function __construct($pagename) { set_error_handler("debug_handler"); if (ini_get("magic_quotes_gpc") !== false and get_magic_quotes_gpc()) { modify::stripslashes($_REQUEST); } if (ini_get("register_globals")) { modify::dropglobals(); } @ignore_user_abort(0); self::$time_start = sys_get_microtime(); if (!sql_connect(SETUP_DB_HOST, SETUP_DB_USER, sys_decrypt(SETUP_DB_PW, sha1(SETUP_ADMIN_USER)), SETUP_DB_NAME)) { $err = sprintf("{t}Cannot connect to database %s on %s.{/t}\n", SETUP_DB_NAME, SETUP_DB_HOST) . sql_error(); trigger_error($err, E_USER_ERROR); sys_die($err); } session_set_cookie_params(2592000); // 1 month session_name(SESSION_NAME); session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_none", "_login_session_destroy", "_login_session_none"); session_start(); header("Cache-Control: private, max-age=1, must-revalidate"); header("Pragma: private"); $this->template = new template(); $this->pagename = $pagename; class_exists("modify"); // load class }
/** * Exec de la page de destruction des tables de SPIP **/ function exec_base_delete_all_dist() { include_spip('inc/autoriser'); if (!autoriser('detruire')) { include_spip('inc/minipres'); echo minipres(); } else { include_spip('base/dump'); $res = base_lister_toutes_tables('', array(), array(), true); if (!$res) { include_spip('inc/minipres'); spip_log("Erreur base de donnees"); echo minipres(_T('info_travaux_titre'), _T('titre_probleme_technique') . "<p><tt>" . sql_errno() . " " . sql_error() . "</tt></p>"); } else { $res = base_saisie_tables('delete', $res); include_spip('inc/headers'); $res = "\n<ol style='text-align:left'><li>\n" . join("</li>\n<li>", $res) . '</li></ol>'; $admin = charger_fonction('admin', 'inc'); $res = $admin('delete_all', _T('titre_page_delete_all'), $res); if (!$res) { redirige_url_ecrire('install', ''); } else { echo $res; } } } }
function bb2_db_query($query) { $result = sql_query($query); if (sql_error()) { return FALSE; } return $result; }
function db_connect() { $link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword); if (!$link_id) { die("Conexão falhou ao host {$dbhost} base {$default_dbname}.<br>" . sql_error($link_id)); } else { mysql_select_db($dbname, $link_id); } return $link_id; }
function get_cip_id() { $query = "select cip_id from " . TABLE_CIP . " where cip_folder_name='" . $this->contrib . "' "; $result = cip_db_query($query); if ($result === false) { $this->error(sql_error($query)); } else { $installed = vam_db_fetch_array($result); return $installed['cip_id']; } }
/** * Action de réparation de la base de données * * Tente de réparer les tables, recalcule les héritages et secteurs * de rubriques. Affiche les erreurs s'il y en a eu. * * @pipeline_appel base_admin_repair * @uses admin_repair_tables() * @uses calculer_rubriques() * @uses propager_les_secteurs() * * @param string $titre Inutilisé * @param string $reprise Inutilisé **/ function base_repair_dist($titre = '', $reprise = '') { $res = admin_repair_tables(); if (!$res) { $res = "<div class='error'>" . _T('avis_erreur_mysql') . ' ' . sql_errno() . ': ' . sql_error() . "</div>\n"; } else { include_spip('inc/rubriques'); calculer_rubriques(); propager_les_secteurs(); } include_spip('inc/minipres'); $res .= pipeline('base_admin_repair', $res); echo minipres(_T('texte_tentative_recuperation'), $res . generer_form_ecrire('accueil', '', '', _T('public:accueil_site'))); }
function db_connect($dbname) { global $dbhost, $dbusername, $dbuserpassword, $default_dbname; global $MYSQL_ERRNO, $MYSQL_ERROR; $link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword); if (!$link_id) { die("Conexão falhou ao host {$dbhost} base {$default_dbname}.<br>"); } elseif (empty($dbname)) { if (!mysql_select_db($default_dbname, $link_id)) { die(sql_error($link_id)); } } elseif (!mysql_select_db($dbname, $link_id)) { die(sql_error($link_id)); } return $link_id; }
function save_config($config, $holder, $redirect, $save_blocks = true) { global $form, $lang_system, $lang_admin; if ($save_blocks) { $form['blocks'] = $_POST['blocks'] ? count($_POST['blocks']) == $_POST['blocks_count'] ? '' : implode(', ', $_POST['blocks']) : 'NULL'; } foreach ($form as $key => $value) { if (isset($config[$key]) && $config[$key] != $value) { $value ? sql_query(' UPDATE ' . DB_PREFIX . 'config SET content = ' . (is_numeric($value) ? $value : '"' . $value . '"') . ' WHERE name = "' . $key . '" AND holder = "' . $holder . '"') : sql_query('DELETE FROM ' . DB_PREFIX . 'config WHERE name = "' . $key . '" AND holder = "' . $holder . '"'); } elseif (!isset($config[$key]) && $value) { sql_query(' INSERT INTO ' . DB_PREFIX . 'config (holder, name, content) VALUES ("' . $holder . '", "' . $key . '", ' . (is_numeric($value) ? (int) $value : '"' . $value . '"') . ')'); } } sql_error() ? negative(array($lang_system['ERROR_SQL'], sql_error())) : positive($lang_admin['SAVED_SUCCESSFUL']) . redirect($redirect); }
/** mrbsCheckFree() * * Check to see if the time period specified is free * * $room_id - Which room are we checking * $starttime - The start of period * $endtime - The end of the period * $ignore - An entry ID to ignore, 0 to ignore no entries * $repignore - A repeat ID to ignore everything in the series, 0 to ignore no series * * Returns: * nothing - The area is free * something - An error occured, the return value is human readable */ function mrbsCheckFree($room_id, $starttime, $endtime, $ignore, $repignore) { global $tbl_entry; global $enable_periods; global $periods; # Select any meetings which overlap ($starttime,$endtime) for this room: $sql = "SELECT id, name, start_time FROM {$tbl_entry} WHERE\n\t\tstart_time < {$endtime} AND end_time > {$starttime}\n\t\tAND room_id = {$room_id}"; if ($ignore > 0) { $sql .= " AND id <> {$ignore}"; } if ($repignore > 0) { $sql .= " AND repeat_id <> {$repignore}"; } $sql .= " ORDER BY start_time"; $res = sql_query($sql); if (!$res) { return sql_error(); } if (sql_count($res) == 0) { sql_free($res); return ""; } # Get the room's area ID for linking to day, week, and month views: $area = mrbsGetRoomArea($room_id); # Build a string listing all the conflicts: $err = ""; for ($i = 0; $row = sql_row($res, $i); $i++) { $starts = getdate($row[2]); $param_ym = "area={$area}&year={$starts['year']}&month={$starts['mon']}"; $param_ymd = $param_ym . "&day={$starts['mday']}"; if ($enable_periods) { $p_num = $starts['minutes']; $startstr = userdate($row[2], '%A %d %B %Y, ') . $periods[$p_num]; } else { $startstr = userdate($row[2], '%A %d %B %Y %H:%M:%S'); } $err .= "<LI><A HREF=\"view_entry.php?id={$row['0']}\">{$row['1']}</A>" . " ( " . $startstr . ") " . "(<A HREF=\"day.php?{$param_ymd}\">" . get_string('viewday', 'block_mrbs') . "</a>" . " | <A HREF=\"week.php?room={$room_id}&{$param_ymd}\">" . get_string('viewweek', 'block_mrbs') . "</a>" . " | <A HREF=\"month.php?room={$room_id}&{$param_ym}\">" . get_string('viewmonth', 'block_mrbs') . "</a>)"; } return $err; }
/** * fonction appliquee par ecrire/index sur le resultat de la precedente * en cas de refus de connexion. * Retourne un message a afficher ou redirige illico. * * @param $raison * @return array|string */ function auth_echec($raison) { include_spip('inc/minipres'); include_spip('inc/headers'); // pas authentifie. Pourquoi ? if (is_string($raison)) { // redirection vers une page d'authentification // on ne revient pas de cette fonction // sauf si pb de header $raison = redirige_formulaire($raison); } elseif (is_int($raison)) { // erreur SQL a afficher $raison = minipres(_T('info_travaux_titre'), _T('titre_probleme_technique') . "<p><tt>" . sql_errno() . " " . sql_error() . "</tt></p>"); } elseif (@$raison['statut']) { // un simple visiteur n'a pas acces a l'espace prive spip_log("connexion refusee a " . @$raison['id_auteur']); $raison = minipres(_T('avis_erreur_connexion'), _T('avis_erreur_visiteur')); } else { // auteur en fin de droits ... $h = $raison['site']; $raison = minipres(_T('avis_erreur_connexion'), "<br /><br /><p>" . _T('texte_inc_auth_1', array('auth_login' => $raison['login'])) . " <a href='{$h}'>" . _T('texte_inc_auth_2') . "</a>" . _T('texte_inc_auth_3')); } return $raison; }
function base_admin_repair_dist($titre='', $reprise='') { $f = sql_repair('repair', NULL, true); if ($f) { $res = admin_repair_tables(); } else { if ($titre) spip_log("Pas d'instruction REPAIR dans ce serveur SQL"); $res = ' '; } if (!$res) { $res = "<br /><br /><span style='color: red; font-weight: bold;'><tt>"._T('avis_erreur_mysql').' '.sql_errno().': '.sql_error() ."</tt></span><br /><br /><br />\n"; } else { include_spip('inc/rubriques'); calculer_rubriques(); propager_les_secteurs(); } include_spip('inc/minipres'); $res .= pipeline('base_admin_repair',$res); $res .= admin_repair_plat(); echo minipres(_T('texte_tentative_recuperation'), $res . generer_form_ecrire('accueil', '','',_T('public:accueil_site'))); }
include "config.inc.php"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; if (!getAuthorised(2)) { showAccessDenied($day, $month, $year, $area); exit; } # This file is for adding new areas/rooms # we need to do different things depending on if its a room # or an area if ($type == "area") { $area_name_q = slashes($name); $sql = "insert into {$tbl_area} (area_name) values ('{$area_name_q}')"; if (sql_command($sql) < 0) { fatal_error(1, "<p>" . sql_error()); } $area = sql_insert_id("{$tbl_area}", "id"); } if ($type == "room") { $room_name_q = slashes($name); $description_q = slashes($description); if (empty($capacity)) { $capacity = 0; } $sql = "insert into {$tbl_room} (room_name, area_id, description, capacity)\n\t values ('{$room_name_q}',{$area}, '{$description_q}',{$capacity})"; if (sql_command($sql) < 0) { fatal_error(1, "<p>" . sql_error()); } } header("Location: admin.php?area={$area}");
function sql_connect_slave($id) { global $opt, $db; if ($id == -1) { sql_connect_master_as_slave(); return; } // the right slave is connected if ($db['dblink_slave'] !== false) { // TODO: disconnect if other slave is connected if ($db['slave_id'] != $id) { sql_error(); } return; } $db['slave_id'] = $id; $slave = $opt['db']['slaves'][$id]; // for display in SQL debugger $db['slave_server'] = $slave['server']; if ($opt['db']['pconnect'] == true) { $db['dblink_slave'] = @mysql_pconnect($slave['server'], $slave['username'], $slave['password']); } else { $db['dblink_slave'] = @mysql_connect($slave['server'], $slave['username'], $slave['password']); } if ($db['dblink_slave'] !== false) { if (mysql_select_db($opt['db']['placeholder']['db'], $db['dblink_slave']) == false) { sql_error(); } mysql_query("SET NAMES '" . mysql_real_escape_string($opt['charset']['mysql'], $db['dblink_slave']) . "'", $db['dblink_slave']); // initialize temp tables on slave server $rs = sqlf_slave("SELECT `threadid`, `name` FROM `sys_temptables` WHERE `threadid`='&1'", mysql_thread_id($db['dblink_slave'])); while ($r = sql_fetch_assoc($rs)) { sqlf_slave("DROP TEMPORARY TABLE IF EXISTS &tmpdb.`&1`", $r['name']); } sql_free_result($rs); sqlf_slave("DELETE FROM &db.`sys_temptables` WHERE `threadid`='&1'", mysql_thread_id($db['dblink_slave'])); } else { sql_error(); } }
$q['SETD'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = sort+1 WHERE sort = '" . $_GET['setsort'] . "' "; $sql['SETD'] = mysql_query($q['SETD']) or sql_error("db-query", mysql_error()); $db->closedb(); $db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); $q['SETU'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = '" . $_GET['setsort'] . "' WHERE id = '" . $_GET['id'] . "' "; $sql['SETU'] = mysql_query($q['SETU']) or sql_error("db-query", mysql_error()); $db->closedb(); } if ($_GET['move'] == "down") { $db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); $q['SETD'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = sort-1 WHERE sort = '" . $_GET['setsort'] . "' "; $sql['SETD'] = mysql_query($q['SETD']) or sql_error("db-query", mysql_error()); $db->closedb(); $db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); $q['SETU'] = "UPDATE " . TB_KNOWLEDGE_CAT . " SET sort = '" . $_GET['setsort'] . "' WHERE id = '" . $_GET['id'] . "' "; $sql['SETU'] = mysql_query($q['SETU']) or sql_error("db-query", mysql_error()); $db->closedb(); } $ProcessOutput = "<BR><BR>"; $ProcessOutput .= "<CENTER><A HREF=\"?name=admin&file=main\"><IMG SRC=\"images/icon/login-welcome.gif\" BORDER=\"0\"></A><BR><BR>"; $ProcessOutput .= "<FONT COLOR=\"#336600\"><B>" . _ADMIN_KNOWLEDGE_MESSAGE_CAT_EDIT . "</B></FONT><BR><BR>"; $ProcessOutput .= "<A HREF=\"?name=admin&file=knowledge_category\"><B>" . _ADMIN_KNOWLEDGE_MESSAGE_CAT_GOBACK . "</B></A>"; $ProcessOutput .= "</CENTER>"; $ProcessOutput .= "<BR><BR>"; } else { //¡Ã³ÕäÁè¼èÒ¹ $ProcessOutput = $PermissionFalse; } echo $ProcessOutput; } else { if ($op == "articlecat_edit") {
/** * Effectue une requête de selection * * Fonction de selection (SELECT), retournant la ressource interrogeable par sql_fetch. * * @api * @see sql_fetch() Pour boucler sur les resultats de cette fonction * * @param array|string $select * Liste des champs a recuperer (Select) * @param array|string $from * Tables a consulter (From) * @param array|string $where * Conditions a remplir (Where) * @param array|string $groupby * Critere de regroupement (Group by) * @param array|string $orderby * Tableau de classement (Order By) * @param string $limit * Critere de limite (Limit) * @param array $having * Tableau des des post-conditions a remplir (Having) * @param string $serveur * Le serveur sollicite (pour retrouver la connexion) * @param bool|string $option * Peut avoir 3 valeurs : * * - false -> ne pas l'exécuter mais la retourner, * - continue -> ne pas echouer en cas de serveur sql indisponible, * - true|array -> executer la requête. * Le cas array est, pour une requete produite par le compilateur, * un tableau donnnant le contexte afin d'indiquer le lieu de l'erreur au besoin * * * @return mixed * Ressource SQL * * - Ressource SQL pour sql_fetch, si la requete est correcte * - false en cas d'erreur * - Chaine contenant la requete avec $option=false * * Retourne false en cas d'erreur, apres l'avoir denoncee. * Les portages doivent retourner la requete elle-meme en cas d'erreur, * afin de disposer du texte brut. * **/ function sql_select($select = array(), $from = array(), $where = array(), $groupby = array(), $orderby = array(), $limit = '', $having = array(), $serveur = '', $option = true) { $f = sql_serveur('select', $serveur, $option === 'continue' or $option === false); if (!is_string($f) or !$f) { return false; } $debug = (defined('_VAR_MODE') and _VAR_MODE == 'debug'); if ($option !== false and !$debug) { $res = $f($select, $from, $where, $groupby, $orderby, $limit, $having, $serveur, is_array($option) ? true : $option); } else { $query = $f($select, $from, $where, $groupby, $orderby, $limit, $having, $serveur, false); if (!$option) { return $query; } // le debug, c'est pour ce qui a ete produit par le compilateur if (isset($GLOBALS['debug']['aucasou'])) { list($table, $id, ) = $GLOBALS['debug']['aucasou']; $nom = $GLOBALS['debug_objets']['courant'] . $id; $GLOBALS['debug_objets']['requete'][$nom] = $query; } $res = $f($select, $from, $where, $groupby, $orderby, $limit, $having, $serveur, true); } // en cas d'erreur if (!is_string($res)) { return $res; } // denoncer l'erreur SQL dans sa version brute spip_sql_erreur($serveur); // idem dans sa version squelette (prefixe des tables non substitue) $contexte_compil = sql_error_backtrace(true); erreur_squelette(array(sql_errno($serveur), sql_error($serveur), $res), $contexte_compil); return false; }
// Order the list by level, dragonkills, name so that the ordering is total! // Without this, some users would show up on multiple pages and some users // wouldn't show up if ($_GET['page']=="" && $_GET['op']==""){ output("`c`bWarriors Currently Online`b`c"); $sql = "SELECT name,login,alive,location,sex,level,laston,loggedin,lastip,uniqueid FROM accounts WHERE locked=0 AND loggedin=1 AND laston>'".date("Y-m-d H:i:s",strtotime("-".getsetting("LOGINTIMEOUT",900)." seconds"))."' ORDER BY level DESC, dragonkills DESC, login ASC"; }else{ output("`c`bWarriors in the realm (Page ".($pageoffset/$playersperpage+1).": $from-$to of $totalplayers)`b`c"); $sql = "SELECT name,login,alive,location,sex,level,laston,loggedin,lastip,uniqueid FROM accounts WHERE locked=0 $search ORDER BY level DESC, dragonkills DESC, login ASC $limit"; } if ($session[user][loggedin]){ output("<form action='list.php?op=search' method='POST'>Search by name: <input name='name'><input type='submit' class='button' value='Search'></form>",true); addnav("","list.php?op=search"); } $result = db_query($sql) or die(sql_error($sql)); $max = db_num_rows($result); if ($max>100) { output("`\$Too many names match that search. Showing only the first 100.`0`n"); } output("<table border=0 cellpadding=2 cellspacing=1 bgcolor='#999999'>",true); output("<tr class='trhead'><td><b>Alive</b></td><td><b>Level</b></td><td><b>Name</b></td><td><b>Location</b></td><td><b>Sex</b></td><td><b>Last on</b></tr>",true); for($i=0;$i<$max;$i++){ $row = db_fetch_assoc($result); output("<tr class='".($i%2?"trdark":"trlight")."'><td>",true); output($row[alive]?"`1Yes`0":"`4No`0"); output("</td><td>",true); output("`^$row[level]`0"); output("</td><td>",true); if ($session[user][loggedin]) output("<a href=\"mail.php?op=write&to=".rawurlencode($row['login'])."\" target=\"_blank\" onClick=\"".popup("mail.php?op=write&to=".rawurlencode($row['login'])."").";return false;\"><img src='images/newscroll.GIF' width='16' height='16' alt='Write Mail' border='0'></a>",true);
function generate_search_criteria(&$vars) { global $booking_types, $select_options; global $private_somewhere, $approval_somewhere, $confirmation_somewhere; global $user_level, $tbl_entry, $tbl_area, $tbl_room; global $field_natures, $field_lengths; global $report_search_field_order; echo "<fieldset>\n"; echo "<legend>" . get_vocab("search_criteria") . "</legend>\n"; foreach ($report_search_field_order as $key) { switch ($key) { case 'report_start': echo "<div id=\"div_report_start\">\n"; echo "<label>" . get_vocab("report_start") . ":</label>\n"; genDateSelector("from_", $vars['from_day'], $vars['from_month'], $vars['from_year']); echo "</div>\n"; break; case 'report_end': echo "<div id=\"div_report_end\">\n"; echo "<label>" . get_vocab("report_end") . ":</label>\n"; genDateSelector("to_", $vars['to_day'], $vars['to_month'], $vars['to_year']); echo "</div>\n"; break; case 'areamatch': $options = sql_query_array("SELECT area_name FROM {$tbl_area} ORDER BY area_name"); if ($options === FALSE) { trigger_error(sql_error(), E_USER_WARNING); fatal_error(FALSE, get_vocab("fatal_db_error")); } echo "<div id=\"div_areamatch\">\n"; $params = array('label' => get_vocab("match_area") . ':', 'name' => 'areamatch', 'options' => $options, 'force_indexed' => TRUE, 'value' => $vars['areamatch']); generate_datalist($params); echo "</div>\n"; break; case 'roommatch': // (We need DISTINCT because it's possible to have two rooms of the same name // in different areas) $options = sql_query_array("SELECT DISTINCT room_name FROM {$tbl_room} ORDER BY room_name"); if ($options === FALSE) { trigger_error(sql_error(), E_USER_WARNING); fatal_error(FALSE, get_vocab("fatal_db_error")); } echo "<div id=\"div_roommatch\">\n"; $params = array('label' => get_vocab("match_room") . ':', 'name' => 'roommatch', 'options' => $options, 'force_indexed' => TRUE, 'value' => $vars['roommatch']); generate_datalist($params); echo "</div>\n"; break; case 'typematch': echo "<div id=\"div_typematch\">\n"; $options = array(); foreach ($booking_types as $type) { $options[$type] = get_type_vocab($type); } $params = array('label' => get_vocab("match_type") . ':', 'name' => 'typematch[]', 'id' => 'typematch', 'options' => $options, 'force_assoc' => TRUE, 'value' => $vars['typematch'], 'multiple' => TRUE, 'attributes' => 'size="5"'); generate_select($params); echo "<span>" . get_vocab("ctrl_click_type") . "</span>\n"; echo "</div>\n"; break; case 'namematch': echo "<div id=\"div_namematch\">\n"; $params = array('label' => get_vocab("match_entry") . ':', 'name' => 'namematch', 'value' => $vars['namematch']); generate_input($params); echo "</div>\n"; break; case 'descrmatch': echo "<div id=\"div_descrmatch\">\n"; $params = array('label' => get_vocab("match_descr") . ':', 'name' => 'descrmatch', 'value' => $vars['descrmatch']); generate_input($params); echo "</div>\n"; break; case 'creatormatch': echo "<div id=\"div_creatormatch\">\n"; $params = array('label' => get_vocab("createdby") . ':', 'name' => 'creatormatch', 'value' => $vars['creatormatch']); generate_input($params); echo "</div>\n"; break; case 'match_private': // Privacy status // Only show this part of the form if there are areas that allow private bookings if ($private_somewhere) { // If they're not logged in then there's no point in showing this part of the form because // they'll only be able to see public bookings anyway (and we don't want to alert them to // the existence of private bookings) if (empty($user_level)) { echo "<input type=\"hidden\" name=\"match_private\" value=\"" . PRIVATE_NO . "\">\n"; } else { echo "<div id=\"div_privacystatus\">\n"; $options = array(PRIVATE_BOTH => get_vocab("both"), PRIVATE_NO => get_vocab("default_public"), PRIVATE_YES => get_vocab("default_private")); $params = array('label' => get_vocab("privacy_status") . ':', 'name' => 'match_private', 'options' => $options, 'value' => $vars['match_private']); generate_radio_group($params); echo "</div>\n"; } } break; case 'match_confirmed': // Confirmation status // Only show this part of the form if there are areas that require approval if ($confirmation_somewhere) { echo "<div id=\"div_confirmationstatus\">\n"; $options = array(CONFIRMED_BOTH => get_vocab("both"), CONFIRMED_YES => get_vocab("confirmed"), CONFIRMED_NO => get_vocab("tentative")); $params = array('label' => get_vocab("confirmation_status") . ':', 'name' => 'match_confirmed', 'options' => $options, 'value' => $vars['match_confirmed']); generate_radio_group($params); echo "</div>\n"; } break; case 'match_approved': // Approval status // Only show this part of the form if there are areas that require approval if ($approval_somewhere) { echo "<div id=\"div_approvalstatus\">\n"; $options = array(APPROVED_BOTH => get_vocab("both"), APPROVED_YES => get_vocab("approved"), APPROVED_NO => get_vocab("awaiting_approval")); $params = array('label' => get_vocab("approval_status") . ':', 'name' => 'match_approved', 'options' => $options, 'value' => $vars['match_approved']); generate_radio_group($params); echo "</div>\n"; } break; default: // Must be a custom field $var = "match_{$key}"; global ${$var}; $params = array('label' => get_loc_field_name($tbl_entry, $key) . ':', 'name' => $var, 'value' => isset(${$var}) ? ${$var} : NULL); echo "<div>\n"; // Output a checkbox if it's a boolean or integer <= 2 bytes (which we will // assume are intended to be booleans) if ($field_natures[$key] == 'boolean' || $field_natures[$key] == 'integer' && isset($field_lengths[$key]) && $field_lengths[$key] <= 2) { generate_checkbox($params); } else { // If $select_options is defined we want to force a <datalist> and not a // <select>. That's because if we have options such as // ('tea', 'white coffee', 'black coffee') we want the user to be able to type // 'coffee' which will match both 'white coffee' and 'black coffee'. if (isset($select_options["entry.{$key}"]) && !empty($select_options["entry.{$key}"])) { $params['options'] = $select_options["entry.{$key}"]; // We force the values to be used and not the keys. We will convert // back to values when we construct the SQL query. $params['force_indexed'] = TRUE; generate_datalist($params); } else { $params['field'] = "entry.{$key}"; generate_input($params); } } echo "</div>\n"; break; } // switch } echo "</fieldset>\n"; }
echo FALSE == $valid_room_name ? get_vocab('invalid_room_name') : ""; ?> </span> </fieldset> <fieldset> <legend></legend> <input type="hidden" name="room" value="<?php echo $row["id"]; ?> "> <?php $res = sql_query("SELECT id, area_name FROM {$tbl_area}"); if (!$res) { trigger_error(sql_error(), E_USER_WARNING); fatal_error(FALSE, get_vocab("fatal_db_error")); } if (sql_count($res) == 0) { fatal_error(FALSE, get_vocab('noareas')); // should not happen } // The area select box echo "<div>\n"; $options = array(); for ($i = 0; $row_area = sql_row_keyed($res, $i); $i++) { $options[$row_area['id']] = $row_area['area_name']; } $params = array('label' => get_vocab("area") . ":", 'name' => 'new_area', 'options' => $options, 'force_assoc' => TRUE, 'value' => $row['area_id'], 'disabled' => $disabled, 'create_hidden' => FALSE); generate_select($params); echo "<input type=\"hidden\" name=\"old_area\" value=\"" . $row['area_id'] . "\">\n";
$intext[2] = "E"; mt_srand((double) microtime() * 1000000); // Lets do stuff for days 5 days in the past to 55 days in the future for ($day = date("d") - 5; $day < date("d") + 55; $day++) { $month = date("m"); $year = date("Y"); $dayt = date("D", mktime(0, 0, 0, $month, $day, $year)); if ($dayt != "Sat" and $dayt != "Sun") { $sql = "select id from {$tbl_area}"; $area_res = sql_query($sql); for ($i = 0; list($area) = sql_row($area_res, $i); $i++) { // We know the area we want to add appointments in $sql = "select id from {$tbl_room} where area_id = {$area}"; $room_res = sql_query($sql); if (!$room_res) { echo sql_error(); } for ($j = 0; list($room) = sql_row($room_res, $j); $j++) { // Now we know room and area // We have to add some appointments to the day // four in each room seems good enough for ($a = 1; $a < 5; $a++) { // Pick a random hour 8-5 $starthour = mt_rand(7, 16); $length = mt_rand(1, 5) * 30; $starttime = mktime($starthour, 0, 0, $month, $day, $year); $endtime = mktime($starthour, $length, 0, $month, $day, $year); // Check that this isnt going to overlap $sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))"; $counte = sql_query1($sql); if ($counte == 0) {
<IMG SRC="images/menu/textmenu_video.gif" BORDER="0"><br> <TABLE width="740" align=center cellSpacing=2 cellPadding=2 border=0 class="tablex"> <?php empty($_GET['id']) ? $id = "" : ($id = $_GET['id']); //áÊ´§ video $db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); $res['video'] = $db->select_query("SELECT * FROM " . TB_VIDEO . " WHERE id='" . $id . "' "); $arr['video'] = $db->fetch($res['video']); $db->closedb(); if (!$arr['video']['id']) { echo "<BR><BR><BR><BR><CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\" ><BR><BR><B>äÁèÁÕÃÒ¡Òà video ¹Õé</B></CENTER><BR><BR><BR><BR>"; } else { //·Ó¡ÒÃà¾ÔèÁ¨Ó¹Ç¹¤¹à¢éÒªÁ $db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); $q['Pageview'] = "UPDATE " . TB_VIDEO . " SET pageview = pageview+1 WHERE id = '" . $id . "' "; $sql['Pageview'] = mysql_query($q['Pageview']) or sql_error("db-query", mysql_error()); //ª×èÍËÁÇ´ËÁÙè $res['category'] = $db->select_query("SELECT * FROM " . TB_VIDEO_CAT . " WHERE id='" . $arr['video']['category'] . "' "); $arr['category'] = $db->fetch($res['category']); $CAT = $arr['category']['post_date']; $db->closedb(); ?> <TR> <TD valign="top" colspan="2" align="center" ><br> <table cellspacing=0 cellpadding=0 border=0 class='iconframe'> <tr> <td border=0 align="center" class='imageframe'> <!-- player container without nested content --> <?php if ($arr['video']['youtube'] == 0) {
# un-authenticated users can only report on # items which are not marked private $sql .= " AND e.private=0"; } } if ($sortby == "r") { // Order by Area, Room, Start date/time $sql .= " ORDER BY 9,10,2"; } else { // Order by Start date/time, Area, Room $sql .= " ORDER BY 2,9,10"; } // echo "<p>DEBUG: SQL: <tt> $sql </tt></p>\n"; $res = sql_query($sql); if (!$res) { fatal_error(0, sql_error()); } $nmatch = sql_count($res); if ($nmatch == 0) { echo "<p class=\"report_entries\">" . get_vocab("nothing_found") . "</p>\n"; sql_free($res); } else { $last_area_room = ""; $last_date = ""; echo "<p class=\"report_entries\">" . $nmatch . " " . ($nmatch == 1 ? get_vocab("entry_found") : get_vocab("entries_found")) . "</p>\n"; for ($i = 0; $row = sql_row_keyed($res, $i); $i++) { if ($summarize & 1) { reporton($row, $last_area_room, $last_date, $sortby, $display); } if ($summarize & 2) { empty($enable_periods) ? accumulate($row, $count, $hours, $report_start, $report_end, $room_hash, $name_hash) : accumulate_periods($row, $count, $hours, $report_start, $report_end, $room_hash, $name_hash);
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); $query = $db->select_query("SELECT * FROM " . TB_KNOWLEDGE . " WHERE id='" . $_GET['id'] . "' "); $item = $db->fetch($query); $enable_comment = (int) $item['enable_comment']; $db->closedb(); if (!$item['id']) { echo "<BR><BR><BR><BR><CENTER><IMG SRC=\"images/icon/notview.gif\" BORDER=\"0\" ><BR><BR><B>ไม่มีรายการสาระน่ารู้นี้</B></CENTER><BR><BR><BR><BR>"; } else { $FileNewsTopic = "knowledgedata/" . $item['post_date'] . ".txt"; $file_open = @fopen($FileNewsTopic, "r"); $content = @fread($file_open, @filesize($FileNewsTopic)); $Detail = stripslashes(FixQuotes($content)); //ทำการเพิ่มจำนวนคนเข้าชม $db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); $query = "UPDATE " . TB_KNOWLEDGE . " SET pageview = pageview+1 WHERE id = '" . $_GET['id'] . "' "; mysql_query($query) or sql_error("db-query", mysql_error()); //ชื่อหมวดหมู่ $query = $db->select_query("SELECT * FROM " . TB_KNOWLEDGE_CAT . " WHERE id='" . $item['category'] . "' "); $category = $db->fetch($query); $db->closedb(); ?> <TR> <TD> <B><FONT COLOR="#990000"><?php echo $category['category_name']; ?> <BR><?php echo $item['topic']; ?> </FONT></B> <BR>
$description = $row[2]; $start_day = strftime('%d', $row[3]); $start_month = strftime('%m', $row[3]); $start_year = strftime('%Y', $row[3]); $start_hour = strftime('%H', $row[3]); $start_min = strftime('%M', $row[3]); $duration = $row[4] - $row[3] - cross_dst($row[3], $row[4]); $type = $row[5]; $room_id = $row[6]; $entry_type = $row[7]; $rep_id = $row[8]; if ($entry_type >= 1) { $sql = "SELECT rep_type, start_time, end_date, rep_opt, rep_num_weeks\n\t\t FROM {$tbl_repeat} WHERE id={$rep_id}"; $res = sql_query($sql); if (!$res) { fatal_error(1, sql_error()); } if (sql_count($res) != 1) { fatal_error(1, get_vocab("repeat_id") . $rep_id . get_vocab("not_found")); } $row = sql_row($res, 0); sql_free($res); $rep_type = $row[0]; if ($edit_type == "series") { $start_day = (int) strftime('%d', $row[1]); $start_month = (int) strftime('%m', $row[1]); $start_year = (int) strftime('%Y', $row[1]); $rep_end_day = (int) strftime('%d', $row[2]); $rep_end_month = (int) strftime('%m', $row[2]); $rep_end_year = (int) strftime('%Y', $row[2]); switch ($rep_type) {
function get_area_name($user, $all = FALSE) { $sql = "SELECT name\n FROM users\n WHERE code='{$user}'"; if (empty($all)) { $sql .= " AND disabled=0"; } $sql .= " LIMIT 1"; $res = sql_query($sql); if ($res === FALSE) { trigger_error(sql_error(), E_USER_WARNING); return FALSE; } if (sql_count($res) == 0) { return NULL; } $row = sql_row($res, 0); return $row[0]; }
if ($_GET['pay'] == 2) { $fee = getsetting("innfee", "5%"); if (strpos($fee, "%")) { $expense += round($expense * $fee / 100, 0); } else { $expense += $fee; } $goldline = ",goldinbank=goldinbank-{$expense}"; } else { $goldline = ",gold=gold-{$expense}"; } $goldline .= ",boughtroomtoday=1"; } debuglog("spent {$expense} gold on an inn room"); $sql = "UPDATE accounts SET loggedin=0,location=1 {$goldline} WHERE acctid = " . $session['user'][acctid]; db_query($sql) or die(sql_error($sql)); } $session = array(); redirect("index.php"); } else { output("\"Aah, so that's how it is,\" Cedrik says as he puts the key he had retrieved back on to its hook "); output("behind his counter. Perhaps you'd like to get sufficient funds before you attempt to engage in "); output("local commerce."); } } } else { if ($session['user']['boughtroomtoday']) { output("You already paid for a room for the day."); addnav("Go to room", "inn.php?op=room&pay=1"); } else { if ($config['innstays'] > 0) {
emptyvalue($repass); emptyvalue($day); emptyvalue($month); emptyvalue($year); emptyvalue($secques); emptyvalue($secans); if ($pass === $repass) { $pass = hashword($pass, $hash); } else { $error++; } //Checking the email address if ($error === 0) { $check = 0; $regsql = "SELECT * \n\t\t\t\t\t\t\t\t\t\t\tFROM tbl_members\n\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\temail = '{$email}'"; $regqry = mysql_query($regsql) or sql_error(); $numRows = mysql_num_rows($regqry); if ($numRows > 0) { $check++; } if ($check === 0) { echo 'unique'; //Adding the user $addsql = ""; } } else { echo 'An error occured'; } } else { echo '<form class="reg" action="/Register.php" method="post" onSubmit="return regcheck()"> <label for="fname">Name:</label><input type="text" name="fname" id="fname" placeholder="First Name" value=""/><input type="text" name="sname" id="sname" placeholder="Surname" value=""/>
function nmig_WriteBloc($blocs, $posbloc) { include "header.php"; global $ModInstall, $display; global $NPDS_Prefix; $display = '<div class="">'; if ($posbloc) { if ($blocs[2] == "") { $blocs[2] = $blocs[3]; } if ($posbloc == "l") { $posblocM = "L"; } if ($posbloc == "r") { $posblocM = "R"; } for ($i = 0; $i < count($blocs[0]) && !isset($erreur); $i++) { sql_query("INSERT INTO " . $NPDS_Prefix . $posbloc . "blocks (`id`, `title`, `content`, `member`, `" . $posblocM . "index`, `cache`, `actif`, `aide`) VALUES ('', '" . $blocs[0][$i] . "', '" . $blocs[1][$i] . "', '" . $blocs[2][$i] . "', '" . $blocs[4][$i] . "', '" . $blocs[5][$i] . "', '" . $blocs[6][$i] . "', '" . $blocs[7][$i] . "');") or $erreur = sql_error(); } if (isset($erreur)) { $display .= adm_translate("Une erreur est survenue lors de la configuration automatique du(des) bloc(s). Mysql a répondu :"); ob_start(); highlight_string($erreur); $display .= ob_get_contents(); ob_end_clean(); $display .= adm_translate("Veuillez configurer manuellement le(s) bloc(s).") . "<br /><br />\n"; $display .= adm_translate("Voici le code du(des) bloc(s) :") . "<br /><br />\n"; ob_start(); for ($i = 0; $i < count($blocs[0]); $i++) { echo "Bloc n° " . $i . "<br />"; highlight_string($blocs[1][$i]); echo "<br />\n"; } $display .= ob_get_contents(); ob_end_clean(); } else { $display .= '<p class="text-success"><strong>' . adm_translate("La configuration du(des) bloc(s) a réussi !") . '</strong></p>'; $display .= "<br />\n"; } } else { $display .= '<p><strong>' . adm_translate("Vous avez choisi de configurer manuellement vos blocs. Voici le contenu de ceux-ci :") . '</strong></p>'; ob_start(); for ($i = 0; $i < count($blocs[0]); $i++) { echo 'Bloc n° ' . $i . '<br /> <code>' . $blocs[1][$i] . '</code> <br />'; } $display .= ob_get_contents(); ob_end_clean(); } $display .= ' </div><br /> <div style="text-align: center;"> <a href="admin.php?op=Module-Install&ModInstall=' . $ModInstall . '&nmig=e9" class="btn btn-primary">' . adm_translate("Etape suivante") . '</a><br /> </div><br /> ' . nmig_copyright(); }
function sql_escape_string($string, $link = null) { $string = sqlite_escape_string($string); if ($string === false) { output_error("SQL Error: " . sql_error(), E_USER_ERROR); return false; } return $string; }
} // you can't delete a user if you're not some kind of admin, and then you can't // delete someone higher than you if ($level < $min_user_editing_level || $level < $target_level) { showAccessDenied(0, 0, 0, "", ""); exit; } $r = sql_command("delete from {$tbl_users} where id={$Id};"); if ($r == -1) { print_header(0, 0, 0, "", ""); // This is unlikely to happen in normal operation. Do not translate. print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n"; print " <fieldset>\n"; print " <legend></legend>\n"; print " <p class=\"error\">Error deleting entry {$Id} from the {$tbl_users} table.</p>\n"; print " <p class=\"error\">" . sql_error() . "</p>\n"; print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n"; print " </fieldset>\n"; print "</form>\n"; // Print footer and exit print_footer(TRUE); } /* Success. Do not display a message. Simply fall through into the list display. */ } /*---------------------------------------------------------------------------*\ | Display the list of users | \*---------------------------------------------------------------------------*/ /* Print the standard MRBS header */ print_header(0, 0, 0, "", ""); print "<h2>" . get_vocab("user_list") . "</h2>\n"; if ($level >= $min_user_editing_level) {
/** * return the array of consumers realted to a given event class * @param int $class_id the id of the event class * @return array an array of the consumer related to $class_id * any element of the array is * consumer_id => array( consumer_class, consumer_file ) * @static * @access public **/ function listConsumerFromClassId($class_id) { $query = "SELECT DISTINCT ev.idConsumer, ev.consumer_class, ev.consumer_file " . " FROM " . $GLOBALS['prefix_fw'] . "_event_consumer AS ev" . " JOIN " . $GLOBALS['prefix_fw'] . "_event_consumer_class AS ecc" . " WHERE ecc.idClass = '" . $class_id . "'" . " AND ev.idConsumer = ecc.idConsumer"; $rs = sql_query($query); $result = array(); if ($rs === FALSE) { echo $query; echo " Errore: " . sql_error(); return FALSE; } if (sql_num_rows($rs) > 0) { while (list($id, $class, $file) = sql_fetch_row($rs)) { $result[$id] = array($class, $file); } } return $result; }