reference $sql - result z mysql
* @param string $key - priradi jako klic hodnotu daneho sloupce, pokud neni, pole se cisluje [optional]
*/
function fetch_array($sql, $key = "")
{
if (!$sql) {
return false;
} else {
$c = 0;
while ($data = fetch_assoc($sql)) {
<?php
$id = intval($_SESSION['user']['id']);
$user = fetch_assoc(query("SELECT `id`, `login`, `jmeno`, `prijmeni`, `nick`, `email`, `password` FROM `uzivatel` WHERE `id`='{$id}'"));
$smarty->assign("user", $user);
if ($_POST['edit']) {
if ($_POST['email'] != '' and check_email($_POST['email'])) {
$err['info'][] = "Email má nesprávný formát.";
}
if ($err) {
$smarty->assign("err", $err);
} else {
$inp[] = "`email`='" . addslashes($_POST['email']) . "'";
if (query("UPDATE `uzivatel` SET " . implode(",", $inp) . " WHERE `id`='{$id}'")) {
go($setup['adm']['www'] . "profil/nastaveni.html?msgOk=info");
}
}
}
if ($_POST['change_pass']) {
$oldPass = sha1($id . $_POST['password_old']);
$newPass = $_POST['password'];
if ($oldPass != $user['password'] and $user['password'] != '') {
$err['pass'][] = "Špatné původní heslo.";
}
if (!$newPass) {
$err['pass'][] = "Není vyplněno heslo.";
}
if ($newPass != $_POST['password_again']) {
$err['pass'][] = "Hesla se neshodují.";
}
if (strlen($newPass) < "4") {
$user = fetch_assoc(query("SELECT `id`, `login`, `jmeno`, `prijmeni`, `email`, `uzivatelOpravneni_id`, `blokace` FROM `uzivatel_vw` WHERE `id`='{$id}'"));
$smarty->assign("user", $user);
if ($_POST['edit']) {
if (!$_POST['login']) {
$err['info'][] = "Není vyplněno přihlašovací jméno.";
}
if ($option['opravneni'][$_POST['uzivatelOpravneni_id']]['domena'] != 2) {
if (!$_POST['jmeno']) {
$err['info'][] = "Není vyplněno jméno.";
}
if (!$_POST['prijmeni']) {
$err['info'][] = "Není vyplněno příjmení.";
}
}
if ($_POST['login']) {
$db_user = fetch_assoc(query("SELECT `login` FROM `uzivatel` WHERE `login` = '{$_POST['login']}' AND `id`!='{$id}'"));
if ($db_user) {
$err['info'][] = "Uživatelské jméno - „" . $_POST['login'] . "” je již použito, zvolte jiné !";
}
}
if (!$err) {
$inp[] = "`login`='" . addslashes($_POST['login']) . "'";
$inp[] = "`jmeno`='" . addslashes($_POST['jmeno']) . "'";
$inp[] = "`prijmeni`='" . addslashes($_POST['prijmeni']) . "'";
if ($_POST['jmeno'] or $_POST['prijmeni']) {
$inp[] = "`nick`='" . addslashes($_POST['jmeno']) . " " . addslashes($_POST['prijmeni']) . "'";
}
$inp[] = "`email`='" . addslashes($_POST['email']) . "'";
$inp[] = "`uzivatelOpravneni_id`='" . addslashes($_POST['uzivatelOpravneni_id']) . "'";
if ($_POST['blokace'] == 2) {
$inp[] = "`blokace`='2'";
$list[] = $a['user_id'];
}
$admin_list = implode(',', $list);
$sql_select = 'SELECT final_amount FROM ' . $GLOBALS['ecs']->table('order_info') . " WHERE order_id={$order_id}";
$order_amount = $GLOBALS['db']->getOne($sql_select);
if ($order_amount < 800) {
$sql_update = 'UPDATE ' . $ecs->table('users') . ' u,' . $GLOBALS['ecs']->table('admin_user') . " a SET u.admin_id={$admin_id},u.order_time={$order_time},u.admin_name=a.user_name,u.role_id=a.role_id," . 'u.group_id=a.group_id,u.assign_time=UNIX_TIMESTAMP(),a.counter=a.counter+1 WHERE u.admin_id IN (' . "{$admin_list}) AND u.user_id={$res['user_id']} AND a.user_id={$admin_id}";
} else {
$sql_update = 'UPDATE ' . $ecs->table('users') . ' u,' . $GLOBALS['ecs']->table('admin_user') . ' a SET u.admin_id=4,u.admin_name=a.user_name,u.assign_time=UNIX_TIMESTAMP(),u.group_id=a.group_id,' . "u.role_id=a.role_id, u.order_time={$order_time}, a.counter=a.counter+1 WHERE u.admin_id IN (" . "{$admin_list}) AND u.user_id={$res['user_id']} AND a.user_id=4";
}
$db->query($sql_update);
update_taking_time($order_id);
unset($admin_list);
$sql_select = 'SELECT rec_id,is_package FROM `crm_order_goods`' . " WHERE order_id={$val['order_id']}";
$goods_list = $db->query($sql_select);
$goods_list = fetch_assoc($goods_list);
foreach ($goods_list as $v) {
if ($v['is_package']) {
$sql_update = 'UPDATE `crm_packing` p,`crm_order_goods` o SET ' . "o.taking_time=o.goods_number*p.take_days*24*3600 WHERE o.rec_id={$v['rec_id']}";
$db->query($sql_update);
} else {
$sql_update = 'UPDATE `crm_goods` g,`crm_order_goods` o SET ' . "o.taking_time=o.goods_number*g.take_days WHERE o.rec_id={$v['rec_id']}";
$db->query($sql_update);
}
}
}
}
/**
* 将查询结果以数组形式返回
*/
function fetch_assoc($res)
<?php
$include['js'][] = "./nastaveni/js-seznam.tpl";
$smarty->assign("include", $include);
$list_sql = query("SELECT `id`, `nazev`, `page`, `icon`, `zobraz` FROM `modul` WHERE `druh`='main' ORDER BY `poradi`");
while ($it = fetch_assoc($list_sql)) {
$list[$it['id']] = $it;
$submodul_sql = query("SELECT `id`, `nazev`, `page`, `icon`, `url`, `zobraz` FROM `modul` WHERE `modul_id`='{$it['id']}' ORDER BY `poradi`");
while ($item = fetch_assoc($submodul_sql)) {
$list[$it['id']]['submodul'][$item['id']] = $item;
$listPage[$item['id']] = $item['page'];
}
$listPage[$it['id']] = $it['page'];
}
$smarty->assign("list", $list);
$smarty->assign("listPage", $listPage);
//trizeni polozek
if ($_POST['function'] == 'sort') {
$data = json_decode($_POST['data'], true);
if ($data) {
foreach ($data as $key => $value) {
$value['id'] = intval($value['id']);
query("UPDATE `modul` SET `poradi`='{$key}', `druh`='main', `url`='', `modul_id`= NULL WHERE `id`='{$value['id']}'");
if ($value['children']) {
foreach ($value['children'] as $k => $v) {
$v['id'] = intval($v['id']);
query("UPDATE `modul` SET `poradi`='{$k}', `druh`='sub', `url`='{$listPage[$value['id']]}/{$listPage[$v['id']]}.html', `modul_id`='{$value['id']}' WHERE `id`='{$v['id']}'");
}
}
}
die('ok');
} else {
$inp = poster($_POST['def'], "db_set");
if (!is_null($edit['modul_id'])) {
$inp['db_set'][] = "`url`='{$edit['modul_page']}/{$_POST['def']['page']}.html'";
}
if ($_POST['zobraz']) {
$inp['db_set'][] = "`zobraz`='2'";
} else {
$inp['db_set'][] = "`zobraz`='0'";
}
query("START TRANSACTION");
if (!query("UPDATE `modul` SET " . implode(",", $inp['db_set']) . " WHERE `id`='{$edit_id}'")) {
$db_err[] = "Chyba pri ukladani modulu";
}
if ($edit['druh'] == 'main') {
$subModul_sql = query("SELECT `id`, `page` FROM `modul` WHERE `modul_id`='{$edit_id}' AND `druh`='sub'");
while ($it = fetch_assoc($subModul_sql)) {
if (!query("UPDATE `modul` SET `url`='{$_POST['def']['page']}/{$it['page']}.html' WHERE `id`='{$it['id']}'")) {
$db_err[] = "Chyba pri prepisu submodulu";
}
}
}
if ($db_err) {
query("ROLLBACK");
$smarty->assign("err", "Při ukládání se vyskytla chyba.");
} else {
query("COMMIT");
go($setup['adm']['www'] . "nastaveni/seznamModul.html");
}
}
}
<?php
include_once '../includes/start_administrace.php';
//
// BOF - smaz - smazani uzivatele
/*if ($_GET['del']) {
$id = intval($_GET['del']);
$res = query("UPDATE `uzivatel` SET `smazano`='2' WHERE `id` = '$id'");
if (!$res) {
echo "<p>Nepodařilo se SMAZAT zápis, prosím, zkuste to znovu.</p>";
} else {
$go = $setup_adm['www'] . "uzivatele/seznam.html";
go($go);
}
}*/
// EOF - smaz
//
// BOF - blok - zmenit stav blokace
if ($_GET['blok']) {
$id = intval($_GET['blok']);
$aktualni_blok = fetch_assoc(query("SELECT `blokace` FROM `uzivatel` WHERE `id`='{$id}'"));
if ($aktualni_blok['blokace'] == "0") {
$set = "`blokace`='2'";
} elseif ($aktualni_blok['blokace'] == "2") {
$set = "`blokace`='0'";
}
if (query("UPDATE `uzivatel` SET {$set}, `pokusu_prihlasit`='0' WHERE `id`='{$id}'")) {
$go = $setup['adm']['www'] . "uzivatele/seznam.html";
go($go);
}
}
<?php
include "include/config.php";
$post_get = new GetVarClass("_GET");
$email = $post_get->getemail("email");
$justUpdated = $post_get->getvar("justUpdated");
if (!$email) {
die("Редактирование заявки невозможно: введите корректный e-mail. ");
}
$editorid = loginbycookie();
if (!canEdit($editorid, $email)) {
die("У вас недостаточно прав доступа, чтобы редактировать заявку {$email}. ");
}
$sql = "SELECT *\n\tFROM " . PREF . "users\n\tWHERE email='{$email}'\n\tLIMIT 1";
$result = query($sql);
$userData = fetch_assoc($result);
$photoname = photoFileName($email);
$userid = (int) emailToId($email);
if (isAdmin($editorid)) {
unmarkUpdated($userid);
unmarkUnread($userid);
}
$sql = "SELECT m.id, u.name, m.message\n\tFROM " . PREF . "messages AS m\n\tLEFT JOIN " . PREF . "users AS u ON m.authorid=u.id\n\tWHERE m.userid={$userid}\n\tORDER BY m.id";
$result = query($sql);
$messages = fetch_assocs($result);
$render_data = $userData + ["justUpdated" => (bool) $justUpdated, "isAdmin" => (bool) isAdmin($editorid), "publicities" => $langPublicities, "countries" => $langCountries, "birthes" => $langBirthes, "ranks" => $langRanks, "quotas" => $langQuotas, "goRoyalWeddings" => $langYesNo, "photo" => file_exists("photos/{$photoname}.jpg") ? "{$photoname}.jpg" : "", "messages" => $messages];
$ret = constructTwig()->render("edit.twig", $render_data);
echo $ret;
if ($pass == $user['password']) {
$_SESSION['user']['id'] = $user['id'];
$_SESSION['user']['login'] = $user['login'];
$_SESSION['user']['nick'] = $user['nick'];
$_SESSION['user']['admin'] = $user['admin'];
$_SESSION['user']['ip'] = $uzivatel_ip;
query("\r UPDATE `uzivatel` \r SET `ip`='{$uzivatel_ip}',`posledniPrihlaseni`=NOW(), `pokusuPrihlasit`='0', `pocetPrihlaseni`=`pocetPrihlaseni`+1, `session`='{$_SESSION['id']}'\r WHERE `id`='{$user['id']}'");
//
//BOF-presmerovani
if ($_GET['token']) {
$token_url = fetch_assoc(query("SELECT `url` FROM `urlRequest` WHERE `token`='{$_GET['token']}'"));
if ($token_url) {
go($token_url['url']);
}
}
$def = fetch_assoc(query("\r SELECT m.`url`\r FROM `uzivatelOpravneni` AS uo\r LEFT JOIN `modul` AS m ON(m.`id` = uo.`vychoziModul`)\r WHERE uo.`id`='{$user['uzivatelOpravneni_id']}'"));
if ($_GET['request']) {
go($_GET['request']);
} elseif ($def['url']) {
go($setup['adm']['www'] . $def['url']);
} else {
go($setup['adm']['www'] . "prazdnaStranka.html");
}
//EOF-presmerovani
} else {
$pokusu_prihlasit = $user['pokusuPrihlasit'] + 1;
if ($pokusu_prihlasit >= 5) {
$set = "`pokusuPrihlasit`='{$pokusu_prihlasit}', `blokace`='2', `duvodBlokace`='Překročený počet pokusů o přihlášení'";
} else {
$set = "`pokusuPrihlasit`='{$pokusu_prihlasit}'";
}
function fetch_assocs($result)
{
$ret = [];
while ($row = fetch_assoc($result)) {
$ret[] = $row;
}
return $ret;
}
$include['js'][] = "./nastaveni/js-opravneni.tpl";
$smarty->assign("include", $include);
$list_sql = query("SELECT `id`, `nazev`, `icon`, `url`, `zobraz` FROM `modul` WHERE `druh`='main' ORDER BY `poradi`");
while ($it = fetch_assoc($list_sql)) {
$list[$it['id']] = $it;
$list[$it['id']]['submodul'] = fetch_array(query("SELECT `id`, `nazev`, `icon`, `url`, `zobraz` FROM `modul` WHERE `modul_id`='{$it['id']}' ORDER BY `poradi`"));
}
$smarty->assign("list", $list);
$opravneni = fetch_array(query("SELECT `id`, `nazev`, `vychoziModul` FROM `uzivatelOpravneni` ORDER BY `nazev`"), "id");
$smarty->assign("opravneni", $opravneni);
if ($_GET['perm']) {
$perm_id = intval($_GET['perm']);
$perm = fetch_assoc(query("SELECT `id`, `domena`, `admin` FROM `uzivatelOpravneni` WHERE `id`='{$perm_id}'"));
$smarty->assign("perm", $perm);
$checked_sql = query("SELECT `modul_id` FROM `uzivatelOpravneni_modul` WHERE `uzivatelOpravneni_id`='{$perm_id}'");
while ($it = fetch_assoc($checked_sql)) {
$checked[] = $it['modul_id'];
}
$smarty->assign("checked", $checked);
}
//nastaveni modulu pro vybrane opravneni
if ($_POST['function'] == 'check' and $_POST['perm'] != '') {
$perm = intval($_POST['perm']);
$modul_id = $_POST['id'];
$typ = $_POST['typ'];
if ($typ == 'opravneni') {
if (strtolower($_POST['checked']) == 'true') {
$check = "ano";
query("UPDATE `uzivatelOpravneni` SET `{$modul_id}`='2' WHERE `id`='{$perm}'");
} else {
$check = "ne";
$servername = " 159.203.104.66 ";
$username = "******";
$password = "******";
$dbname = "rambler";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT epochKey, busNumber, nextStop, timeToNextStop FROM rambler";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th></tr>";
// output data of each row
while ($row = $result = fetch_assoc()) {
echo "<tr><td>" . $row["epochKey"] . "</td><td>" . $row["busNumber"] . "</td></tr>" . $row["nextStop"] . "</td></tr>" . $row["timeToNextStop"] . "</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
</div>
<!-- /.box-body -->
</div>
<!-- /.box -->
</div>
</div>
<center>Không thể sửa <b>Câu hỏi</b> mới.</center>
<center>Xin hãy kiểm tra thông tin đã nhập.</center>
<center><button onClick='history.back()'>Trở lại</button></center>
<?php
echo $e->getMessage();
return -1;
}
} else {
$result = $db->query("select * from oes_Question where ID = {$q}");
$question_assoc = fetch_assoc($result);
mysql_free_result($result);
$question = $question_assoc[0]['Text'];
$subject = $question_assoc[0]['Subject'];
$shuffleable = $question_assoc[0]['Shuffleable'];
$result = $db->query("select * from oes_Choice where Question = {$q}");
$choice = fetch_assoc($result);
mysql_free_result($result);
}
?>
<BODY>
<div align=center>
<h1>Sửa câu hỏi</h1>
<form action=# method=POST>
<table>
<tr><td align=center><label for=subject>Môn</label>
<?php
echo $db->getValue("select Name from oes_Subject where ID = {$subject}");
echo "<input type=hidden name=subject value={$subject}>";
?>
<?php
include "../include/config.php";
function sendCsvHeaders($filename)
{
sendDownloadHeaders("text/csv", $filename);
}
$editorid = loginbycookie();
if (!isAdmin($editorid)) {
die("У вас недостаточно прав доступа, чтобы скачать CSV. ");
}
$hiddenFields = ["pwhash", "pw", "active", "activecode", "added", "is_admin", "photo_src", "updated", "unread", "quenta"];
sendCsvHeaders(PROJECT_NAME . ".csv");
$out = fopen('php://output', 'w');
$sql = "SELECT *\n\tFROM " . PREF . "users AS u\n\tORDER BY u.id";
$result = query($sql);
while ($row = fetch_assoc($result)) {
foreach ($hiddenFields as $hiddenField) {
unset($row[$hiddenField]);
}
fputcsv($out, $row);
}
fclose($out);
//header("Location:../Logout.php");
//}
$classroom_query = "select * from timetable_classrooms";
$classroom_ans = $mysqli->query($classroom_query);
if (isset($_POST['buildingt'])) {
$numofrooms = $_POST['numberofrooms'];
for ($i = 1; i <= $numofrooms; $i++) {
$sql = "insert into timetable_classrooms('building','room','capacity') Values('" . $_POST['buildingt'] . "','" . $i . "','" . $_POST['capacity'] . "')";
$sql_ans = $mysqli->query($sql);
}
drawNotification("Added", "The entered building (" . $_POST['buildingt'] . ") has been added successfully for rooms from 1 to " . $numofrooms, "success");
} else {
if (isset($_POST['buildingd'])) {
$max_room_query = "select MAX(room) as max,capacity from timetable_classrooms where building='" . $_POST['buildingd'] . "'";
$max_room_ans = $mysqli->query($max_room_query);
$max_room = $max_room_ans - fetch_assoc();
$max = $max_room['max'];
$capacity = $max_room['capacity'];
for ($i = $max + 1; $i <= $max + $_POST['numberofrooms']; $i++) {
$sql = "insert into timetable_classrooms('building','room','capacity') Values('" . $_POST['buildingd'] . "','" . $i . "','" . $_POST['capacity'] . "')";
$sql_ans = $mysqli->query($sql);
}
drawNotification("Added", "The entered building (" . $_POST['buildingd'] . ") has been added successfully for rooms from " . ($max + 1) . " to " . ($max + $_POST['numberofrooms']), "success");
}
}
?>
<form name="form" action="" method="post">
<table>
<tr>
<td>
$modul_tmp[$it['modul_id']]['sub'][$it['page']] = $it;
}
$allowModul[] = $it['id'];
}
if ($modul_tmp) {
foreach ($modul_tmp as $k => $v) {
$modul[$v['page']] = $v;
}
unset($modul_tmp);
}
$smarty->assign("modul", $modul);
//EOF-moduly|info
//
//BOF-povolene moduly
if ($_GET['page'] and $_GET['subpage']) {
$urlModul = $_GET['page'] . "/" . $_GET['subpage'] . ".html";
$activeModul = fetch_assoc(query("SELECT `id`, `modul_id` FROM `modul` WHERE `url`='{$urlModul}'"));
if (!in_array($activeModul['id'], (array) $allowModul) or !in_array($activeModul['modul_id'], (array) $allowModul)) {
go($setup['adm']['www'] . "prazdnaStranka.html");
}
}
//EOF-povolene moduly
//
//BOF-variable
$variable['boolean'] = array("0" => "NE", "2" => "ANO");
$variable['booleanBadge'] = array("0" => '<span class="badge badge-danger">NE</span>', "2" => '<span class="badge badge-success">ANO</span>');
$variable['booleanBadgeInverse'] = array("0" => '<span class="badge badge-success">NE</span>', "2" => '<span class="badge badge-danger">ANO</span>');
$variable['flag'] = array("1" => '', "2" => '<i class="icon-flag bigger-130 red" title="Vysoká priorita"></i>');
//EOF-variable
$smarty->assign("variable", $variable);
//EOF-variable
