function addUser($baseURL, $database, $user, $email, $department, $role)
{
$guid = getGUID();
$statement = $database->prepare('INSERT INTO users ' . '(user, email, department, role) ' . 'VALUES (:user, :email, :department, :role)');
$statement->bindValue(':user', $user, PDO::PARAM_STR);
$statement->bindValue(':email', $email, PDO::PARAM_STR);
$statement->bindValue(':department', $department, PDO::PARAM_INT);
$statement->bindValue(':role', $role, PDO::PARAM_STR);
$statement->execute();
$uid = $database->lastInsertId();
$statement = $database->prepare("INSERT INTO pwresets (token, users_id) " . "VALUES (:token, :users_id)");
$statement->bindValue(':token', $guid, PDO::PARAM_STR);
$statement->bindValue(':users_id', $uid, PDO::PARAM_INT);
$result = $statement->execute();
if ($result === false) {
return $statement->errorInfo()[2];
}
$message = Swift_Message::newInstance();
$message->setSender('noreply@' . $_SERVER['SERVER_NAME']);
$message->setReturnPath('noreply@' . $_SERVER['SERVER_NAME']);
$message->setFrom(array('noreply@' . $_SERVER['SERVER_NAME'] => 'noreply@' . $_SERVER['SERVER_NAME']));
$message->setSubject('Holiday Management Registration - ' . $_SERVER['SERVER_NAME']);
$message->setTo(array($email => $user));
$message->setBody('You have been signed up for the holiday management system by your administrator. ' . 'To complete your registration you must set a password on this system, this will also server to verify your ' . 'email address. Please visit ' . $baseURL . 'pwreset/' . $guid . ' to verify this and setup the password.\\r\\n' . 'If this email was sent in error please visit ' . $baseURL . 'unsubscribe/' . $guid . ' to unsubscribe and we won\'t send' . ' you any more emails');
$message->addPart('<html><head></head><body><p>You have been signed up for the holiday management system by your ' . 'administrator. To complete your registration you must set a password on this system, this will also server to ' . 'verify your email address. Please visit <a href="' . $baseURL . 'pwreset/' . $guid . '">here</a> to verify this and ' . 'setup the password.</p><p>If this email was sent in error please <a href="' . $baseURL . 'unsubscribe/' . $guid . '">' . 'unsubscribe and we won\'t send you any more emails</a></p></body></html>', 'text/html');
$mailer = Swift_Mailer::newInstance(Swift_SmtpTransport::newInstance('localhost', 25));
$mailer->send($message);
return "";
}
public function getRequest(&$post)
{
$strSOAPheader = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' . '<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' . '<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">' . '<wsse:UsernameToken>' . '<wsse:Username>' . $post['Username'] . '</wsse:Username>' . '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">' . $post['Password'] . '</wsse:Password>' . '</wsse:UsernameToken>' . '</wsse:Security>' . '</SOAP-ENV:Header>' . '<SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' . '{SOAPBODY}' . '</SOAP-ENV:Body>' . '</SOAP-ENV:Envelope>';
list($agentId) = explode('#', $post['AgentId']);
$strSOAPBody = '<OTA_HotelResNotifRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="1.0" EchoToken="' . getGUID() . '" ResStatus="' . $this->book_state . '" TimeStamp="' . $this->date_stamp . '">' . '<POS>' . '<Source>' . '<RequestorID Type="' . $this->request_type_id . '" ID="' . $agentId . '"/>' . '</Source>' . '</POS>' . '<HotelReservations>' . '<HotelReservation LastModifyDateTime="' . $this->date_stamp . '">' . '<UniqueID Type="14" ID="' . $post['ResID'] . '"/>' . $this->getRoomStay($post) . $this->getResGuests() . $this->getResGlobalInfo($post) . '</HotelReservation>' . '</HotelReservations>' . '</OTA_HotelResNotifRQ>';
//FINAL REQUEST BUILDING.
$post['request'] = array(str_replace('{SOAPBODY}', $strSOAPBody, $strSOAPheader));
}
function saveData($location)
{
global $_FILE, $_POST;
// Get connection to the DB
$link = getConnection();
// Generate global unique Game ID
$guid = getGUID();
// Insert Game Data for the Player
$query = "INSERT INTO Uploads VALUES('" . (string) $guid . "', '" . (string) $_POST['name'] . "', '" . (string) $_POST['description'] . "', 'Aspect', '" . (string) $location . "');";
$res = mysqli_query($link, $query);
echo (string) mysqli_error($link);
}
function nsf_parser($username, $password, $xml_url)
{
$ch = curl_init();
$timeout = 3600;
curl_setopt($ch, CURLOPT_URL, $xml_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
// $response = curl_getinfo($ch);
curl_close($ch);
$xml = simplexml_load_string($data);
if ($xml) {
$trustDetail = $xml->applicantDetails->trust->trustDetail;
$trustee = $xml->applicantDetails->trust->trustee;
global $wpdb;
$wp_hasher = new PasswordHash(8, TRUE);
$sql = "SELECT * FROM wp_users WHERE user_login = '******' ";
$resultuser = $wpdb->get_results($sql);
if ($resultuser) {
function getGUID()
{
if (function_exists('com_create_guid')) {
return com_create_guid();
} else {
mt_srand((double) microtime() * 10000);
//optional for php 4.2.0 and up.
$charid = strtoupper(md5(uniqid(rand(), true)));
$hyphen = chr(45);
// "-"
$uuid = chr(123) . substr($charid, 0, 8) . $hyphen . substr($charid, 8, 4) . $hyphen . substr($charid, 12, 4) . $hyphen . substr($charid, 16, 4) . $hyphen . substr($charid, 20, 12) . chr(125);
// "}"
return $uuid;
}
}
foreach ($resultuser as $results) {
if ($wp_hasher->CheckPassword($password, $results->user_pass)) {
$unique = trim(getGUID(), '{}');
$result = $wpdb->insert('service_nsf', array('unique_code' => $unique, 'user_email' => "", 'fundName' => $trustDetail->name, 'numMembers' => '', 'stateLaw' => '', 'fundAddressCareOf' => '', 'fundAddressLevel' => '', 'fundAddressStreet' => $trustDetail->contactDetails->addressDetails[0]->addressLine1, 'fundAddressSuburb' => $trustDetail->contactDetails->addressDetails[0]->city, 'fundAddressState' => $trustDetail->contactDetails->addressDetails[0]->state, 'fundAddressPostcode' => $trustDetail->contactDetails->addressDetails[0]->postcode, 'teeMtgAddressLevel' => '', 'teeMtgAddressStreet' => '', 'teeMtgAddressSuburb' => '', 'teeMtgAddressState' => '', 'teeMtgAddressPostcode' => '', 'm1MemberNamePrefix' => $trustee->business->officeBearer[0]->persone->title, 'm1MemberGivenNames' => $trustee->business->officeBearer[0]->persone->givenNames, 'm1MemberFamilyName' => $trustee->business->officeBearer[0]->persone->surname, 'm1MemberDOB' => $trustee->business->officeBearer[0]->persone->dateOfBirth, 'm1MemberTFN' => '', 'm1AddressLevel' => '', 'm1AddressStreet' => $trustee->business->officeBearer[0]->contactDetails->addressDetails->addressLine1, 'm1AddressSuburb' => $trustee->business->officeBearer[0]->contactDetails->addressDetails->city, 'm1AddressState' => $trustee->business->officeBearer[0]->contactDetails->addressDetails->state, 'm1AddressPostcode' => $trustee->business->officeBearer[0]->contactDetails->addressDetails->postcode, 'm2MemberNamePrefix' => $trustee->business->officeBearer[1]->persone->title, 'm2MemberGivenNames' => $trustee->business->officeBearer[1]->persone->givenNames, 'm2MemberFamilyName' => $trustee->business->officeBearer[1]->persone->surname, 'm2MemberDOB' => $trustee->business->officeBearer[1]->persone->dateOfBirth, 'm2MemberTFN' => '', 'm2AddressLevel' => '', 'm2AddressStreet' => $trustee->business->officeBearer[1]->contactDetails->addressDetails->addressLine1, 'm2AddressSuburb' => $trustee->business->officeBearer[1]->contactDetails->addressDetails->city, 'm2AddressState' => $trustee->business->officeBearer[1]->contactDetails->addressDetails->state, 'm2AddressPostcode' => $trustee->business->officeBearer[1]->contactDetails->addressDetails->postcode, 'm3MemberNamePrefix' => $trustee->business->officeBearer[2]->persone->title, 'm3MemberGivenNames' => $trustee->business->officeBearer[2]->persone->givenNames, 'm3MemberFamilyName' => $trustee->business->officeBearer[2]->persone->surname, 'm3MemberDOB' => $trustee->business->officeBearer[2]->persone->dateOfBirth, 'm3MemberTFN' => '', 'm3AddressLevel' => '', 'm3AddressStreet' => $trustee->business->officeBearer[2]->contactDetails->addressDetails->addressLine1, 'm3AddressSuburb' => $trustee->business->officeBearer[2]->contactDetails->addressDetails->city, 'm3AddressState' => $trustee->business->officeBearer[2]->contactDetails->addressDetails->state, 'm3AddressPostcode' => $trustee->business->officeBearer[2]->contactDetails->addressDetails->postcode, 'm4MemberNamePrefix' => $trustee->business->officeBearer[3]->persone->title, 'm4MemberGivenNames' => $trustee->business->officeBearer[3]->persone->givenNames, 'm4MemberFamilyName' => $trustee->business->officeBearer[3]->persone->surname, 'm4MemberDOB' => $trustee->business->officeBearer[3]->persone->dateOfBirth, 'm4MemberTFN' => '', 'm4AddressLevel' => '', 'm4AddressStreet' => $trustee->business->officeBearer[3]->contactDetails->addressDetails->addressLine1, 'm4AddressSuburb' => $trustee->business->officeBearer[3]->contactDetails->addressDetails->city, 'm4AddressState' => $trustee->business->officeBearer[3]->contactDetails->addressDetails->state, 'm4AddressPostcode' => $trustee->business->officeBearer[3]->contactDetails->addressDetails->postcode, 't2NonMemberNamePrefix' => '', 't2NonMemberGivenNames' => '', 't2NonMemberFamilyName' => '', 't2NonMemberAddressLevel' => '', 't2NonMemberAddressStreet' => '', 't2NonMemberAddressSuburb' => '', 't2NonMemberAddressState' => '', 't2NonMemberAddressPostcode' => '', 'corpTeeName' => $trustee->business->businessDetail->businessName, 'corpTeeACN' => '', 'corpTeeAddressCareOf' => '', 'corpTeeAddressLevel' => '', 'corpTeeAddressStreet' => $trustee->business->contactDetails->addressDetails[1]->addressLine1, 'corpTeeAddressSuburb' => $trustee->business->contactDetails->addressDetails[1]->city, 'corpTeeAddressState' => $trustee->business->contactDetails->addressDetails[1]->state, 'corpTeeAddressPostcode' => $trustee->business->contactDetails->addressDetails[1]->postcode, 'd2NonMemberNamePrefix' => '', 'd2NonMemberGivenNames' => '', 'd2NonMemberFamilyName' => '', 'd2NonMemberAddressLevel' => '', 'd2NonMemberAddressStreet' => '', 'd2NonMemberAddressSuburb' => '', 'd2NonMemberAddressState' => '', 'd2NonMemberAddressPostcode' => '', 'chairmanTrustee' => ''));
return array('unique_code' => $unique);
} else {
return array('username' => 'Invalid username or password1');
}
}
} else {
return array('username' => 'Invalid username or password ' . $result);
}
} else {
return array('error' => 'no data found');
}
}
function generateToken()
{
/*****************************************************************************************
* Create and set a new token for CSRF protection
* on initial entry or after form errors and we are going to redisplay the form.
******************************************************************************************/
$salt = "";
$tokenStr = "";
$salt = sha1($_SERVER["HTTP_HOST"]);
setcookie("token", "", time() - 42000);
$_SESSION["salt"] = $salt;
$_SESSION["guid"] = getGUID();
$_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["time"] = time();
$tokenStr = "IP:" . $_SESSION["ip"] . ",SESSIONID:" . session_id() . ",GUID:" . $_SESSION["guid"];
$_SESSION["token"] = sha1($tokenStr . $_SESSION["salt"] . $_SESSION["salt"]);
if (setcookie("token", $_SESSION["token"], time() + 86400)) {
$_SESSION["usecookie"] = True;
}
}
/**
* Created by PhpStorm.
* User: root
* Date: 21/11/15
* Time: 5:42 PM
*/
function AddToken($Data)
{
include '../common/Models/Database.php';
include '../common/helpers/QueryGenrator.php';
$table = 'userinfo';
$QueryGen = new QueryGenrator();
$DB = new DatabaseModel();
$data = array("AccessToken" => getGUID());
$Email = $Data['Email'];
$Password = $Data['Password'];
$condition = "WHERE Email = '{$Email}' AND Password = '******'";
$QueryCheck = $Query = $QueryGen->select($table, $DATA = "None", $condition);
$CheckInfo = $DB->select($QueryCheck);
if ($CheckInfo == ERROR_DATA_NOT_FOUND) {
return ERROR_DATA_NOT_FOUND;
}
$Query = $QueryGen->update($table, $data, $condition);
$DBEntry = $DB->update($Query);
return $data['AccessToken'];
}
/**
* This method is used to store the ionformation about a Tweety game session. This information can later be
* used to find the top 10 scores, find game info about a particular session etc.
*
* @param player_name :: Name of the Player
* @param time_remaining :: Total time remaining in seconds
* @param score :: Total score at the end of the game
* @param num_correct :: Number of correct pairs selected
* @param num_incorrect :: Number of incorrect pairs selected
* @param profile_pic :: Profile Picture link of the player
*/
function storeGameInfo($player_name, $time_remaining, $score, $num_correct, $num_incorrect, $profile_pic)
{
// Get connection to the DB
$link = getConnection();
// Generate global unique Game ID
$guid = getGUID();
// Insert Game Data for the Player
$query = "INSERT INTO Scores(Game_ID, Player, Score, Time_Remaining, Num_Correct, Num_Incorrect, Profile_Pic) VALUES('" . (string) $guid . "'," . $player_name . ", " . $score . ", " . $time_remaining . ", " . $num_correct . ", " . $num_incorrect . ", " . $profile_pic . ");";
$res = mysqli_query($link, $query);
$affectedRows = mysqli_affected_rows($link);
// log information based on result
if ($affectedRows == 1) {
if ($player_name == NULL) {
$player_name = 'NOT_SPECIFIED';
}
logSuccess('gameSelectionLogs.html', 'Player <b>' . $player_name . '</b>\'s game data has been stored. Game ID: <b>' . $guid . '</b>.');
} else {
if ($player_name == NULL) {
$player_name = 'NOT_SPECIFIED';
}
logError('gameSelectionLogs.html', 'Unable to store game data for Player <b>' . $player_name . '</b>. <b> ERROR: </b>' . (string) mysqli_error($link));
}
}
/**
* Generate a unique guid
*
* @param int $length length of guid
* @return string generated guid
*/
function getGUID($length = 8)
{
$str = generateRandomString($length);
$r = select_sql('SELECT * FROM allguids WHERE guid = ?', 's', $str);
if ($r == array()) {
insert_sql("INSERT INTO allguids(guid) VALUES(?)", 's', array($str));
return $str;
} else {
return getGUID($length);
}
}
include "funciones.php";
$conn = conexion();
//Variables Alumno
@($id_alumno = getGUID());
@($id_alumno = substr($id_alumno, 1, length - 1));
@($nombre_alumno = $_POST['alumno_nombre']);
@($apellidos_alumno = $_POST['alumno_apellidos']);
@($edad_alumno = $_POST['alumno_edad']);
@($mail_alumno = $_POST['alumno_mail']);
@($grupo_alumno = $_POST['alumno_grupo']);
@($carrera_alumno = $_POST['alumno_carrera']);
@($tipo_usuario = 'Alumno');
@($contraseña_alumno = $_POST['alumno_contraseña']);
//
//Variables Maestro
@($id_maestro = getGUID());
@($id_maestro = substr($id_maestro, 1, length - 1));
@($nombre_maestro = $_POST['maestro_nombre']);
@($apellidos_maestro = $_POST['maestro_apellidos']);
@($edad_maestro = $_POST['maestro_edad']);
@($correo_maestro = $_POST['maestro_correo']);
@($estado_maestro = 'Activo');
@($materia_maestro = $_POST['maestro_materia']);
//
if ($nombre_alumno != '') {
$Insert_Alumno = mysql_query("INSERT INTO alumno VALUES ('{$id_alumno}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$nombre_alumno}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$apellidos_alumno}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$edad_alumno},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$mail_alumno}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$contraseña_alumno}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$grupo_alumno}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$carrera_alumno}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$tipo_usuario}')", $conn);
if ($Insert_Alumno) {
session_start();
$_SESSION["Alumno"] = "Alumno";
header('Location: ../indexAlumno.php');
} else {
public function registrationAction()
{
$ErrorMessage = '';
$vEmail = '';
$vFirstName = '';
$vLastName = '';
if (filter_input(INPUT_POST, 'registration_btn') !== NULL) {
$vEmail = POSTStrAsSQLStr('email');
$vFirstName = POSTStrAsSQLStr('firstname');
$vLastName = POSTStrAsSQLStr('lastname');
if (empty($ErrorMessage)) {
if (!preg_match("/[\\x{0400}-\\x{04FF}\\x]{1,32}/u", $vFirstName)) {
$ErrorMessage = 'Имя пользователя должно содержать только символы кириллицы.';
}
}
if (empty($ErrorMessage)) {
if ($_POST['password'] != $_POST['password2']) {
//return AddAlertMessage('danger', 'Пароли не совпадают', '/auth/registration');
$ErrorMessage = 'Пароль и подтверждение пароля не совпадают.';
}
}
if (empty($ErrorMessage)) {
$vSecurimage = new Securimage();
if (!$vSecurimage->check($_POST['CaptchaCodeEdt']) == true) {
$ErrorMessage = 'Вам нужно решить пример правильно.';
}
}
if (empty($ErrorMessage)) {
$sql = "select ID from Users where (Email = '{$vEmail}');";
$user = $this->db->query($sql)->fetch();
if (!empty($user['ID'])) {
//return AddAlertMessage('danger', 'Такой e-mail уже зарегистрирован', '/auth/registration');
$ErrorMessage = "Пользователь с такой эл. почтой уже существует.";
$vEmail = '';
} else {
$vUniversalID = getGUID();
/*$this->db->prepare('INSERT INTO Users (PasswordHash, UserName, PhoneNumber, Email, EmailConfirmed, UniversalType, UniversalID) '
. 'VALUES (:ph, :un, :pn, :e, 1, 1, :uid)')->
execute(array('ph' => EncryptPassword(Tools::getValue('password')), 'un' => Tools::getValue('email'), 'pn' => Tools::getValue('phone'), 'e' => Tools::getValue('email'), 'uid' => $vUniversalID));
$id = $this->db->lastInsertId();
$this->db->prepare('INSERT INTO UserData (UserID, FirstName, LastName) VALUES (:ui, :fn, :ln)')->execute(array('ui' => $id, 'fn' => Tools::getValue('firstname'), 'ln' => Tools::getValue('lastname')));
*/
$sql = "insert into Users(UniversalType, UniversalID, UserName, Email, EmailConfirmed, PasswordHash) " . "values(1, '{$vUniversalID}', '{$vEmail}', '{$vEmail}', 1, '" . EncryptPassword($_POST['password']) . "') " . "on duplicate key update " . "UniversalID = '{$vUniversalID}';";
$this->db->exec($sql);
$UserID = $this->db->lastInsertId();
$sql = "insert into UserData(UserID, FirstName, LastName) " . "values({$UserID}, '{$vFirstName}', '{$vLastName}') " . "on duplicate key update " . "UserID = {$UserID};";
$this->db->exec($sql);
if (LoginUsingUniversalID($vUniversalID)) {
return AddAlertMessage('success', 'Добро пожаловать!', '/');
} else {
return AddAlertMessage('danger', 'Ошибка при регистрации!', '/');
}
}
}
}
if (!empty($ErrorMessage)) {
AddAlertMessage('danger', $ErrorMessage);
}
$this->view->setVars(array('Email' => $vEmail, 'FirstName' => $vFirstName, 'LastName' => $vLastName));
$this->view->breadcrumbs = array(array('url' => '/auth/registration', 'title' => 'Регистрация'));
$this->view->meta = array('meta_title' => 'Регистрация пользователя', 'meta_description' => 'Регистрация пользователя', 'meta_keywords' => '');
$this->view->generate();
}
?>
</tbody>
</table>
</div>
</div>
<div class="tab-pane" id="condensed">
<div class="box-content">
<form action="index.php?page=addoffer&mID=<?php
echo $_REQUEST['mID'];
?>
" class='validate form-horizontal' method="post" name="addmerchant" enctype="multipart/form-data">
<div class="control-group">
<label for="title" class="control-label">Code</label>
<div class="controls">
<input type="text" name="code" value="<?php
echo getGUID(6);
?>
" class='{required:true} span8'>
</div>
</div>
<div class="control-group">
<label for="title" class="control-label">Title</label>
<div class="controls">
<input type="text" name="title" value="<?php
echo $_REQUEST['title'];
?>
" class='{required:true} span8'>
</div>
</div>
<div class="control-group">
<label for="title" class="control-label">Description</label>
<?php
require_once 'php/db.php';
insert_sql("INSERT INTO category(guid, name, description) VALUES(?,?,?)", 'sss', array(getGUID(8), $_GET['name'], $_GET['desc']));
function getGUID()
{
if (function_exists('com_create_guid')) {
return com_create_guid();
} else {
mt_srand((double) microtime() * 10000);
//optional for php 4.2.0 and up.
$charid = strtoupper(md5(uniqid(rand(), true)));
$hyphen = chr(45);
// "-"
$uuid = chr(123) . substr($charid, 0, 8) . $hyphen . substr($charid, 8, 4) . $hyphen . substr($charid, 12, 4) . $hyphen . substr($charid, 16, 4) . $hyphen . substr($charid, 20, 12) . chr(125);
// "}"
return $uuid;
}
}
$appguid = getGUID();
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>" . PHP_EOL;
?>
<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Release</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid><?php
echo $appguid;
?>
</ProjectGuid>
<OutputType>Exe</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace><?php
echo $_PROG->name;
function insertObject($userId, $tableName, $values)
{
global $con;
global $systemColumns;
$values_array = json_decode($values, true);
foreach ($systemColumns as $systemColumn) {
unset($values_array[$systemColumn]);
}
foreach ($values_array as $key => $value) {
$sql[] = is_numeric($value) ? "{$key} = {$value}" : "{$key} = '" . $con->real_escape_string($value) . "'";
}
$guid = getGUID();
$lastModifiedDatetime = time();
$lastModifiedById = $userId;
$isDeleted = "false";
array_push($sql, "guid = '{$guid}'", "lastModifiedDatetime = '{$lastModifiedDatetime}'", "lastModifiedById = '{$lastModifiedById}'", "isDeleted = '{$isDeleted}'");
$sqlclause = implode(",", $sql);
$query = "INSERT INTO {$tableName} SET {$sqlclause};";
if (runQuery($query)) {
fetchObjectWithClause($tableName, "guid = '" . $guid . "'");
}
}
die("Not valid information!");
}
// combine the OMOP required vocab ids with the user selected vocab ids
$allvocabids = $vocabids + $OMOPTypes;
$allvocabids = array_unique($allvocabids);
if ($CDMVersion == 4.5) {
$Cred = $database_prodv4_credentials;
} else {
$Cred = $database_prodv5_credentials;
}
$VocIds = implode(",", $allvocabids);
//$FName = implode("_", $vocabids).".zip";
if ($CDMVersion == 4.5) {
$FName = "vocab_download_v4_5_" . getGUID() . ".zip";
} else {
$FName = "vocab_download_v5_" . getGUID() . ".zip";
}
$shell_exec_string = 'nohup ' . $perl_dump_script_dir . 'dump.pl ' . $Cred . ' ' . $CDMVersion . ' ' . $zip_file_output_dir . $FName . ' ' . $VocIds . ' > /dev/null & echo $!';
$PID = shell_exec($shell_exec_string);
if (!$PID) {
$e = oci_error($stid);
sendErrorEmail("downloads.php shell_exec failed, exec_string=" . $shell_exec_string);
header("Location:error.php?errorMessage=" . urlencode("Error: unable to generate export file"));
die;
}
$insert_user_process_sql = "INSERT INTO VOCAB_DOWNLOAD.VOCABULARY_USER (\n EMAIL_ADDRESS,\n NAME,\n ORGANIZATION,\n ADDRESS,\n CITY_NAME,\n COUNTRY_NAME,\n PHONE_NUMBER,\n VOCABULARY_LIST,\n PROCESS_ID,\n TITLE,\n STATE,\n ZIP_CODE,\n\tFILE_NAME,\n FILE_CREATION_JOB_RUNNING_FLAG\n ) VALUES (\n '" . $email . "',\n '" . $name . "',\n '" . $Organization . "',\n '" . $Address . "',\n '" . $City . "',\n '" . $Country . "',\n '" . $Phone . "',\n '" . $VocIds . "',\n " . $PID . ",\n '" . $Title . "',\n '" . $State . "',\n '" . $Zip . "',\n '" . $FName . "',\n 'Y'\n )";
$stid_add_user_process = oci_parse($conn, $insert_user_process_sql);
if (!$stid_add_user_process) {
$e = oci_error($conn);
sendErrorEmail("downloads.php: oci_parse INSERT INTO VOCAB_DOWNLOAD.VOCABULARY_USER table failed, sql=" . $insert_user_process_sql . ", error message=" . $e['message']);
header("Location:error.php?errorMessage=" . urlencode("Error: unable to log export file request"));
}
if (lg_debug) {
$dbMsg .= "city = " . $city . "<br />\n";
}
/******************************************************************************************************************
* Set $locked, $dateLocked and unlock $token
******************************************************************************************************************/
$locked = "1";
if (lg_debug) {
$dbMsg .= "locked = 1<br />\n";
}
$dateLocked = dbNow();
if (lg_debug) {
$dbMsg .= "dateLocked = " . $dateLocked . "<br />\n";
}
$token = strtoupper(sha1(getGUID()));
if (lg_debug) {
$dbMsg .= "token = " . $token . "<br />\n";
}
/******************************************************************************************************************
* Write new account to user's table in database
******************************************************************************************************************/
addUser($dateRegistered, $userid, $passhash, $name, $email, $ip, $region, $city, $country, $useragent, $website, $news, $locked, $dateLocked, $token);
if (lg_debug) {
$dbMsg .= "Database insert occurred. Result = " . $numAffected . "<br />\n";
}
if ($numAffected == 1) {
/******************************************************************************************************************
* On success, $email user the unlock $token. Copy the webmaster
******************************************************************************************************************/
if (lg_debug) {
function AddTaskForSendEmail_UseTemplate($AFromEmail, $AFromName, $AToEmail, $AToName, $ASubject, $AUseTemplate, $ATemplateParamsArray, $APriority = 50, $ABlindCopyToEmail = '', $ACopyToEmail = '')
{
if (isset($ATemplateParamsArray)) {
$vTemplateParamsArray = base64_encode(serialize($ATemplateParamsArray));
} else {
$vTemplateParamsArray = '';
}
$sql = "insert into Emails_ToSend(RecordGUID, CreateDate, FromEmail, FromName, ToEmail, ToName, CopyToEmail, BlindCopyToEmail, Subject, Body, UseTemplate, Priority) " . "values('" . getGUID() . "', '" . GetLocalDateTimeAsSQLStr() . "', '{$AFromEmail}', '{$AFromName}', '{$AToEmail}', '{$AToName}', '{$ACopyToEmail}', '{$ABlindCopyToEmail}', '{$ASubject}', '{$vTemplateParamsArray}', '{$AUseTemplate}', {$APriority});";
GetMainConnection()->exec($sql);
$vTemplateParamsArray = '';
CURL_SpeedUp_SendEmail();
//$YourSerializedData = base64_encode(serialize($theHTML));
//$theHTML = unserialize(base64_decode($YourSerializedData));
}
function getGUID()
{
if (function_exists('com_create_guid')) {
return com_create_guid();
} else {
mt_srand((double) microtime() * 10000);
//optional for php 4.2.0 and up.
$charid = strtoupper(md5(uniqid(rand(), true)));
$hyphen = chr(45);
// "-"
$uuid = chr(123) . substr($charid, 0, 8) . $hyphen . substr($charid, 8, 4) . $hyphen . substr($charid, 12, 4) . $hyphen . substr($charid, 16, 4) . $hyphen . substr($charid, 20, 12) . chr(125);
// "}"
return $uuid;
}
}
$guidString = getGUID();
$GUID = substr($guidString, 1, -1);
$guid = isset($_SESSION["step2-guid"]) ? $_SESSION["step2-guid"] : $GUID;
?>
<div class="full-registration" ng-app="listpp" ng-controller="PhoneListCtrl">
<div class="container">
<div class="f-space15"></div>
<div class="row">
<div class="heading">CRUD Application using AngularJS, PHP and MySQL</div>
</div>
<hr />
<div class="full-step3">
<div class="row">
<div class="col-sm-6 form-box">
<div class="step3form-heading">Add a person</div>
function get_skin($user, $skinData)
{
$tmp = tempnam("/tmp", "skin_");
if (!file_put_contents($tmp, base64_decode($skinData))) {
return FALSE;
}
$info = getimagesize($tmp);
if ($info[0] != 64 || $info[1] != 32 && $info[1] != 64 || $info['mime'] != 'image/png') {
error_log(print_r(getimagesize($tmp), true));
return FALSE;
}
$link = newdb();
$stmt = $link->prepare("SELECT skin FROM players WHERE player=?");
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($oldskin);
$stmt->fetch();
$stmt->free_result();
if ($oldskin and is_readable("./Skins/" . $oldskin)) {
unlink("./Skins/" . $oldskin);
}
$newskin = getGUID(false) . getGUID(false);
$stmt = $link->prepare("UPDATE players SET skin=? WHERE player=?");
$stmt->bind_param('ss', $newskin, $user);
$stmt->execute();
if (!rename($tmp, "./Skins/" . $newskin)) {
return FALSE;
}
return TRUE;
}
}
$cIngred5 = $cIngred5 - $rIngred5;
$numValid++;
}
if ($numValid < 1) {
returnFailedAllocate();
}
// echo "got past ingred compares\n";
$query = "UPDATE orderTable SET ing0=" . $cIngred0 . ", ing1=" . $cIngred1 . ", ing2=" . $cIngred2 . ", ing3=" . $cIngred3 . ", ing4=" . $cIngred4 . ", ing5=" . $cIngred5 . " WHERE orderID=\"0\"";
$result = mysqli_query($dbCon, $query);
if (!$result) {
// echo "Error updating reserved ingredients\n";
// echo mysqli_error($dbCon);
returnFailedAllocate();
}
date_default_timezone_set("America/New_York");
$date = date_create();
$time = date_timestamp_get($date);
$barcode = getGUID();
$query = 'INSERT INTO orderTable (orderID, ing0, ing1, ing2, ing3, ing4, ing5, orderTime) VALUES ("' . $barcode . '", ' . $rIngred0 . ', ' . $rIngred1 . ', ' . $rIngred2 . ', ' . $rIngred3 . ', ' . $rIngred4 . ', ' . $rIngred5 . ', ' . $time . ')';
$result = mysqli_query($dbCon, $query);
if (!$result) {
// echo "Error inserting new drink order\n";
// echo mysqli_error($dbCon);
returnFailedAllocate();
}
$createBarcodeImage = '/usr/local/bin/zint -b 92 --scale=10 -o /srv/http/barcodeImages/' . $barcode . '.png --data=' . $barcode;
exec($createBarcodeImage);
$expireTime = $time + 600;
$arr = array('barcode' => $barcode, 'expireTime' => $expireTime);
echo json_encode($arr);
<?php
// DB connection
include_once 'database.php';
$user = $_POST['email'];
$pass = $_POST['userkey'];
$md5password = md5($pass);
$GUID = getGUID();
$GUID = substr($GUID, 1, -1);
//echo $password;
$callback = isset($_GET['callback']) ? preg_replace('/[^a-z0-9$_]/si', '', $_GET['callback']) : false;
header('Content-Type: ' . ($callback ? 'application/javascript' : 'application/json') . ';charset=UTF-8');
$conn = mysql_connect($server, $username, $password) or die("Couldn't connect to MySQL" . mysql_error());
mysql_select_db($database, $conn) or die("Couldn't open {$test}: " . mysql_error());
$rows = array();
$update = mysql_query("UPDATE users SET accesstoken ='" . $GUID . "' WHERE email='" . $user . "'");
$rows["token"] = $GUID;
$result = mysql_query("SELECT users.id as userid, users.firstname, users.lastname, users.email, users.handle, users.profileimg, users.companyid, \n companies.name AS companyname, companies.img AS companyimg\n FROM users \n INNER JOIN companies \n ON companies.id=users.companyid WHERE users.email = '" . $user . "' AND users.userkey = '" . $md5password . "'");
while ($p = mysql_fetch_assoc($result)) {
$rows["user"][] = $p;
}
echo ($callback ? $callback . '(' : '') . json_encode($rows) . ($callback ? ')' : '');
mysql_close($conn);
function getGUID()
{
if (function_exists('com_create_guid')) {
return com_create_guid();
} else {
mt_srand((double) microtime() * 10000);
//optional for php 4.2.0 and up.
$charid = strtoupper(md5(uniqid(rand(), true)));
// If the username, the password, and the validation password POST variables exist
if (isset($_POST["username"]) || isset($_POST["password"]) || isset($_POST["vpassword"])) {
// Getting the username, the password, and the validation password
$username = $_POST["username"];
$password = $_POST["password"];
$vpassword = $_POST["vpassword"];
// If no one is empty
if (!empty($username) && !empty($password) && !empty($vpassword)) {
// Sending a request to the database to get a user with the same name as the given name
$req = Core\Queries::execute('SELECT * FROM openauth_users WHERE username=:username', ['username' => $username]);
// If the request is null, or is empty (so the user doesn't already exist)
if (is_null($req) || empty($req)) {
// If the password and the validation password are the same
if ($password == $vpassword) {
// Generating a new GUID
$guid = getGUID();
// Generating a new UUID
$uuid = md5(uniqid(rand(), true));
// Hashing the given password
$password = hash('sha256', $password);
// Sending a request to the database to add the user
Core\Queries::execute('INSERT INTO openauth_users (guid, uuid, username, password) VALUES (:guid, :uuid, :username, :password)', ['username' => $username, 'uuid' => $uuid, "password" => $password, 'guid' => $guid]);
// Setting the 'You are now suscribed' message
$notif = "Vous êtes bien inscrits !";
} else {
// Setting the 'Different passwords' message
$notif = 'Les mots de passe sont different !';
}
} else {
// Setting the 'User already exists' message
$notif = 'Le pseudo est déjà utilise !';
public function syncToDatabase()
{
$url = getGUID(40);
$sql = insert_sql("INSERT INTO ra_mail(user_guid, url, action) VALUES(?,?,?)", 'ssi', array($this->guid, $url, ACTIONRESETPASSWORD));
if ($sql) {
svMail($this->data['email'], "Registratie spullenverloten.nl", array(MAILUSERNAME => $this->username, MAILCODE => $url), 'reset');
$this->message = "Er zijn instructies verstuurd naar uw emailadres.";
$this->state = STATE_SUCCESS;
} else {
$this->message = "Er ging onverwacht iets mis. Probeer het later nog eens.";
}
}
$message = lg_phrase_no_matching_registration;
if (lg_debug) {
$dbMsg .= "Message: " . $message . "<br />\n";
}
}
}
if ($message == "") {
/*******************************************************************************************************************
* We have a valid, locked account, issue a new token and update the user table
*******************************************************************************************************************/
if (lg_debug) {
$dbMsg .= "Valid, locked account: Issue Token<br />\n";
}
$locked = "1";
$dateLocked = dbNow();
$token = sha1(getGUID());
if (lg_debug) {
$dbMsg .= "Locked = " . $locked . "<br />\n";
}
if (lg_debug) {
$dbMsg .= "dateLocked = " . $dateLocked . "<br />\n";
}
if (lg_debug) {
$dbMsg .= "Token = " . $token . "<br />\n";
}
ivt_issueToken($token, $locked, $dateLocked, $id);
if (lg_debug) {
$dbMsg = "numAffected = " . $numAffected . "<br />\n";
}
if ($numAffected == 1) {
/*******************************************************************************************************************
/**
* Do Upgrade
*/
function do_upgrade($h, $old_version)
{
$h->messages['Updating from ' . $old_version . ' <i class="fa fa-arrows-h"></i> ' . $h->version] = 'blue';
// can't upgrade from pre-1.0 versions of Hotaru.
// 1.0.0 to 1.3.0 updates all removed (check github for old code)
// 1.3.0 to 1.4.0
if ($old_version == "1.3.0") {
// Drop token_id column from the tokens table
if ($h->db->column_exists('tokens', 'token_id')) {
$h->db->query("ALTER TABLE " . DB_PREFIX . "tokens DROP token_id");
}
// update "old version" for next set of upgrades
$old_version = "1.4.0";
}
// 1.4.0 to 1.4.1
if ($old_version == "1.4.0") {
// update "old version" for next set of upgrades
$old_version = "1.4.1";
}
// 1.4.1 to 1.4.2
if ($old_version == "1.4.1") {
$h->messages['Updated from 1.4.1'] = 'green';
// Change post_title column from `post_title` varchar(255) NULL, to `post_title` text NULL,
$exists = $h->db->column_exists('posts', 'post_title');
if ($exists) {
$sql = "ALTER TABLE " . TABLE_POSTS . " MODIFY post_title text NULL";
$h->db->query($h->db->prepare($sql));
}
// remove multi-site option from settings
$sql = "DELETE FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$h->db->query($h->db->prepare($sql, 'MULTI_SITE'));
//tables to remove site_id from:
$tables = array('blocked' => 'blocked', 'categories' => 'category', 'comments' => 'comment', 'plugins' => 'plugin', 'miscdata' => 'miscdata', 'pluginsettings' => 'pluginsetting', 'posts' => 'post', 'settings' => 'settings', 'tags' => 'tag', 'users' => 'user', 'widgets' => 'widget');
// Remove site_id columns
foreach ($tables as $table => $column) {
if ($exists = $h->db->column_exists($table, $column . '_siteid')) {
// Remove column
$sql = "ALTER TABLE " . DB_PREFIX . $table . " DROP " . $column . "_siteid";
$h->db->query($sql);
}
// Remove site_id indices
$sql = "SHOW INDEX FROM `" . DB_PREFIX . $table . "` WHERE KEY_NAME = '" . $column . "_siteid'";
$result = $h->db->query($sql);
if ($result) {
$sql = "DROP INDEX " . $column . "_siteid ON " . DB_PREFIX . $table;
$h->db->query($sql);
}
}
// Drop unique site_id keys
$sql = "ALTER TABLE `" . TABLE_CATEGORIES . "` DROP INDEX `key`";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_CATEGORIES . "` ADD UNIQUE KEY `key` (`category_name`)";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_PLUGINS . "` DROP INDEX `key`";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_PLUGINS . "` ADD UNIQUE KEY `key` (`plugin_folder`)";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_SETTINGS . "` DROP INDEX `key`";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_SETTINGS . "` ADD UNIQUE KEY `key` (`settings_name`)";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_TAGS . "` DROP INDEX `key`";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_TAGS . "` ADD UNIQUE KEY `key` (`tags_post_id`, `tags_word`)";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_USERS . "` DROP INDEX `key`";
$h->db->query($sql);
$sql = "ALTER TABLE `" . TABLE_USERS . "` ADD UNIQUE KEY `key` (`user_username`)";
$h->db->query($sql);
// Drop Site table
$sql = 'DROP TABLE IF EXISTS `' . DB_PREFIX . 'site`;';
$h->db->query($sql);
// Drop Relates table
$sql = 'DROP TABLE IF EXISTS `' . DB_PREFIX . 'relates`;';
$h->db->query($sql);
// remove the "1" cache folder if permissions allow, otherwise error messages supressed.
if (is_dir(CACHE . '1')) {
if (is_dir(CACHE . '1/db_cache')) {
$h->deleteFiles(CACHE . '1/db_cache');
@rmdir(CACHE . '1/db_cache');
}
if (is_dir(CACHE . '1/css_js_cache')) {
$h->deleteFiles(CACHE . '1/css_js_cache');
@rmdir(CACHE . '1/css_js_cache');
}
if (is_dir(CACHE . '1/rss_cache')) {
$h->deleteFiles(CACHE . '1/rss_cache');
@rmdir(CACHE . '1/rss_cache');
}
if (is_dir(CACHE . '1/lang_cache')) {
$h->deleteFiles(CACHE . '1/lang_cache');
@rmdir(CACHE . '1/lang_cache');
}
if (is_dir(CACHE . '1/html_cache')) {
$h->deleteFiles(CACHE . '1/html_cache');
@rmdir(CACHE . '1/html_cache');
}
if (is_dir(CACHE . '1/debug_logs')) {
$h->deleteFiles(CACHE . '1/debug_logs');
@rmdir(CACHE . '1/debug_logs');
}
if (file_exists(CACHE . '1/smartloader_cache.php')) {
@unlink(CACHE . '1/smartloader_cache.php');
}
@rmdir(CACHE . '1');
}
// update "old version" for next set of upgrades
$old_version = "1.4.2";
}
// 1.4.2 to 1.5.0
if ($old_version == "1.4.2") {
$h->messages['Updated from 1.4.2'] = 'green';
// update "old version" for next set of upgrades
$old_version = "1.5.0";
}
// 1.5.0 to 1.5.1
if (version_compare($old_version, "1.4.2") < '<=') {
// should set an upper limit here later
// Need to cover all of the 1.5.0.RCx verson as well
// Add a few new settings
$exists = $h->db->column_exists('settings', 'settings_id');
if ($exists) {
$newSettings = array('FTP_SITE', 'FTP_USERNAME', 'FTP_PASSWORD');
foreach ($newSettings as $setting) {
$sql = "SELECT settings_name FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$result = $h->db->get_var($h->db->prepare($sql, $setting));
if (!$result) {
$sql = "INSERT INTO " . TABLE_SETTINGS . " (settings_name, settings_value, settings_default, settings_note, settings_show) VALUES(%s, %s, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, $setting, ' ', ' ', ' ', 1));
}
}
}
// drop joint primary key to postvotes table if exists
// should not be there
$sql = "SHOW INDEX FROM " . TABLE_POSTVOTES . " WHERE KEY_NAME = %s";
$result = $h->db->get_row($h->db->prepare($sql, 'PRIMARY'));
if ($result) {
$sql = "ALTER TABLE " . TABLE_POSTVOTES . " DROP PRIMARY KEY";
$h->db->query($h->db->prepare($sql));
}
$h->messages['Updated from 1.5.0, 1.5.1'] = 'green';
// update "old version" for next set of upgrades
$old_version = "1.5.1";
}
// 1.5.1 to 1.5.2
if (version_compare($old_version, "1.5.2", '<=') > 0) {
// this will also cover 1.5.2.b1 etc but need an upper limit
$sql = "SHOW INDEX FROM `" . TABLE_POSTS . "` WHERE KEY_NAME = %s";
$result = $h->db->get_row($h->db->prepare($sql, 'post_author'));
if (!$result) {
$sql = "ALTER TABLE `" . TABLE_POSTS . "` ADD INDEX (`post_author`)";
$h->db->query($sql);
}
$sql = "SHOW INDEX FROM " . TABLE_COMMENTS . " WHERE KEY_NAME = %s";
$result = $h->db->get_row($h->db->prepare($sql, 'comment_user_id'));
if (!$result) {
$sql = "ALTER TABLE `" . TABLE_COMMENTS . "` ADD INDEX (`comment_user_id`)";
$h->db->query($sql);
}
$sql = "SHOW INDEX FROM " . TABLE_COMMENTS . " WHERE KEY_NAME = %s";
$result = $h->db->get_row($h->db->prepare($sql, 'comment_parent'));
if (!$result) {
$sql = "ALTER TABLE `" . TABLE_COMMENTS . "` ADD INDEX (`comment_parent`)";
$h->db->query($sql);
}
$sql = "SHOW INDEX FROM " . TABLE_MESSAGING . " WHERE KEY_NAME = %s";
$result = $h->db->get_row($h->db->prepare($sql, 'message_to'));
if (!$result) {
$sql = "ALTER TABLE `" . TABLE_MESSAGING . "` ADD INDEX (`message_to`)";
$h->db->query($sql);
}
// change NULL value setings in settings table
$sql = "ALTER TABLE " . TABLE_SETTINGS . " MODIFY `settings_name` varchar(64) NOT NULL";
$h->db->query($sql);
$sql = "ALTER TABLE " . TABLE_SETTINGS . " MODIFY `settings_value` text NULL";
$h->db->query($sql);
$sql = "ALTER TABLE " . TABLE_SETTINGS . " MODIFY `settings_default` text NULL";
$h->db->query($sql);
$sql = "ALTER TABLE " . TABLE_SETTINGS . " MODIFY `settings_note` text NULL";
$h->db->query($sql);
// should we hash the settings table on this version
// should we urldecode the cats and save them back
$h->messages['Updated from 1.5.2.b/rc'] = 'green';
// update "old version" for next set of upgrades
$old_version = "1.5.2";
}
// 1.5.2 to 1.6.0
if (version_compare($old_version, "1.5.2", '<=') > 0) {
// this will also cover 1.5.2.b1 etc but need an upper limit
// Add a few new settings
$exists = $h->db->column_exists('settings', 'settings_id');
if ($exists) {
$newSettings = array('REST_API');
// add more to array as requird
foreach ($newSettings as $setting) {
$sql = "SELECT settings_name FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$result = $h->db->get_var($h->db->prepare($sql, $setting));
if (!$result) {
$sql = "INSERT INTO " . TABLE_SETTINGS . " (settings_name, settings_value, settings_default, settings_note, settings_show) VALUES(%s, %s, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, $setting, 'false', 'false', ' ', 1));
}
}
}
$h->messages['Updated from 1.5.2'] = 'green';
// update "old version" for next set of upgrades
$old_version = "1.6.0";
}
// 1.6.0 to 1.6.6
if (version_compare($old_version, "1.6.0", '<=') > 0) {
// Add columns to plugins table for resources from forum to plugin into
$exists = $h->db->column_exists('plugins', 'plugin_resourceId');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_PLUGINS . " ADD Column `plugin_resourceId` int(11) NOT NULL DEFAULT 0";
$h->db->query($sql);
}
$exists = $h->db->column_exists('plugins', 'plugin_resourceVersionId');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_PLUGINS . " ADD Column `plugin_resourceVersionId` int(11) NOT NULL DEFAULT 0";
$h->db->query($sql);
}
$exists = $h->db->column_exists('plugins', 'plugin_rating');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_PLUGINS . " ADD Column `plugin_rating` varchar(8) NOT NULL DEFAULT '0.0'";
$h->db->query($sql);
}
// Add a few new settings
$exists = $h->db->column_exists('settings', 'settings_id');
if ($exists) {
$newSettings = array('FORUM_USERNAME', 'FORUM_PASSWORD');
// add more to array as requird
foreach ($newSettings as $setting) {
$sql = "SELECT settings_name FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$result = $h->db->get_var($h->db->prepare($sql, $setting));
if (!$result) {
$sql = "INSERT INTO " . TABLE_SETTINGS . " (settings_name, settings_value, settings_default, settings_note, settings_show) VALUES(%s, %s, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, $setting, '', '', 'Need for auto updates', 1));
}
}
}
$h->messages['Updated from 1.6.*'] = 'green';
// update "old version" for next set of upgrades
}
// 1.6.6 to 1.7.0
if (version_compare($old_version, "1.7.0", '<=') > 0) {
$sql = "SHOW INDEX FROM " . TABLE_POSTS . " WHERE Key_name = %s";
$result = $h->db->get_row($h->db->prepare($sql, 'post_category'));
if (!$result) {
$sql = "ALTER TABLE `" . TABLE_POSTS . "` ADD INDEX (`post_category`)";
$h->db->query($sql);
}
// delete out any surplus indices from Post table
$sql = "SHOW INDEX FROM " . TABLE_POSTS . " WHERE KEY_NAME like %s";
$result = $h->db->get_results($h->db->prepare($sql, 'post_category_%'));
if ($result) {
foreach ($result as $item) {
$sql = "DROP INDEX `" . $item->Key_name . "` ON " . TABLE_POSTS;
$h->db->query($sql);
}
}
// delete out any surplus indices from Messaging table
$sql = "SHOW INDEX FROM " . TABLE_MESSAGING . " WHERE KEY_NAME like %s";
$result = $h->db->get_results($h->db->prepare($sql, 'message_to_%'));
if ($result) {
foreach ($result as $item) {
$sql = "DROP INDEX `" . $item->Key_name . "` ON " . TABLE_MESSAGING;
$h->db->query($sql);
}
}
// delete out any surplus indices from Comments table
$sql = "SHOW INDEX FROM " . TABLE_COMMENTS . " WHERE KEY_NAME like %s";
$result = $h->db->get_results($h->db->prepare($sql, 'comment_user_id_%'));
if ($result) {
foreach ($result as $item) {
$sql = "DROP INDEX `" . $item->Key_name . "` ON " . TABLE_COMMENTS;
$h->db->query($sql);
}
}
// delete out any surplus indices from Comments table
$sql = "SHOW INDEX FROM " . TABLE_COMMENTS . " WHERE KEY_NAME like %s";
$result = $h->db->get_results($h->db->prepare($sql, 'comment_parent_%'));
if ($result) {
foreach ($result as $item) {
$sql = "DROP INDEX `" . $item->Key_name . "` ON " . TABLE_COMMENTS;
$h->db->query($sql);
}
}
// Add userlogin table
$table_name = "userlogin";
$exists = $h->db->table_exists($table_name);
if (!$exists) {
$sql = "CREATE TABLE `" . DB_PREFIX . $table_name . "` (\n `user_id` int(20) NOT NULL,\n `login_provider` varchar(128) NULL,\n `provider_key` varchar(128) NULL,\n `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n INDEX (`user_id`)\n ) ENGINE=" . DB_ENGINE_INNODB . " DEFAULT CHARSET=" . DB_CHARSET . " COLLATE=" . DB_COLLATE . " COMMENT='3rd Party UserLogin Providers';";
$h->db->query($sql);
}
// Add user_claim table
$table_name = "userclaim";
$exists = $h->db->table_exists($table_name);
if (!$exists) {
$sql = "CREATE TABLE `" . DB_PREFIX . $table_name . "` (\n `claim_id` int(20) NOT NULL AUTO_INCREMENT PRIMARY KEY,\n `user_id` int(20) NOT NULL,\n `claim_type` TEXT NULL,\n `claim_value` TEXT NULL,\n INDEX (`user_id`)\n ) ENGINE=" . DB_ENGINE_INNODB . " DEFAULT CHARSET=" . DB_CHARSET . " COLLATE=" . DB_COLLATE . " COMMENT='UserClaim for login';";
$h->db->query($sql);
}
// Add or change type in Posts table for post_img
$exists = $h->db->column_exists('posts', 'post_img');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_POSTS . " ADD Column `post_img` varchar(255) NULL";
$h->db->query($sql);
} else {
// make sure it is a varchar not a text field
$sql = "ALTER TABLE " . TABLE_POSTS . " MODIFY `post_img` varchar(255) NULL";
$h->db->query($sql);
}
// Add column to POSTS table for comment_count
$exists = $h->db->column_exists('posts', 'post_comments_count');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_POSTS . " ADD Column `post_comments_count` smallint(11) NOT NULL DEFAULT '0'";
$h->db->query($sql);
}
// Add column to SETTINGS table for setting_type
$exists = $h->db->column_exists('settings', 'settings_type');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_SETTINGS . " ADD Column `settings_type` varchar(32) NULL";
$h->db->query($sql);
}
// Add column to SETTINGS table for setting_subType
$exists = $h->db->column_exists('settings', 'settings_subType');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_SETTINGS . " ADD Column `settings_subType` varchar(32) NULL";
$h->db->query($sql);
}
// Add column to USERS table for `user_is_locked_out`
$exists = $h->db->column_exists('users', 'user_is_locked_out');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_USERS . " ADD Column `user_is_locked_out` tinyint(1) NOT NULL DEFAULT 0 AFTER `user_email_conf`";
$h->db->query($sql);
}
// Add column to USERS table for `user_access_failed_count`
$exists = $h->db->column_exists('users', 'user_access_failed_count');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_USERS . " ADD Column `user_access_failed_count` tinyint(1) NOT NULL DEFAULT 0";
$h->db->query($sql);
}
// Add column to USERS table for `user_last_password_changed_date`
$exists = $h->db->column_exists('users', 'user_last_password_changed_date');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_USERS . " ADD Column `user_last_password_changed_date` timestamp NULL";
$h->db->query($sql);
}
// Add column to USERS table for `user_lockout_date`
$exists = $h->db->column_exists('users', 'user_lockout_date');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_USERS . " ADD Column `user_lockout_date` timestamp NULL";
$h->db->query($sql);
}
// Add column to USERS table for `password_version`. set default as 1 to populate all current data as version 1
$exists = $h->db->column_exists('users', 'password_version');
if (!$exists) {
$sql = "ALTER TABLE " . TABLE_USERS . " ADD Column `password_version` tinyint(1) NOT NULL DEFAULT 1 AFTER `user_email_conf`";
$h->db->query($sql);
}
// modify default value to 2 for new paswords from now on
$exists = $h->db->column_exists('users', 'password_version');
if ($exists) {
$sql = "ALTER TABLE " . TABLE_USERS . " MODIFY Column `password_version` tinyint(1) NOT NULL DEFAULT 2";
$h->db->query($sql);
}
// Add a few new settings
$exists = $h->db->column_exists('settings', 'settings_id');
if ($exists) {
$newSettings = array('JQUERY_PATH', 'BOOTSTRAP_PATH');
// add more to array as requird
foreach ($newSettings as $setting) {
$sql = "SELECT settings_name FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$result = $h->db->get_var($h->db->prepare($sql, $setting));
if (!$result) {
$sql = "INSERT INTO " . TABLE_SETTINGS . " (settings_name, settings_type, settings_subType, settings_value, settings_default, settings_note, settings_show) VALUES(%s, %s, %s, %s, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, $setting, 'Perf', 'Files', 'local', 'local', 'Local/CDN', 1));
}
}
$newSettings = array('MINIFY_CSS', 'MINIFY_JS');
// add more to array as requird
foreach ($newSettings as $setting) {
$sql = "SELECT settings_name FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$result = $h->db->get_var($h->db->prepare($sql, $setting));
if (!$result) {
$sql = "INSERT INTO " . TABLE_SETTINGS . " (settings_name, settings_type, settings_subType, settings_value, settings_default, settings_note, settings_show) VALUES(%s, %s, %s, %s, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, $setting, 'Perf', 'Scripts', 'false', 'false', '', 1));
}
}
}
$sql = "SHOW INDEX FROM " . TABLE_COMMENTS . " WHERE KEY_NAME = %s";
$result = $h->db->get_row($h->db->prepare($sql, 'comment_post_id'));
if (!$result) {
$sql = "ALTER TABLE `" . TABLE_COMMENTS . "` ADD INDEX (`comment_post_id`)";
$h->db->query($sql);
}
// Change all tabels to have their updatedts named as just updated_at
$tablesChangeNameUpdatedCol = array('blocked' => 'blocked', 'categories' => 'category', 'comments' => 'comment', 'commentvotes' => 'cvote', 'friends' => 'friends', 'posts' => 'post', 'messaging' => 'message', 'miscdata' => 'miscdata', 'plugins' => 'plugin', 'pluginhooks' => 'plugin', 'pluginsettings' => 'plugin', 'postmeta' => 'postmeta', 'postvotes' => 'vote', 'settings' => 'settings', 'tags' => 'tags', 'tempdata' => 'tempdata', 'users' => 'user', 'usermeta' => 'usermeta', 'useractivity' => 'useract', 'widgets' => 'widget');
foreach ($tablesChangeNameUpdatedCol as $table => $col) {
$newCol = $col . '_updatedts';
$exists = $h->db->column_exists($table, 'updated_at');
if ($exists) {
$sql = "ALTER TABLE " . DB_PREFIX . $table . " CHANGE `updated_at` `" . $newCol . "` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP";
$h->db->query($sql);
}
}
$sql = "UPDATE " . TABLE_SETTINGS . " SET settings_type = 'Mail' WHERE settings_name like 'SMTP%'";
$h->db->query($sql);
$sql = "UPDATE " . TABLE_SETTINGS . " SET settings_type = 'Security' WHERE settings_name like 'FTP%' OR settings_name like 'FORUM%'";
$h->db->query($sql);
$sql = "UPDATE " . TABLE_SETTINGS . " SET settings_type = 'Perf' WHERE settings_name like '%CACHE%'";
$h->db->query($sql);
// REMOVE TOKENS TABLE
$exists = $h->db->table_exists('tokens');
if ($exists) {
$sql = "DROP TABLE " . DB_PREFIX . 'tokens';
$h->db->query($sql);
}
$h->messages['Updated from 1.6.6'] = 'green';
}
// 1.7.0 to 1.7.1
if (version_compare($old_version, "1.7.1", '<=') > 0) {
// this will also cover other versions in between but need an upper limit
$setting = 'HOTARU_API_KEY';
$sql = "SELECT settings_name FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$result = $h->db->get_var($h->db->prepare($sql, $setting));
if (!$result) {
$sql = "INSERT INTO " . TABLE_SETTINGS . " (settings_name, settings_type, settings_subType, settings_value, settings_default, settings_note, settings_show) VALUES(%s, %s, %s, %s, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, $setting, 'Security', '', getGUID(), '', '', 1));
}
$setting = 'HOTARUCMS_COM_CONNECTED';
$sql = "SELECT settings_name FROM " . TABLE_SETTINGS . " WHERE settings_name = %s";
$result = $h->db->get_var($h->db->prepare($sql, $setting));
if (!$result) {
$sql = "INSERT INTO " . TABLE_SETTINGS . " (settings_name, settings_type, settings_subType, settings_value, settings_default, settings_note, settings_show) VALUES(%s, %s, %s, %s, %s, %s, %s)";
$h->db->query($h->db->prepare($sql, $setting, 'Security', '', 'false', 'false', '', 1));
}
// SPAM LOG - spamlog
$exists = $h->db->table_exists('spamlog');
if (!$exists) {
$sql = "CREATE TABLE `" . DB_PREFIX . "spamlog` (\n `spamlog_id` int(20) NOT NULL AUTO_INCREMENT PRIMARY KEY,\n `spamlog_email` varchar(64) NULL,\n `spamlog_pluginfolder` varchar(64) NULL,\n `spamlog_type` tinyint(1) NOT NULL DEFAULT 0,\n `spamlog_updatedts` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n INDEX (`spamlog_pluginfolder`),\n INDEX (`spamlog_type`)\n ) ENGINE=" . DB_ENGINE_INNODB . " DEFAULT CHARSET=" . DB_CHARSET . " COLLATE=" . DB_COLLATE . " COMMENT='SpamLog';";
$h->db->query($sql);
}
$h->messages['Updated from 1.7.0'] = 'green';
// TODO add column for settings_disabled (default is false)
// which indicates whether user can change setting manually on settings page
}
/*
*
* Update Hotaru version number to the database (referred to when upgrading)
* This is always the final step of the upgrade
*
*/
$sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_key = %s, miscdata_value = %s, miscdata_default = %s WHERE miscdata_key = %s";
$h->db->query($h->db->prepare($sql, 'hotaru_version', $h->version, $h->version, 'hotaru_version'));
}
/**
* Admin Pages
*/
public function pages($h, $page = 'admin_login')
{
$h->vars['admin_sidebar_layout'] = 'vertical';
$h->sidebars = true;
$h->pluginHook('admin_pages');
switch ($page) {
case "admin_login":
$h->sidebars = false;
$h->adminLoginLogout('login');
break;
case "admin_logout":
$h->adminLoginLogout('logout');
break;
case "admin_news":
echo $h->adminNews(10, 3, 300);
die;
case "systeminfo_feedback":
$sysInfo = SystemInfo::instance();
$sysInfo->hotaru_feedback($h);
die;
case "admin_account":
$h->vars['admin_account'] = $this->adminAccount($h);
break;
case "settings":
$h->vars['admin_settings'] = $this->settings($h);
break;
case "maintenance":
$this->maintenanceAction($h);
$h->vars['admin_plugin_settings'] = $this->listPluginSettings($h);
$h->vars['admin_plugin_tables'] = $this->listDbTables($h, true);
break;
case "blocked":
$h->vars['admin_blocked_list'] = $this->blocked($h);
break;
case "pages_management":
$h->vars['admin_pages_array'] = $this->getPages($h);
break;
case "pages_management_edit":
$h->vars['admin_edit_page'] = $h->cage->get->testAlnumLines('filename');
break;
case "plugin_management":
$h->vars['admin_settings'] = $this->settings($h);
$this->adminPlugins($h);
break;
case "plugin_management_beta_search":
break;
case "theme_management":
break;
case "spam_management":
break;
case "ajax_stats":
$this->ajaxStats($h);
die;
break;
case "stats_users":
break;
case "media":
$h->vars['media_folder'] = $h->cage->get->testAlnumLines('folder');
break;
case "ajax_loginforum":
$ch = $h->loginForum(FORUM_USERNAME, FORUM_PASSWORD);
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($statusCode == 303) {
$error = false;
$message = 'Success';
} else {
$error = true;
$message = 'Password Failed';
}
print json_encode(array('error' => $error, 'message' => $message));
die;
case "ajax_getHotaruApiKey":
// call api on api.hotarucms.org with site details
$newApiKey = getGUID();
\Hotaru\Models2\Setting::makeUpdate($h, 'HOTARU_API_KEY', $newApiKey);
$error = false;
$message = "API Key Reset";
print json_encode(array('error' => $error, 'message' => $message, 'apiKey' => $newApiKey));
die;
case "plugin_search":
$h->vars['admin_sidebar_layout'] = 'horizontal';
//$this->adminPluginSearch($h);
break;
case "plugin_settings":
$h->vars['settings_plugin'] = $h->cage->get->testAlnumLines('plugin');
// get plugin name from url
if (!$h->vars['settings_plugin']) {
$h->vars['settings_plugin'] = $h->cage->post->testAlnumLines('plugin');
// get plugin name from form
}
$h->vars['plugin_settings_csrf_error'] = '';
if ($h->cage->post->testAlpha('submitted') == 'true') {
$h->vars['plugin_settings_csrf_error'] = !$h->csrf() ? true : false;
}
$alt_template = $h->cage->get->testPage('alt_template');
if ($alt_template) {
$h->template($alt_template, $h->vars['settings_plugin']);
exit;
}
break;
case "theme_settings":
$h->vars['settings_theme'] = $h->cage->get->testAlnumLines('theme');
// get plugin name from url
if (!$h->vars['settings_theme']) {
$h->vars['settings_theme'] = $h->cage->post->testAlnumLines('theme');
// get plugin name from form
}
$h->vars['theme_settings_csrf_error'] = '';
if ($h->cage->post->testAlpha('submitted') == 'true') {
$h->vars['theme_settings_csrf_error'] = !$h->csrf() ? true : false;
}
break;
default:
// we need this because it's not specified in the url:
$h->pageName = 'admin_home';
break;
}
// Display the main theme's index.php template
$h->template('admin_index');
}
//rowkey를 위해 guid 생성
function getGUID()
{
if (function_exists('com_create_guid')) {
return com_create_guid();
} else {
mt_srand((double) microtime() * 10000);
//optional for php 4.2.0 and up.
$charid = strtoupper(md5(uniqid(rand(), true)));
$hyphen = chr(45);
// "-"
$uuid = chr(123) . substr($charid, 0, 8) . $hyphen . substr($charid, 8, 4) . $hyphen . substr($charid, 12, 4) . $hyphen . substr($charid, 16, 4) . $hyphen . substr($charid, 20, 12) . chr(125);
// "}"
return $uuid;
}
}
$dwguid = getGUID();
//guid 처리
$entity = new Entity();
$entity->setPartitionKey("VSTechUp");
$entity->setRowKey($dwguid);
$entity->addProperty("Description", null, "VS가 쵝오에요~");
$entity->addProperty("DueDate", EdmType::DATETIME, new DateTime("2015-11-14T08:15:00-08:00"));
$entity->addProperty("Location", EdmType::STRING, "광화문");
try {
$tableRestProxy->insertEntity("phptable", $entity);
//테이블명
} catch (ServiceException $e) {
$code = $e->getCode();
$error_message = $e->getMessage();
}
function getPhysicalDevices()
{
$physical_devices_request = "<BaseRequest xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"GetAllPhysicalDeviceStatesRequest\" Version=\"1.70\" RequestId=\"" . $this->uuid . "\" SessionId=\"" . $this->session_id . "\" />";
$request = Request::post('https://' . $this->host . '/cmd')->body($physical_devices_request);
$request->addHeader('clientId', getGUID());
$request->sendsType('text/xml');
$response = $request->send();
error_log($response->raw_body);
}
// обрабатываем пачками, чтобы не перегрузить сервер
$sql = "update Emails_Notify " . "set InProcess = 1 " . "order by CreateDate " . "limit 100;";
GetMainConnection()->exec($sql);
// создаем задания на рассылку по списку рассылки (только для акти)
$sql = "insert into Emails_ToSend(RecordGUID, CreateDate, Priority, FromEmail, FromName, ToEmail, Subject, Body) " . "select UUID(), N.CreateDate, 120, '*****@*****.**', 'Карапуз', NR.Email, N.Subject, N.Body " . "from Emails_Notify as N " . "left outer join Emails_NotifyRecipients as NR on ((N.DocumentType = NR.DocumentType) and (N.DocumentID = NR.DocumentID)) " . "where (N.InProcess = 1) " . "and (lower(N.OwnerEmail) <> lower(NR.Email)) " . "and (coalesce(NR.Email, '') <> '');";
GetMainConnection()->exec($sql);
// удаление обработанной пачки записей из Emails_Notify
$sql = "delete from Emails_Notify where InProcess = 1;";
GetMainConnection()->exec($sql);
usleep(50);
// in msec
}
}
$vContinueProcessing = true;
while ($vContinueProcessing) {
$vProcessingGUID = getGUID();
$sql = "update Emails_ToSend " . "set ProcessingDate = '" . GetLocalDateTimeAsSQLStr() . "', " . "ProcessingGUID = '{$vProcessingGUID}', " . "CountAttempts = CountAttempts+1 " . "where ((ProcessingGUID is null) or ((ProcessingDate is not null) and (ProcessingDate < '" . GetLocalDateTime()->modify('-5 minutes')->format('Y-m-d H:i:s') . "'))) " . "and (CountAttempts < 3) " . "order by Priority, CreateDate " . "limit 1;";
GetMainConnection()->exec($sql);
$sql = "select RecordGUID, CreateDate, CountAttempts, FromEmail, FromName, ToEmail, ToName, CopyToEmail, BlindCopyToEmail, Subject, Body, UseTemplate " . "from Emails_ToSend " . "where (ProcessingGUID = '{$vProcessingGUID}') " . "limit 1;";
$rec = GetMainConnection()->query($sql)->fetch();
if (empty($rec['RecordGUID'])) {
$vContinueProcessing = false;
} else {
if (!isset($mail)) {
$mail = new PHPMailer();
$mail->setLanguage('ru');
$mail->CharSet = 'utf-8';
//$mail->SMTPDebug = 3; // Enable verbose debug output
$mail->isSMTP();
// Set mailer to use SMTP
//$mail->Timeout = 10;
?>
</tbody>
</table>
</div>
</div>
<div class="tab-pane" id="condensed">
<div class="box-content">
<form action="index.php?page=addbeacon&mID=<?php
echo $_REQUEST['mID'];
?>
" class='validate form-horizontal' method="post" name="addbeacon" enctype="multipart/form-data">
<div class="control-group">
<label for="title" class="control-label">UUID</label>
<div class="controls">
<input type="text" name="uuid" value="<?php
echo getGUID();
?>
" class='{required:true} span8'>
</div>
</div>
<div class="control-group">
<label for="title" class="control-label">Offer</label>
<div class="controls">
<select name='offer_id' class='span8'>
<option value='0'> </option>
<?php
$sql = "SELECT offer.id, offer.title FROM offer LEFT JOIN beacon ON offer.id = beacon.`offer_id` WHERE beacon.id IS NULL AND offer.`merchant_id` = {$_REQUEST['mID']}";
$res = mysql_query($sql);
while ($row = mysql_fetch_assoc($res)) {
printf("<option value='%s'>%s</option>", $row['id'], $row['title']);
}
