function mailer_send_newsletter($subject, $message, $type, $scheduled = NULL) { if ($scheduled === NULL || $scheduled == "") { $scheduled = 'NULL'; } else { $scheduled = "'" . date("YmdHis", strtotime($scheduled)) . "'"; } $sql = "INSERT INTO newsletter SET subject='" . sql_safe($subject) . "', body='" . sql_safe($message) . "', name='" . sql_safe($type) . "', scheduled={$scheduled}"; mysql_query($sql); }
function category_get($user_id, $category_id = NULL) { $return = array(); $sql = "SELECT \n\t\ttask_category.id,\n\t\ttask_category.creator,\n\t\tIFNULL(task_category.name,'" . _("Untitled category") . "') as name,\n\t\ttask_category.description,\n\t\ttask_category.assignment_length\n\tFROM task_category \n\tLEFT JOIN task_user_category ON task_user_category.task_category_id=task_category.id\n\tWHERE " . ($category_id !== NULL ? "task_category.id=" . sql_safe($category_id) . " AND " : "") . "\n\t(creator=" . sql_safe($user_id) . "\tOR task_user_category.user_id=" . sql_safe($user_id) . ");"; if ($cc = mysql_query($sql)) { while ($c = mysql_fetch_assoc($cc)) { $return[] = $c; } } return $return; }
function flattr_set_flattr_choice($user_id, $flattr_choice) { // echo "flattr_set_flattr_choice($user_id, $flattr_choice)"; $current_choices = flattr_get_flattr_choices($user_id); $new_choices = serialize($flattr_choice); // echo "<pre>current_choices:".print_r($current_choices,1)."</pre>"; if (strcmp($current_choices, $new_choices)) { if (!$current_choices) { $sql = "INSERT INTO " . PREFIX . "flattr SET showFlattr=\"" . sql_safe($new_choices) . "\", user_id=" . sql_safe($user_id) . ";"; } else { $sql = "UPDATE " . PREFIX . "flattr SET showFlattr=\"" . sql_safe($new_choices) . "\" WHERE user_id=" . sql_safe($user_id) . ";"; } // echo "<pre>".print_r($sql,1)."</pre>"; if (mysql_query($sql)) { add_message(_("New flattr choices set")); } else { add_error(sprintf(_("New flattr choices could not be set. Error: %s"), mysql_error())); } } }
function notice_display_notices($user) { $sql = "SELECT id, type, subject, message FROM " . PREFIX . "notice WHERE user="******" AND closed IS NULL"; if ($nn = mysql_query($sql)) { while ($n = mysql_fetch_assoc($nn)) { echo ' <div class="row notice"> <div class="panel panel-default ' . $n['type'] . '"> <div class="panel-heading"> <form method="post"> <input type="hidden" name="notice_id" value="' . $n['id'] . '"> <input type="submit" name="notice_close" value="x" class="rightfloat close-button"> </form> <h3 class="panel-title">' . $n['subject'] . '</h3> </div> <div class="panel-body"> ' . $n['message'] . ' </div> </div> </div>'; } } }
if (!$category_id) { $error .= '<li> Category cannot be left blank'; } if (!$firstname && !$lastname && !$company) { $error .= '<li> First name / Last name / Company cannot be left blank'; } if (!$error) { if ($new_category) { $base_instance->query('INSERT INTO ' . $base_instance->entity['CONTACT']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')'); $category_id = mysqli_insert_id($base_instance->db_link); } $firstname = str_replace('"', '"', $firstname); $lastname = str_replace('"', '"', $lastname); $address = str_replace('"', '"', $address); $company = str_replace('"', '"', $company); $base_instance->query('UPDATE ' . $base_instance->entity['CONTACT']['MAIN'] . ' SET firstname="' . sql_safe($firstname) . '",lastname="' . sql_safe($lastname) . '",email="' . sql_safe($email) . '",telephone="' . sql_safe($telephone) . '",fax="' . sql_safe($fax) . '",mobile="' . sql_safe($mobile) . '",address="' . sql_safe($address) . '",notes="' . sql_safe($notes) . '",company="' . sql_safe($company) . '",url="' . sql_safe($url) . '",category=' . $category_id . ',public=' . $public . ' WHERE user='******' AND ID=' . $contact_id); $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['CONTACT']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'"); $cat_title = $data[1]->title; $base_instance->show_message('Contact updated', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelContact(item){if(confirm("Delete Contact?")){http.open(\'get\',\'delete-contact.php?item=\'+item); http.send(null);}}</script> <a href="add-contact.php?category_id=' . $category_id . '">[Add more]</a> <a href="edit-contact.php?contact_id=' . $contact_id . '">[Edit]</a> <a href="javascript:DelContact(\'' . $contact_id . '\')">[Delete]</a> <a href="send-content.php?contact_id=' . $contact_id . '">[Send]</a><p><a href="show-contact-categories.php">[Show all Categories]</a> <a href="show-contact.php">[Show all Contacts]</a><p><b>Internal Link:</b> [c' . $contact_id . '] <b>Category:</b> ' . $cat_title . ' <a href="show-contact.php?category_id=' . $category_id . '">[Show]</a>'); } else { $html_instance->error_message = $error; $company = stripslashes($company); $address = stripslashes($address); $notes = stripslashes($notes); } } else { $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['CONTACT']['MAIN']} WHERE user='******' AND ID={$contact_id}"); if (!$data) { $base_instance->show_message('Contact not found', '', 1);
require 'class.base.php'; require 'class.html.php'; $base_instance = new base(); $html_instance = new html(); $userid = $base_instance->get_userid(); $datetime = date('Y-m-d H:i:s'); if (empty($_GET['order_type'])) { $order_type = 'DESC'; } else { $order_type = sql_safe($_GET['order_type']); } if (empty($_GET['order_col'])) { $order_col = 'ID'; } else { $order_col = sql_safe($_GET['order_col']); } if (empty($_GET['show_all'])) { $where = "WHERE DATE_ADD(last_reminded, INTERVAL frequency DAY)<'{$datetime}' AND user='******'"; $header = 'Reminders To Do <a href="' . $_SERVER['PHP_SELF'] . '?show_all=1">[Show all Reminders]</a>'; $show_all = 0; } else { $where = "WHERE user='******'"; $header = 'All Reminders <a href="' . $_SERVER['PHP_SELF'] . '?show_all=0">[Show Reminders To Do]</a>'; $show_all = 1; } $html_instance->add_parameter(array('ACTION' => 'show_content', 'ENTITY' => 'REMINDER', 'SUBENTITY' => 'DAYS', 'MAXHITS' => 50, 'WHERE' => "{$where} AND homepage=1", 'ORDER_COL' => "{$order_col}", 'ORDER_TYPE' => "{$order_type}", 'HEADER' => "{$header}", 'SORTBAR' => 6, 'SORTBAR_FIELD1' => 'title', 'SORTBAR_NAME1' => 'Title', 'SORTBAR_FIELD2' => 'bluebox', 'SORTBAR_NAME2' => 'Days due', 'SORTBAR_FIELD3' => 'last_reminded', 'SORTBAR_NAME3' => 'Last Time Done', 'SORTBAR_FIELD4' => 'done', 'SORTBAR_NAME4' => 'Done', 'SORTBAR_FIELD5' => 'frequency', 'SORTBAR_NAME5' => 'Do every', 'SORTBAR_FIELD6' => 'datetime', 'SORTBAR_NAME6' => 'Date added', 'INNER_TABLE_WIDTH' => '95%', 'URL_PARAMETER' => "show_all={$show_all}")); if ($order_col == 'bluebox') { $html_instance->para['ORDER_COL'] = '(UNIX_TIMESTAMP("' . $datetime . '")-UNIX_TIMESTAMP(last_reminded)-(frequency*86400))'; } # translate bluebox ORDER_COL
<?php require 'class.base.php'; $base_instance = new base(); $userid = $base_instance->get_userid(); $where = ''; if (isset($_GET['text_search'])) { $text_search = sql_safe($_GET['text_search']); $where = " AND (text LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%') "; } if (isset($_GET['category_id'])) { $category_id = (int) $_GET['category_id']; $where .= ' AND category=' . $category_id; } else { if (isset($_GET['blog_id'])) { $blog_id = (int) $_GET['blog_id']; $where = ' AND ID=' . $blog_id; } } $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['BLOG']['MAIN']} WHERE user='******'{$where} ORDER BY datetime DESC"); echo '<head><meta http-equiv="content-type" content="text/html;charset=utf-8"> <style type="text/css"> td {font-family:Arial; font-size:10pt} table.pastel,table.pastel td {border:1px solid #c5c5c5; border-collapse:collapse} </style> </head> <table width="100%" border cellspacing=0 cellpadding=5 class="pastel">'; for ($index = 1; $index <= sizeof($data); $index++) { $title = $data[$index]->title; $text = $data[$index]->text;
if (!copy($source, $dest)) { $error .= '<li> File could not be stored'; } } } else { $error .= '<li> File not supplied or too big'; } } if (!$error) { $datetime = $_POST['datetime']; if ($public == 2) { $token = 't' . md5(uniqid(rand(), true)); } else { $token = ''; } $base_instance->query('INSERT INTO ' . $base_instance->entity['FILE']['MAIN'] . ' (datetime,text,title,filename,user,category,public,token) VALUES ("' . sql_safe($datetime) . '","' . sql_safe($text) . '","' . sql_safe($title) . '","' . sql_safe($filename) . '",' . $userid . ',' . $category_id . ',' . $public . ',"' . $token . '")'); $file_id = mysqli_insert_id($base_instance->db_link); $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['FILE']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'"); $cat_title = $data[1]->title; # $path = pathinfo($filename); if (isset($path['extension'])) { $ext = strtolower($path['extension']); } else { $ext = ''; } if ($ext == 'gif' or $ext == 'png' or $ext == 'jpg' or $ext == 'jpeg') { $display_image = '<p><b>Display Image:</b> [image-' . $file_id . ']'; } else { $display_image = ''; }
$select_field_id = mysqli_insert_id($base_instance->db_link); for ($index = 1; $index <= $number_of_fields; $index++) { $name_item = sql_safe($_POST['name_select_field_item_' . $index]); if ($name_item) { $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['SELECT_ITEMS']} (title,user,select_field_id) VALUES ('{$name_item}',{$userid},{$select_field_id})"); } } $base_instance->show_message('Field saved', '<a href="add-database-number-field.php?category_id=' . $category_id . '">[Add Number Field]</a> <a href="add-database-text-field.php?category_id=' . $category_id . '">[Add Text Field]</a><p> <a href="add-database-select-field.php?category_id=' . $category_id . '">[Add Select Field]</a> <a href="add-database-checkbox-field.php?category_id=' . $category_id . '">[Add Checkbox Field]</a><p><a href="add-database-data.php?category_id=' . $category_id . '">[Add Data]</a> <a href="edit-database-select-field.php?select_field_id=' . $select_field_id . '">[Edit Field]</a> <a href="show-database-data.php?category_id=' . $category_id . '">[Show all Data]</a>'); } } if (empty($number_of_fields)) { $number_of_fields = 5; } if (isset($_POST['title_select_field'])) { $title_select_field = sql_safe($_POST['title_select_field']); } else { $title_select_field = ''; } $html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Select Fields', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '30%', 'BUTTON_TEXT' => 'Save Field')); $html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'save_it', 'VALUE' => 1)); $html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'number_of_fields', 'VALUE' => "{$number_of_fields}")); $html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'category_id', 'VALUE' => "{$category_id}")); $html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title_select_field', 'VALUE' => "{$title_select_field}", 'SIZE' => 35, 'TEXT' => 'Name of Field')); for ($index = 1; $index <= $number_of_fields; $index++) { $name = 'name_select_field_item_' . $index; if (isset($item_value[$index])) { $value = $item_value[$index]; } else { $value = ''; }
$title = str_replace('"', '"', $title); } if (!$text) { $error .= '<li> Text cannot be left blank'; } else { $text = trim($text); if (strlen($text) > 65535) { $error .= '<li> Text is too long (Max. 65535 Characters)'; } } if (!$error) { if ($new_category) { $base_instance->query('INSERT INTO ' . $base_instance->entity['KNOWLEDGE']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')'); $category_id = mysqli_insert_id($base_instance->db_link); } $base_instance->query('UPDATE ' . $base_instance->entity['KNOWLEDGE']['MAIN'] . ' SET text="' . sql_safe($text) . '",title="' . sql_safe($title) . '",category=' . $category_id . ',value=' . $value . ',public=' . $public . ' WHERE user='******' AND ID=' . $knowledge_id); $data = $base_instance->get_data('SELECT title FROM ' . $base_instance->entity['KNOWLEDGE']['CATEGORY'] . ' WHERE user='******' AND ID=' . $category_id); $cat_title = $data[1]->title; $base_instance->show_message('Knowledge updated', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelKnow(item){if(confirm("Delete Knowledge?")){http.open(\'get\',\'delete-knowledge.php?item=\'+item); http.send(null);}}</script> <a href="add-knowledge.php?category_id=' . $category_id . '">[Add more]</a> <a href="edit-knowledge.php?knowledge_id=' . $knowledge_id . '">[Edit]</a> <a href="javascript:DelKnow(\'' . $knowledge_id . '\')">[Delete]</a> <a href="send-content.php?knowledge_id=' . $knowledge_id . '">[Send]</a><p><a href="show-knowledge-categories.php">[Show all Categories]</a> <a href="show-knowledge.php">[Show all Knowledge]</a><p><b>Internal Link:</b> [k' . $knowledge_id . '] <b>Category:</b> ' . $cat_title . ' <a href="show-knowledge.php?category_id=' . $category_id . '">[Show]</a>'); } else { $html_instance->error_message = $error; $text = stripslashes($text); $title = stripslashes($title); } } else { $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['KNOWLEDGE']['MAIN']} WHERE user='******' AND ID='{$knowledge_id}'"); if (!$data) { $base_instance->show_message('Knowledge not found', '', 1); }
<?php require 'class.base.php'; require 'class.html.php'; $base_instance = new base(); $html_instance = new html(); $userid = $base_instance->get_userid(); $text_search = isset($_REQUEST['text_search']) ? sql_safe($_REQUEST['text_search']) : ''; $whole_words = isset($_POST['whole_words']) ? 1 : ''; $category_id = isset($_REQUEST['category_id']) ? (int) $_REQUEST['category_id'] : ''; if ($text_search && $whole_words) { $query = " AND (text REGEXP '([[:space:]]|[[:<:]]){$text_search}([[:>:]]|[[:space:]])' OR title REGEXP '([[:space:]]|[[:<:]]){$text_search}([[:>:]]|[[:space:]])') "; $param = 'text_search=' . $text_search . '&'; } else { if ($text_search) { $query = " AND (text LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%') "; $param = 'text_search=' . $text_search . '&'; } else { $query = ''; $param = ''; } } # if ($category_id) { $query .= " AND (category={$category_id}) "; $param .= 'category_id=' . $category_id . '&'; $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['TO_DO']['CATEGORY']} WHERE ID={$category_id}"); $title = $data[1]->title; $category_name = '(Category ' . $title . ')'; } else { $category_name = '';
} $rows = mysql_num_rows($res); for ($index = 1; $index <= $rows; $index++) { $data[$index] = mysql_fetch_object($res); } mysql_free_result($res); if (isset($data)) { return $data; } else { return; } } $message = isset($_REQUEST['message']) ? sql_safe($_REQUEST['message']) : ''; $token = isset($_REQUEST['token']) ? sql_safe($_REQUEST['token']) : ''; $usertoken = isset($_REQUEST['usertoken']) ? sql_safe($_REQUEST['usertoken']) : ''; $name = isset($_REQUEST['name']) ? sql_safe($_REQUEST['name']) : ''; $typing = isset($_REQUEST['typing']) ? (int) $_REQUEST['typing'] : ''; $leave = isset($_REQUEST['leave']) ? 1 : ''; $new_messages = isset($_REQUEST['new_messages']) ? 1 : ''; $timestamp = time(); # post a new message if ($message != '' && $name != '' && $token != '') { $datetime = date('Y-m-d H:i:s'); $res = mysql_query("INSERT INTO organizer_chat (datetime,token,username,message) VALUES ('{$datetime}','{$token}','{$name}','{$message}')"); } # I'm still here if ($usertoken != '') { $res = mysql_query("UPDATE organizer_chat_user SET last_active='{$timestamp}',typing='{$typing}' WHERE user_token='{$usertoken}'"); } # get messages $msg = '<?xml version="1.0"?><messages>';
$data = $base_instance->get_data('SELECT * FROM ' . $base_instance->entity['USER']['MAIN'] . ' WHERE ID=' . _GUEST_USERID); $username = $data[1]->username; $pw = $data[1]->user_password; } else { if (isset($_REQUEST['username'])) { $username = sql_safe($_REQUEST['username']); } else { $username = ''; } if (isset($_REQUEST['pw'])) { $pw = sql_safe($_REQUEST['pw']); } else { $pw = ''; } if (isset($_GET['secure_pw'])) { $secure_pw = sql_safe($_GET['secure_pw']); } else { $secure_pw = ''; } } if (empty($username) && empty($pw)) { header('Location: sign-up.php'); exit; } if ($username && ($pw or $secure_pw)) { if (isset($_GET['guest'])) { $pw_sha1 = $pw; } else { if (isset($_GET['secure_pw'])) { $pw_sha1 = $_GET['secure_pw']; } else {
function spam_remove_old($type, $time_str) { if ($type == "comment") { $created = "added"; } else { if ($type == "feedback") { $created = "created"; } else { if ($type == "FAQ") { $created = "created"; } } } $sql = "DELETE FROM " . PREFIX . sql_safe($type) . " \n\tWHERE is_spam>0 \n\tAND {$created}<'" . date("YmdHis", strtotime("- " . $time_str)) . "';"; // echo "<br />DEBUG2258 ".$sql; mysql_query($sql); }
} else { if (!$followup) { $error .= '<li> Title cannot be left blank'; } } if ($text) { $text = trim($text); if (strlen($text) > 65535) { $error .= '<li> Text is too long (Max. 65535 Characters)'; } } else { $error .= '<li> Message cannot be left blank'; } if (!$error) { $datetime = $_POST['datetime']; $base_instance->query('INSERT INTO ' . $base_instance->entity['FORUM']['MAIN'] . ' (datetime,updated,text,title,followup,user) VALUES ("' . sql_safe($datetime) . '","' . sql_safe($datetime) . '","' . sql_safe($text) . '","' . sql_safe($title) . '",' . $followup . ',' . $userid . ')'); if (_FORUM_NOTIFY == 1 && $userid != _ADMIN_USERID) { $msg = "New Forum Message:\n\n" . $title . "\n\n" . $text; $base_instance->send_email_from_admin('New Forum Message Notification', $msg, _ADMIN_EMAIL); } header('Location: show-forum.php'); exit; } else { $html_instance->error_message = $error; $text = stripslashes($text); $title = stripslashes($title); } } $html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'New Forum Message', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.title.focus()"', 'BUTTON_TEXT' => 'Post new Message')); $html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'followup', 'VALUE' => "{$followup}")); $html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title', 'VALUE' => "{$title}", 'SIZE' => 50, 'TEXT' => 'Title'));
if (file_exists("include/files/" . $result->demo_file . "_thumb")) { unlink("include/files/" . $result->demo_file . "_thumb"); } if (unlink("include/files/" . $result->demo_file)) { //if file deleted, remove db entry $query2 = mysql_query("DELETE FROM `" . $config->db_prefix . "_files` WHERE `id`=" . $result->id . " LIMIT 1") or die(mysql_error()); } } } //delete all comments for the ban $query = mysql_query("DELETE FROM `" . $config->db_prefix . "_comments` WHERE `bid`=" . $bid) or die(mysql_error()); //get ban details $ban_row = sql_get_ban_details($bid); //delete the ban $query = mysql_query("DELETE FROM `" . $config->db_prefix . "_bans` WHERE `bid`=" . $bid . " LIMIT 1") or die(mysql_error()); log_to_db("Ban edit", "Deleted ban: ID " . $bid . " (<" . sql_safe($ban_row["player_nick"]) . "> <" . sql_safe($ban_row["player_id"]) . ">)"); //redirect to start page if ($query) { header("Location:index.php"); exit; } } $smarty->assign("meta", ""); $smarty->assign("title", $title); $smarty->assign("title2", $title2); $smarty->assign("version_web", $config->v_web); // amxbans.css included in the design? if not use it from default if (file_exists("templates/" . $config->design . "/amxbans.css")) { $smarty->assign("design", $config->design); } $smarty->assign("dir", $config->document_root);
$userid = $base_instance->get_userid(); $category_id = isset($_REQUEST['category_id']) ? (int) $_REQUEST['category_id'] : exit; if (isset($_POST['save'])) { $error = ''; $title = $_POST['title']; if (!$title) { $error .= '<li> Title cannot be left blank'; } else { $title = trim($title); if (strlen($title) > 50) { $error .= '<li> Title is too long (Max. 50 Characters)'; } $title = str_replace('"', '"', $title); } if (!$error) { $base_instance->query('UPDATE ' . $base_instance->entity['BLOG']['CATEGORY'] . ' SET title="' . sql_safe($title) . '" WHERE user='******' AND ID=' . $category_id); $base_instance->show_message('Blog Category updated', '<a href="add-blog.php?category_id=' . $category_id . '">[Add Blog Post]</a> <a href="add-blog-category.php">[Add Category]</a> <a href="edit-blog-category.php?category_id=' . $category_id . '">[Edit]</a> <a href="javascript:void(window.open(\'delete-blog-category.php?category_id=' . $category_id . '\',\'\',\'width=450,height=200,top=100,left=100\'))">[Delete]</a><p><a href="show-blog-categories.php">[Show Blog Categories]</a>'); } else { $html_instance->error_message = $error; } } else { $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['BLOG']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'"); if (!$data) { $base_instance->show_message('Blog Category not found'); exit; } $title = $data[1]->title; } $html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Edit Blog Category', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.title.focus()"', 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '20%', 'BUTTON_TEXT' => 'Update Category')); $html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'category_id', 'VALUE' => $category_id)); $html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title', 'VALUE' => $title, 'SIZE' => 35, 'TEXT' => 'Title'));
function feedback_get_main_parent($id) { $sql = "SELECT merged_with FROM " . PREFIX . "feedback WHERE id=" . sql_safe($id) . ";"; if ($ff = mysql_query($sql)) { if ($f = mysql_fetch_assoc($ff)) { if ($f['merged_with'] !== NULL) { return feedback_get_main_parent($f['merged_with']); } } } return $id; }
$base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['SELECT_VALUES']} (date, user, value, data_id,select_field_id,category_id) VALUES ('{$date}',{$userid},{$value},{$insert_id},{$ID},{$category_id})"); } } unset($data); # insert number values $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['NUMBER_FIELDS']} WHERE user='******' AND category_id='{$category_id}'"); for ($index = 1; $index <= sizeof($data); $index++) { $ID = $data[$index]->ID; $value = sql_safe($_POST['number' . $ID]); $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['NUMBER_VALUES']} (date,user,value,data_id,number_field_id,category_id) VALUES ('{$date}',{$userid},'{$value}',{$insert_id},{$ID},{$category_id})"); } # insert text values $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['TEXT_FIELDS']} WHERE user='******' AND category_id='{$category_id}'"); for ($index = 1; $index <= sizeof($data); $index++) { $ID = $data[$index]->ID; $value = sql_safe($_POST['text' . $ID]); $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['TEXT_VALUES']} (date,user,value,data_id,text_field_id,category_id) VALUES ('{$date}',{$userid},'{$value}',{$insert_id},{$ID},{$category_id})"); } $base_instance->show_message('Data saved', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelData(item){if(confirm("Delete Data?")){http.open(\'get\',\'delete-database-data.php?item=\'+item); http.send(null);}}</script> <a href="add-database-data.php?category_id=' . $category_id . '">[Add more]</a> <a href="edit-database-data.php?data_id=' . $insert_id . '">[Edit]</a> <a href="javascript:DelData(\'' . $insert_id . '\')">[Delete]</a> <a href="show-database-data.php?category_id=' . $category_id . '">[Show all Data]</a><p>'); } else { $html_instance->error_message = $error; $title = stripslashes($title); } } $day = date('j'); $month = date('n'); $year = date('Y'); $title = isset($_POST['title']) ? $_POST['title'] : ''; $html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Data', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BUTTON_TEXT' => 'Save Data'));
$error .= '<li> Text cannot be left blank'; } else { $diary_text = trim($diary_text); if (strlen($diary_text) > 65535) { $error .= '<li> Text is too long (Max. 65535 Characters)'; } } if (!$error) { $date = $year . '-' . $month . '-' . $day; $data = $base_instance->get_data("SELECT ID FROM {$base_instance->entity['DIARY']['MAIN']} WHERE date='{$date}' AND user='******'"); if (isset($data)) { $diary_id = $data[1]->ID; $base_instance->query('UPDATE ' . $base_instance->entity['DIARY']['MAIN'] . ' SET text="' . sql_safe($diary_text) . '",title="' . sql_safe($title) . '" WHERE user='******' AND ID=' . $diary_id); } else { $today = date('Y-m-d'); $base_instance->query('INSERT INTO ' . $base_instance->entity['DIARY']['MAIN'] . ' (date,text,title,user,last_shown) VALUES ("' . sql_safe($date) . '","' . sql_safe($diary_text) . '","' . sql_safe($title) . '",' . $userid . ',"' . $today . '")'); $diary_id = mysqli_insert_id($base_instance->db_link); } $base_instance->show_message('Diary saved', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelDiary(item){if(confirm("Delete Diary?")){http.open(\'get\',\'delete-diary.php?item=\'+item); http.send(null);}}</script> <a href="add-diary.php?day=' . $day . '&month=' . $month . '&year=' . $year . '">[Edit]</a> <a href="javascript:DelDiary(\'' . $diary_id . '\')">[Delete]</a> <a href="send-content.php?diary_id=' . $diary_id . '">[Send]</a> <a href="show-diary.php">[Show all]</a><p>'); } else { $all_text = '<blockquote><font color="#ff0000"><ul>' . $error . '</ul></font></blockquote>'; $diary_text = stripslashes($diary_text); $title = stripslashes($title); } } elseif (isset($diary_id)) { $data = $base_instance->get_data("SELECT ID,date,text,title FROM {$base_instance->entity['DIARY']['MAIN']} WHERE ID='{$diary_id}' AND user='******'"); if (!$data) { $base_instance->show_message('Diary entry not found', '', 1); }
$title_field = str_replace('"', '"', $title_field); if (strlen($title_field) > 100) { $error .= '<li> Title too long'; } } if (!$error) { $base_instance->query('UPDATE ' . $base_instance->entity['DATABASE']['CHECKBOX_FIELDS'] . ' SET title="' . sql_safe($title_field) . '" WHERE user='******' AND ID=' . $checkbox_field_id); # for ($index = 1; $index <= $number_of_fields; $index++) { $title_var = $_POST['name_checkbox_field_item_' . $index]; $id_var = (int) $_POST['id_checkbox_field_item_' . $index]; if ($title_var) { if ($id_var) { $base_instance->query('UPDATE ' . $base_instance->entity['DATABASE']['CHECKBOX_ITEMS'] . ' SET title="' . sql_safe($title_var) . '" WHERE user='******' AND ID=' . $id_var); } else { $base_instance->query('INSERT INTO ' . $base_instance->entity['DATABASE']['CHECKBOX_ITEMS'] . ' (title,user,checkbox_field_id) VALUES ("' . sql_safe($title_var) . '",' . $userid . ',' . $checkbox_field_id . ')'); } } } $base_instance->show_message('Field upated', '<a href="edit-database-checkbox-field.php?checkbox_field_id=' . $checkbox_field_id . '">[Edit Field]</a> <a href="javascript:void(window.open(\'delete-database-checkbox-field.php?checkbox_field_id=' . $checkbox_field_id . '\',\'\',\'width=450,height=200,top=100,left=100\'))">[Delete Field]</a>'); } else { $html_instance->error_message = $error; } } else { $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['CHECKBOX_FIELDS']} WHERE user='******' AND ID='{$checkbox_field_id}'"); if (!$data) { $base_instance->show_message('Database field not found'); exit; } $title_field = $data[1]->title; $data = $base_instance->get_data("SELECT * FROM {$base_instance->entity['DATABASE']['CHECKBOX_ITEMS']} WHERE user='******' AND checkbox_field_id='{$checkbox_field_id}' ORDER BY ID ASC");
$html_instance = new html(); $userid = $base_instance->get_userid(); if (isset($_POST['save'])) { $error = ''; $about_me = $_POST['about_me']; $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $country = (int) $_POST['country']; if (!empty($about_me)) { $about_me = trim($about_me); if (strlen($about_me) > 65535) { $error .= '<li> Text is too long (Max. 65535 Characters)'; } } if (!$error) { $base_instance->query('UPDATE ' . $base_instance->entity['USER']['MAIN'] . ' SET about_me="' . sql_safe($about_me) . '",firstname="' . sql_safe($firstname) . '",lastname="' . sql_safe($lastname) . '",country=' . $country . ' WHERE ID=' . $userid); $base_instance->show_message('About Me page updated', '<a href="show-user.php?userid=' . $userid . '">[View Profile Page]</a>'); } else { $html_instance->error_message = $error; } } else { $data = $base_instance->get_data("SELECT about_me,firstname,lastname,country FROM {$base_instance->entity['USER']['MAIN']} WHERE ID='{$userid}'"); $about_me = $data[1]->about_me; $firstname = $data[1]->firstname; $lastname = $data[1]->lastname; $country = $data[1]->country; } $html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'About Me', 'TEXT_CENTER' => 'The About Me text is a public text which appears in your profile.<br>Firstname and lastname is not public, it will only be used for sending emails within the Organizer.<p>', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.about_me.focus()"', 'BUTTON_TEXT' => 'Update')); $html_instance->add_form_field(array('TYPE' => 'textarea', 'NAME' => 'about_me', 'VALUE' => "{$about_me}", 'TEXT' => 'About me', 'COLS' => 80, 'ROWS' => 4)); $html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'firstname', 'VALUE' => "{$firstname}", 'SIZE' => 35, 'TEXT' => 'Firstname')); $html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'lastname', 'VALUE' => "{$lastname}", 'SIZE' => 35, 'TEXT' => 'Lastname'));
$sql = "UPDATE " . PREFIX . "feedback SET size=3 WHERE id=" . sql_safe($_GET['id']) . ";"; mysql_query($sql); feedback_display_size_buttons($_GET['id'], $_GET['div_id']); } else { if ($_GET['operation'] == "big_change") { $sql = "UPDATE " . PREFIX . "feedback SET size=4 WHERE id=" . sql_safe($_GET['id']) . ";"; mysql_query($sql); feedback_display_size_buttons($_GET['id'], $_GET['div_id']); } else { if ($_GET['operation'] == "merge" && isset($_GET['extra'])) { $sql = "UPDATE " . PREFIX . "feedback SET merged_with=" . sql_safe($_GET['extra']) . " WHERE id=" . sql_safe($_GET['id']) . ";"; mysql_query($sql); feedback_display_merge_form($_GET['id'], $_GET['div_id']); } else { if ($_GET['operation'] == "unmerge") { $sql = "UPDATE " . PREFIX . "feedback SET merged_with=NULL WHERE id=" . sql_safe($_GET['id']) . ";"; mysql_query($sql); feedback_display_merge_form($_GET['id'], $_GET['div_id']); } } } } } } } } } } } } }
function comment_display_author_text($comment_id) { $sql = "SELECT user, nick, email, url, added FROM " . PREFIX . "comment WHERE id=" . sql_safe($comment_id) . ";"; if ($cc = mysql_query($sql)) { if ($c = mysql_fetch_assoc($cc)) { $comment_time = date("Y-m-d H:i", strtotime($c['added'])); $comment_link = comment_get_link($comment_id); $user_link = NULL; if ($c['user'] !== NULL) { $user_name = user_get_name($c['user']); $user_link = user_get_link($c['user']); } else { if ($c['nick'] !== NULL) { $user_name = $c['nick']; $user_link = "<a href=\"" . $c['url'] . "\">" . $user_name . "</a>"; } } //Kolla om författaren är admin if (user_get_admin($c['user']) > 1) { $admin = " " . _("(Admin)"); } else { $admin = ""; } if (!isset($user_name)) { echo sprintf(_("Posted at <a href=\"%s\">%s</a>"), $comment_link, $comment_time); } else { if ($user_link == NULL) { echo sprintf(_("Posted by %s%s at <a href=\"%s\">%s</a>"), $user_name, $admin, $comment_link, $comment_time); } else { echo sprintf(_("Posted by %s%s at <a href=\"%s\">%s</a>"), $user_link, $admin, $comment_link, $comment_time); } } } } }
require 'class.base.php'; require 'class.html.php'; $base_instance = new base(); $html_instance = new html(); $userid = $base_instance->get_userid(); if (isset($_POST['save'])) { $error = ''; $title = $_POST['title']; if (!$title) { $error .= '<li> Title cannot be left blank'; } else { $title = trim($title); if (strlen($title) > 50) { $error .= '<li> Title is too long (Max. 50 Characters)'; } $title = str_replace('"', '"', $title); } if (!$error) { $title = sql_safe($title); $html_instance->check_for_duplicates_by_title('NOTE', 'CATEGORY', $title, $userid); $base_instance->query('INSERT INTO ' . $base_instance->entity['NOTE']['CATEGORY'] . ' (title,user) VALUES ("' . $title . '",' . $userid . ')'); $cat_id = mysqli_insert_id($base_instance->db_link); $base_instance->show_message('Notes Category saved', '<a href="add-note.php?category_id=' . $cat_id . '">[Add Note]</a> <a href="add-note-category.php">[Add Category]</a> <a href="edit-note-category.php?category_id=' . $cat_id . '">[Edit]</a> <a href="javascript:void(window.open(\'delete-note-category.php?category_id=' . $cat_id . '\',\'\',\'width=450,height=200,top=100,left=100\'))">[Delete]</a><p><a href="show-note-categories.php">[Show Notes Categories]</a>'); } else { $html_instance->error_message = $error; $title = stripslashes($title); } } $html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Notes Category', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'BODY' => 'onLoad="javascript:document.form1.title.focus()"', 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '20%', 'BUTTON_TEXT' => 'Save Category')); $html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title', 'VALUE' => '', 'SIZE' => 35, 'TEXT' => 'Title')); $html_instance->process();
} if (!empty($feed) && !$title) { $error .= '<li> Feed Title ' . $index . ' cannot be left empty'; } $data = $base_instance->get_data('SELECT ID FROM ' . $base_instance->entity['RSS']['MAIN'] . ' WHERE feed="' . sql_safe($feed) . '" AND user='******'<li> RSS Feed ' . $index . ' already saved'; } } if (!$error) { for ($index = 1; $index <= $number_of_fields; $index++) { if (!empty($_POST['title' . $index])) { $title = $_POST['title' . $index]; $feed = $_POST['feed' . $index]; $max_items = $_POST['max_items' . $index]; $base_instance->query('INSERT INTO ' . $base_instance->entity['RSS']['MAIN'] . ' (user,feed,title,max_items) VALUES (' . $userid . ',"' . sql_safe($feed) . '","' . sql_safe($title) . '","' . sql_safe($max_items) . '")'); } } $base_instance->show_message('RSS Feeds saved', '<a href="add-rss-feeds.php">[Add RSS Feeds]</a> <a href="show-rss-feeds.php">[Show RSS Feeds]</a><p><a href="show-home.php">[Edit Homepages]</a>'); } else { $html_instance->error_message = $error; } } if (isset($_POST['more_fields'])) { $number_of_fields += 3; $text = '<table>'; for ($index = 1; $index <= $number_of_fields; $index++) { if (isset($_POST['title' . $index])) { $title = stripslashes($_POST['title' . $index]); } else { $title = '';
<?php require 'class.base.php'; require 'class.html.php'; $base_instance = new base(); $html_instance = new html(); $userid = $base_instance->get_userid(); $category_id = isset($_REQUEST['category_id']) ? (int) $_REQUEST['category_id'] : exit; if (isset($_POST['save_it'])) { $title_text_field = sql_safe($_POST['title_text_field']); $base_instance->query("INSERT INTO {$base_instance->entity['DATABASE']['TEXT_FIELDS']} (user,title,category_id) VALUES ({$userid},'{$title_text_field}',{$category_id})"); $field_id = mysqli_insert_id($base_instance->db_link); $base_instance->show_message('Field saved', '<a href="add-database-number-field.php?category_id=' . $category_id . '">[Add Number Field]</a> <a href="add-database-text-field.php?category_id=' . $category_id . '">[Add Text Field]</a><p> <a href="add-database-select-field.php?category_id=' . $category_id . '">[Add Select Field]</a> <a href="add-database-checkbox-field.php?category_id=' . $category_id . '">[Add Checkbox Field]</a><p><a href="add-database-data.php?category_id=' . $category_id . '">[Add Data]</a> <a href="edit-database-text-field.php?text_field_id=' . $field_id . '">[Edit Field]</a> <a href="show-database-data.php?category_id=' . $category_id . '">[Show all Data]</a>'); } $html_instance->add_parameter(array('ACTION' => 'show_form', 'HEADER' => 'Add Text Field', 'FORM_ACTION' => $_SERVER['PHP_SELF'], 'INNER_TABLE_WIDTH' => '400', 'TD_WIDTH' => '30%', 'BUTTON_TEXT' => 'Save Field')); $html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'save_it', 'VALUE' => 1)); $html_instance->add_form_field(array('TYPE' => 'hidden', 'NAME' => 'category_id', 'VALUE' => "{$category_id}")); $html_instance->add_form_field(array('TYPE' => 'text', 'NAME' => 'title_text_field', 'VALUE' => '', 'SIZE' => 35, 'TEXT' => 'Name of Field')); $html_instance->process();
function task_get_name($task_id) { $sql = "SELECT \n\t\tname\n\tFROM task \n\tWHERE id=" . sql_safe($task_id) . ";"; if ($cc = mysql_query($sql)) { if ($c = mysql_fetch_assoc($cc)) { return $c['name']; } } return NULL; }
if (strlen($new_category) > 50) { $error .= '<li> Category title is too long (Max. 50 Characters)'; } } if (!$error) { if ($new_category) { $base_instance->query('INSERT INTO ' . $base_instance->entity['CONTACT']['CATEGORY'] . ' (title,user) VALUES ("' . sql_safe($new_category) . '",' . $userid . ')'); $category_id = mysqli_insert_id($base_instance->db_link); } $datetime = $_POST['datetime']; $html_instance->check_for_duplicates('CONTACT', 'MAIN', $datetime, $userid); $firstname = str_replace('"', '"', $firstname); $lastname = str_replace('"', '"', $lastname); $address = str_replace('"', '"', $address); $company = str_replace('"', '"', $company); $base_instance->query('INSERT INTO ' . $base_instance->entity['CONTACT']['MAIN'] . ' (datetime,user,firstname,lastname,email,telephone,fax,mobile,address,notes,company,url,category,public) VALUES ("' . sql_safe($datetime) . '",' . $userid . ',"' . sql_safe($firstname) . '","' . sql_safe($lastname) . '","' . sql_safe($email) . '","' . sql_safe($telephone) . '","' . sql_safe($fax) . '","' . sql_safe($mobile) . '","' . sql_safe($address) . '","' . sql_safe($notes) . '","' . sql_safe($company) . '","' . sql_safe($url) . '",' . $category_id . ',' . $public . ')'); $contact_id = mysqli_insert_id($base_instance->db_link); $data = $base_instance->get_data("SELECT title FROM {$base_instance->entity['CONTACT']['CATEGORY']} WHERE user='******' AND ID='{$category_id}'"); $cat_title = $data[1]->title; $base_instance->show_message('Contact saved', '<script language="JavaScript" type="text/javascript">function createRequestObject(){try{var requester=new XMLHttpRequest();}catch(error){try{var requester=new ActiveXObject("Microsoft.XMLHTTP");}catch(error){return false;}} return requester;}var http=createRequestObject();function DelContact(item){if(confirm("Delete Contact?")){http.open(\'get\',\'delete-contact.php?item=\'+item); http.send(null);}}</script> <a href="add-contact.php?category_id=' . $category_id . '">[Add more]</a> <a href="edit-contact.php?contact_id=' . $contact_id . '">[Edit]</a> <a href="javascript:DelContact(\'' . $contact_id . '\')">[Delete]</a> <a href="send-content.php?contact_id=' . $contact_id . '">[Send]</a><p><a href="show-contact-categories.php">[Show all Categories]</a> <a href="show-contact.php">[Show all Contacts]</a><p><b>Internal Link:</b> [c' . $contact_id . '] <b>Category:</b> ' . $cat_title . ' <a href="show-contact.php?category_id=' . $category_id . '">[Show]</a>'); } else { $html_instance->error_message = $error; $company = stripslashes($company); $address = stripslashes($address); $notes = stripslashes($notes); } } # default category if (!$category_id) {
$cat_header = ''; $minus = ''; if (empty($_GET['order_type'])) { $order_type = 'DESC'; } else { $order_type = sql_safe($_GET['order_type']); $sort .= 'order_type=' . $order_type . '&'; } if (empty($_GET['order_col'])) { $order_col = 'ttv'; } else { $order_col = sql_safe($_GET['order_col']); $sort .= 'order_col=' . $order_col . '&'; } if (isset($_REQUEST['text_search'])) { $text_search = sql_safe($_REQUEST['text_search']); $query .= " AND (subtitle LIKE '%{$text_search}%' OR url LIKE '%{$text_search}%' OR title LIKE '%{$text_search}%' OR notes LIKE '%{$text_search}%' OR keywords LIKE '%{$text_search}%') "; $param .= 'text_search=' . $text_search . '&'; } else { $text_search = ''; } if (isset($_REQUEST['category_id'])) { $category_id = (int) $_REQUEST['category_id']; $cat_name = $misc_instance->get_link_category($category_id); $cat_header = ' (Category ' . $cat_name . ')'; $query .= " AND (category={$category_id}) "; $param .= 'category_id=' . $category_id . '&'; } if (isset($_GET['bluebox'])) { $where = "WHERE ((DATE_ADD(last_visit, INTERVAL frequency SECOND)<'{$datetime}' AND frequency_mode=3) OR frequency_mode=1) AND user='******' {$query}"; $header = 'Bluebox (Links Due) <a href="' . $_SERVER['PHP_SELF'] . '?' . $sort . $param . 'show_all=1">[Show all Links]</a>';