function register_vote(&$options, $poll_id, $opt_id, $mid) { /* invalid option or previously voted */ if (!isset($options[$opt_id]) || q_singleval('SELECT id FROM phpgw_fud_poll_opt_track WHERE poll_id=' . $poll_id . ' AND user_id=' . _uid)) { return; } if (db_li('INSERT INTO phpgw_fud_poll_opt_track(poll_id, user_id, poll_opt) VALUES(' . $poll_id . ', ' . _uid . ', ' . $opt_id . ')', $a)) { q('UPDATE phpgw_fud_poll_opt SET count=count+1 WHERE id=' . $opt_id); q('UPDATE phpgw_fud_poll SET total_votes=total_votes+1 WHERE id=' . $poll_id); poll_cache_rebuild($opt_id, $options); q('UPDATE phpgw_fud_msg SET poll_cache=' . strnull(addslashes(@serialize($options))) . ' WHERE id=' . $mid); } return 1; }
function logaction($user_id, $res, $res_id = 0, $action = null) { q('INSERT INTO phpgw_fud_action_log (logtime, logaction, user_id, a_res, a_res_id) VALUES(' . __request_timestamp__ . ', ' . strnull($action) . ', ' . $user_id . ', ' . strnull($res) . ', ' . (int) $res_id . ')'); }
function sync() { $this->post_stamp = __request_timestamp__; $this->ip_addr = get_ip(); $this->host_name = $GLOBALS['FUD_OPT_1'] & 268435456 ? "'" . addslashes(get_host($this->ip_addr)) . "'" : 'NULL'; list($this->foff, $this->length) = write_pmsg_body($this->body); q("UPDATE phpgw_fud_pmsg SET\n\t\t\tto_list=" . strnull(addslashes($this->to_list)) . ",\n\t\t\ticon=" . strnull($this->icon) . ",\n\t\t\touser_id=" . $this->ouser_id . ",\n\t\t\tduser_id=" . $this->ouser_id . ",\n\t\t\tpost_stamp=" . $this->post_stamp . ",\n\t\t\tsubject='" . addslashes($this->subject) . "',\n\t\t\tip_addr='" . $this->ip_addr . "',\n\t\t\thost_name=" . $this->host_name . ",\n\t\t\tattach_cnt=" . (int) $this->attach_cnt . ",\n\t\t\tfldr=" . $this->fldr . ",\n\t\t\tfoff=" . (int) $this->foff . ",\n\t\t\tlength=" . (int) $this->length . ",\n\t\t\tpmsg_opt=" . $this->pmsg_opt . "\n\t\tWHERE id=" . $this->id); if ($this->fldr == 3) { $this->send_pmsg(); } }
<?php exit; } else { if (isset($_POST['btn_yes'])) { q('UPDATE ' . $DBHOST_TBL_PREFIX . 'users SET users_opt=(users_opt & ~ 524288) | 1048576 WHERE id=' . $usr_id); $u->users_opt |= 1048576; } } } break; } $search_error = $login_error = ''; if ($usr_id) { /* deal with custom tags */ if (!empty($_POST['c_tag'])) { q('INSERT INTO ' . $DBHOST_TBL_PREFIX . 'custom_tags (name, user_id) VALUES(' . strnull(addslashes($_POST['c_tag'])) . ', ' . $usr_id . ')'); } else { if (!empty($_GET['deltag'])) { q('DELETE FROM ' . $DBHOST_TBL_PREFIX . 'custom_tags WHERE id=' . (int) $_GET['deltag']); } else { $nada = 1; } } if (!isset($nada) && db_affected()) { ctag_rebuild_cache($usr_id); } } else { if (!empty($_POST['usr_email']) || !empty($_POST['usr_login'])) { /* user searching logic */ $item = !empty($_POST['usr_email']) ? $_POST['usr_email'] : $_POST['usr_login']; $field = !empty($_POST['usr_email']) ? 'email' : ($FUD_OPT_2 & 128 ? 'alias' : 'login');
function sync($id, $frm_id, $message_threshold, $perm) { if (!db_locked()) { db_lock('phpgw_fud_poll_opt WRITE, phpgw_fud_forum WRITE, phpgw_fud_msg WRITE, phpgw_fud_thread WRITE, phpgw_fud_thread_view WRITE'); $ll = 1; } $file_id = write_body($this->body, $length, $offset); /* determine if preview needs building */ if ($message_threshold && $message_threshold < strlen($this->body)) { $thres_body = trim_html($this->body, $message_threshold); $file_id_preview = write_body($thres_body, $length_preview, $offset_preview); } else { $file_id_preview = $offset_preview = $length_preview = 0; } poll_cache_rebuild($this->poll_id, $poll_cache); $poll_cache = $poll_cache ? @serialize($poll_cache) : null; q("UPDATE phpgw_fud_msg SET\n\t\t\tfile_id=" . $file_id . ",\n\t\t\tfoff=" . (int) $offset . ",\n\t\t\tlength=" . (int) $length . ",\n\t\t\tmlist_msg_id=" . strnull(addslashes($this->mlist_msg_id)) . ",\n\t\t\tfile_id_preview=" . $file_id_preview . ",\n\t\t\toffset_preview=" . $offset_preview . ",\n\t\t\tlength_preview=" . $length_preview . ",\n\t\t\tupdated_by=" . $id . ",\n\t\t\tmsg_opt=" . $this->msg_opt . ",\n\t\t\tattach_cnt=" . (int) $this->attach_cnt . ",\n\t\t\tpoll_id=" . (int) $this->poll_id . ",\n\t\t\tupdate_stamp=" . __request_timestamp__ . ",\n\t\t\ticon=" . strnull(addslashes($this->icon)) . " ,\n\t\t\tpoll_cache=" . strnull(addslashes($poll_cache)) . ",\n\t\t\tsubject=" . strnull(addslashes($this->subject)) . "\n\t\tWHERE id=" . $this->id); /* determine wether or not we should deal with locked & sticky stuff * current approach may seem a little redundant, but for (most) users who * do not have access to locking & sticky this eliminated a query. */ $th_data = db_saq('SELECT orderexpiry, thread_opt, root_msg_id FROM phpgw_fud_thread WHERE id=' . $this->thread_id); $locked = (int) isset($_POST['thr_locked']); if (isset($_POST['thr_ordertype'], $_POST['thr_orderexpiry']) || ($th_data[1] ^ $locked) & 1) { $thread_opt = (int) $th_data[1]; $orderexpiry = isset($_POST['thr_orderexpiry']) ? (int) $_POST['thr_orderexpiry'] : 0; /* confirm that user has ability to change lock status of the thread */ if ($perm & 4096) { if ($locked && !($thread_opt & $locked)) { $thread_opt |= 1; } else { if (!$locked && $thread_opt & 1) { $thread_opt &= ~1; } } } /* confirm that user has ability to change sticky status of the thread */ if ($th_data[2] == $this->id && isset($_POST['thr_ordertype'], $_POST['thr_orderexpiry']) && $perm & 64) { if (!$_POST['thr_ordertype'] && $thread_opt > 1) { $orderexpiry = 0; $thread_opt &= ~6; } else { if ($thread_opt < 2 && (int) $_POST['thr_ordertype']) { $thread_opt |= $_POST['thr_ordertype']; } else { if (!($thread_opt & (int) $_POST['thr_ordertype'])) { $thread_opt = $_POST['thr_ordertype'] | $thread_opt & 1; } } } } /* Determine if any work needs to be done */ if ($thread_opt != $th_data[1] || $orderexpiry != $th_data[0]) { q("UPDATE phpgw_fud_thread SET thread_opt=" . $thread_opt . ", orderexpiry=" . $orderexpiry . " WHERE id=" . $this->thread_id); /* Avoid rebuilding the forum view whenever possible, since it's a rather slow process * Only rebuild if expiry time has changed or message gained/lost sticky status */ $diff = $thread_opt ^ $th_data[1]; if ($diff > 1 && !($diff & 6) || $orderexpiry != $th_data[0]) { rebuild_forum_view($frm_id); } } } if (isset($ll)) { db_unlock(); } if ($GLOBALS['FUD_OPT_1'] & 16777216) { delete_msg_index($this->id); index_text(preg_match('!^Re: !i', $this->subject) ? '' : $this->subject, $this->body, $this->id); } }
function rebuildmodlist() { $tbl =& $GLOBALS['DBHOST_TBL_PREFIX']; $lmt =& $GLOBALS['SHOW_N_MODS']; $c = uq('SELECT u.id, u.alias, f.id FROM ' . $tbl . 'mod mm INNER JOIN ' . $tbl . 'users u ON mm.user_id=u.id INNER JOIN ' . $tbl . 'forum f ON f.id=mm.forum_id ORDER BY f.id,u.alias'); while ($r = db_rowarr($c)) { $u[] = $r[0]; if (isset($ar[$r[2]]) && count($ar[$r[2]]) >= $lmt) { continue; } $ar[$r[2]][$r[0]] = $r[1]; } q('UPDATE ' . $tbl . 'forum SET moderators=NULL'); if (isset($ar)) { foreach ($ar as $k => $v) { q('UPDATE ' . $tbl . 'forum SET moderators=' . strnull(addslashes(@serialize($v))) . ' WHERE id=' . $k); } } q('UPDATE ' . $tbl . 'users SET users_opt=users_opt & ~ 524288 WHERE users_opt>=524288 AND (users_opt & 524288) > 0'); if (isset($u)) { q('UPDATE ' . $tbl . 'users SET users_opt=users_opt|524288 WHERE id IN(' . implode(',', $u) . ') AND (users_opt & 1048576)=0'); } }
function rebuild_stats_cache($last_msg_id) { $tm_expire = __request_timestamp__ - $GLOBALS['LOGEDIN_TIMEOUT'] * 60; list($obj->last_user_id, $obj->user_count) = db_saq('SELECT MAX(id), count(*)-1 FROM phpgw_fud_users'); $obj->online_users_anon = q_singleval('SELECT count(*) FROM phpgw_fud_ses s WHERE time_sec>' . $tm_expire . ' AND user_id>2000000000'); $obj->online_users_hidden = q_singleval('SELECT count(*) FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id WHERE s.time_sec>' . $tm_expire . ' AND (u.users_opt & 32768) > 0'); $obj->online_users_reg = q_singleval('SELECT count(*) FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id WHERE s.time_sec>' . $tm_expire . ' AND (u.users_opt & 32768)=0'); $c = uq('SELECT u.id, u.alias, u.users_opt, u.custom_color FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id WHERE s.time_sec>' . $tm_expire . ' AND (u.users_opt & 32768)=0 ORDER BY s.time_sec DESC LIMIT ' . $GLOBALS['MAX_LOGGEDIN_USERS']); while ($r = db_rowarr($c)) { $obj->online_users_text[$r[0]] = draw_user_link($r[1], $r[2], $r[3]); } q('UPDATE phpgw_fud_stats_cache SET cache_age=' . __request_timestamp__ . ', last_user_id=' . (int) $obj->last_user_id . ', user_count=' . (int) $obj->user_count . ', online_users_anon=' . (int) $obj->online_users_anon . ', online_users_hidden=' . (int) $obj->online_users_hidden . ', online_users_reg=' . (int) $obj->online_users_reg . ', online_users_text=' . strnull(addslashes(@serialize($obj->online_users_text)))); $obj->last_user_alias = q_singleval('SELECT alias FROM phpgw_fud_users WHERE id=' . $obj->last_user_id); $obj->last_msg_subject = q_singleval('SELECT subject FROM phpgw_fud_msg WHERE id=' . $last_msg_id); return $obj; }
list($mime_descr, $mime_mime_hdr, $mime_fl_ext, $mime_icon) = db_saq('SELECT descr, mime_hdr, fl_ext, icon FROM ' . $tbl . 'mime WHERE id=' . (int) $_GET['edit']); $edit = (int) $_GET['edit']; } else { $mime_icon = $edit = $mime_descr = $mime_mime_hdr = $mime_fl_ext = ''; } if (isset($_FILES['icoul']) && $_FILES['icoul']['size'] && preg_match('!\\.(jpg|jpeg|gif|png)$!i', $_FILES['icoul']['name'])) { move_uploaded_file($_FILES['icoul']['tmp_name'], $GLOBALS['WWW_ROOT_DISK'] . 'images/mime/' . $_FILES['icoul']['name']); if (empty($_POST['mime_icon'])) { $_POST['mime_icon'] = $_FILES['icoul']['name']; } } if (isset($_POST['btn_update'], $_POST['edit'])) { q('UPDATE ' . $tbl . 'mime SET descr=' . strnull(addslashes($_POST['mime_descr'])) . ', mime_hdr=' . strnull(addslashes($_POST['mime_mime_hdr'])) . ', fl_ext=' . strnull(addslashes($_POST['mime_fl_ext'])) . ', icon=' . strnull(addslashes($_POST['mime_icon'])) . ' WHERE id=' . (int) $_POST['edit']); } else { if (isset($_POST['btn_submit'])) { q('INSERT INTO ' . $tbl . 'mime (descr, mime_hdr, fl_ext, icon) VALUES (' . strnull(addslashes($_POST['mime_descr'])) . ', ' . strnull(addslashes($_POST['mime_mime_hdr'])) . ', ' . strnull(addslashes($_POST['mime_fl_ext'])) . ', ' . strnull(addslashes($_POST['mime_icon'])) . ')'); } } require $WWW_ROOT_DISK . 'adm/admpanel.php'; ?> <h2>MIME Management System</h2> <table class="datatable solidtable"> <form action="admmime.php" name="frm_mime" method="post" enctype="multipart/form-data"> <?php echo _hs; if (@is_writeable($GLOBALS['WWW_ROOT_DISK'] . 'images/mime/')) { ?> <tr class="fieldtopic"> <td colspan=2><b>MIME Icon Upload (upload mime icons into the system)</td> </tr> <tr class="field">
function check_ppost_form($msg_subject) { if (!strlen(trim($msg_subject))) { set_err('msg_subject', 'Subject required'); } if (post_check_images()) { set_err('msg_body', 'Maximum ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' images are allowed per post, please decrease the number of images'); } $list = explode(';', $_POST['msg_to_list']); foreach ($list as $v) { $v = trim($v); if (strlen($v)) { if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) { set_err('msg_to_list', 'There is no user named "' . htmlspecialchars($v) . '" this forum'); break; } if (!empty($obj->ignore_id)) { set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is ignoring you.'); break; } else { if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) { set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is not accepting private messages.'); break; } else { $GLOBALS['recv_user_id'][] = $obj->id; } } } } if (empty($_POST['msg_to_list'])) { set_err('msg_to_list', 'Cannot send a message, missing recipient'); } return $GLOBALS['__error__']; }
function ses_update_status($ses_id, $str = null, $forum_id = 0, $ret = '') { q('UPDATE phpgw_fud_ses SET forum_id=' . $forum_id . ', time_sec=' . __request_timestamp__ . ', action=' . ($str ? "'" . addslashes($str) . "'" : 'NULL') . ', returnto=' . (!is_int($ret) ? strnull(addslashes($_SERVER['QUERY_STRING'])) : 'returnto') . ' WHERE id=' . $ses_id); }
* $Id: admlevel.php,v 1.2 2003/12/18 16:42:31 iliaa Exp $ * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or * (at your option) any later version. ***************************************************************************/ require './GLOBALS.php'; fud_egw(); fud_use('adm.inc', true); fud_use('widgets.inc', true); if (isset($_POST['lev_submit'])) { q("INSERT INTO " . $DBHOST_TBL_PREFIX . "level (name, img, level_opt, post_count) VALUES ('" . addslashes($_POST['lev_name']) . "', " . strnull(addslashes($_POST['lev_img'])) . ", " . (int) $_POST['lev_level_opt'] . ", " . (int) $_POST['lev_post_count'] . ")"); } else { if (isset($_POST['edit'], $_POST['lev_update'])) { q("UPDATE " . $DBHOST_TBL_PREFIX . "level SET name='" . addslashes($_POST['lev_name']) . "', img=" . strnull(addslashes($_POST['lev_img'])) . ", level_opt=" . (int) $_POST['lev_level_opt'] . ", post_count=" . (int) $_POST['lev_post_count'] . " WHERE id=" . (int) $_POST['edit']); } } if (isset($_GET['edit'])) { $edit = (int) $_GET['edit']; list($lev_name, $lev_img, $lev_level_opt, $lev_post_count) = db_saq('SELECT name, img, level_opt, post_count FROM ' . $DBHOST_TBL_PREFIX . 'level WHERE id=' . (int) $_GET['edit']); } else { $edit = $lev_name = $lev_img = $lev_level_opt = $lev_post_count = ''; } if (isset($_GET['del'])) { q('DELETE FROM ' . $DBHOST_TBL_PREFIX . 'level WHERE id=' . (int) $_GET['del']); } if (isset($_GET['rebuild_levels'])) { $pl = 2000000000; $c = q('SELECT id, post_count FROM ' . $DBHOST_TBL_PREFIX . 'level ORDER BY post_count DESC'); while ($r = db_rowarr($c)) {
function check_ppost_form($msg_subject) { if (!strlen(trim($msg_subject))) { set_err('msg_subject', 'Oggetto necessario'); } if (post_check_images()) { set_err('msg_body', 'Sono consentite un massimo di ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' immagini per messaggio; per cortesia, riduci il numero di immagini'); } $list = explode(';', $_POST['msg_to_list']); foreach ($list as $v) { $v = trim($v); if (strlen($v)) { if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) { set_err('msg_to_list', 'Non c'è alcun utente "' . htmlspecialchars($v) . '" in questo forum'); break; } if (!empty($obj->ignore_id)) { set_err('msg_to_list', 'Non puoi spedire un messaggio personale a "' . htmlspecialchars($v) . '", perchè questo utente ha deciso di ignorarti.'); break; } else { if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) { set_err('msg_to_list', 'Non puoi inviare un messaggio privato a "' . htmlspecialchars($v) . '", perchè non accetta messaggi privati.'); break; } else { $GLOBALS['recv_user_id'][] = $obj->id; } } } } if (empty($_POST['msg_to_list'])) { set_err('msg_to_list', 'Non è possibile inviare il messaggio, manca il destinatario'); } return $GLOBALS['__error__']; }
$oldu = ''; $ir = array(); $c = q('SELECT ignore_id, user_id FROM ' . $tbl . 'user_ignore ORDER BY user_id'); while ($r = db_rowarr($c)) { if ($oldu != $r[1]) { if ($oldu) { q('UPDATE ' . $tbl . 'users SET ignore_list=' . strnull(addslashes(@serialize($ir))) . ' WHERE id=' . $oldu); $bi = array(); } $oldu = $r[1]; } $ir[$r[0]] = 1; } unset($c); if (count($ir)) { q('UPDATE ' . $tbl . 'users SET ignore_list=' . strnull(addslashes(@serialize($ir))) . ' WHERE id=' . $oldu); unset($ir); } draw_stat('Done: Rebuilding ignore list cache'); draw_stat('Rebuilding ip filter cache'); ip_cache_rebuild(); draw_stat('Done: Rebuilding ip filter cache'); draw_stat('Rebuilding login filter cache'); login_cache_rebuild(); draw_stat('Done: Rebuilding login filter cache'); draw_stat('Rebuilding email filter cache'); email_cache_rebuild(); draw_stat('Done: Rebuilding email filter cache'); draw_stat('Rebuilding extension filter cache'); ext_cache_rebuild(); draw_stat('Done: Rebuilding extension filter cache');
} else { $edit = $sml_code = $sml_img = $sml_descr = ''; } if (isset($_FILES['icoul']) && $_FILES['icoul']['size'] && preg_match('!\\.(jpg|jpeg|gif|png)$!i', $_FILES['icoul']['name'])) { move_uploaded_file($_FILES['icoul']['tmp_name'], $GLOBALS['WWW_ROOT_DISK'] . 'images/smiley_icons/' . $_FILES['icoul']['name']); if (empty($_POST['avt_img'])) { $_POST['avt_img'] = $_FILES['icoul']['name']; } $sml_img = $_FILES['icoul']['name']; } if (isset($_POST['btn_update'], $_POST['edit']) && !empty($_POST['sml_img']) && !empty($_POST['sml_code'])) { q('UPDATE ' . $tbl . 'smiley SET code=' . strnull(addslashes($_POST['sml_code'])) . ', img=' . strnull(addslashes($_POST['sml_img'])) . ', descr=' . strnull(addslashes($_POST['sml_descr'])) . ' WHERE id=' . (int) $_POST['edit']); } else { if (isset($_POST['btn_submit']) && !empty($_POST['sml_img']) && !empty($_POST['sml_code'])) { $view_order = q_singleval('SELECT MAX(vieworder) FROM ' . $tbl . 'smiley') + 1; q('INSERT INTO ' . $tbl . 'smiley (code, img, descr, vieworder) VALUES(' . strnull(addslashes($_POST['sml_code'])) . ', ' . strnull(addslashes($_POST['sml_img'])) . ', ' . strnull(addslashes($_POST['sml_descr'])) . ', ' . $view_order . ')'); } } if (isset($_GET['chpos'], $_GET['chdest'])) { $oldp = (int) $_GET['chpos']; $newp = (int) $_GET['chdest']; if ($oldp != $newp && $newp) { db_lock($GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley WRITE'); q('UPDATE ' . $GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley SET vieworder=2147483647 WHERE vieworder=' . $oldp); if ($oldp < $newp) { q('UPDATE ' . $GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley SET vieworder=vieworder-1 WHERE vieworder<=' . $newp . ' AND vieworder>' . $oldp); $maxp = q_singleval('SELECT MAX(vieworder) FROM ' . $GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley WHERE vieworder!=2147483647'); if ($newp > $maxp) { $newp = $maxp + 1; } } else {
move_uploaded_file($_FILES['icoul']['tmp_name'], $GLOBALS['WWW_ROOT_DISK'] . 'images/avatars/' . $_FILES['icoul']['name']); if (empty($_POST['avt_img'])) { $_POST['avt_img'] = $_FILES['icoul']['name']; } } if (isset($_POST['btn_update'], $_POST['edit']) && !empty($_POST['avt_img'])) { $old_img = q_singleval('SELECT img FROM ' . $tbl . 'avatar WHERE id=' . (int) $_POST['edit']); q('UPDATE ' . $tbl . 'avatar SET img=' . strnull(addslashes($_POST['avt_img'])) . ', descr=' . strnull(addslashes($_POST['avt_descr'])) . ' WHERE id=' . (int) $_POST['edit']); if (db_affected() && $old_img != $_POST['avt_img']) { $size = getimagesize($GLOBALS['WWW_ROOT_DISK'] . 'images/avatars/' . $_POST['avt_img']); $new_loc = '<img src="' . $GLOBALS['WWW_ROOT'] . 'images/avatars/' . $_POST['avt_img'] . '" ' . $size[3] . ' />'; q('UPDATE ' . $tbl . 'users SET avatar_loc=\'' . $new_loc . '\' WHERE avatar=' . (int) $_POST['edit']); } } else { if (isset($_POST['btn_submit']) && !empty($_POST['avt_img'])) { q('INSERT INTO ' . $tbl . 'avatar (img, descr) VALUES (' . strnull(addslashes($_POST['avt_img'])) . ', ' . strnull(addslashes($_POST['avt_descr'])) . ')'); } } require $WWW_ROOT_DISK . 'adm/admpanel.php'; ?> <h2>Avatar Management System</h2> <form name="frm_avt" method="post" action="admavatar.php" enctype="multipart/form-data"> <?php echo _hs; ?> <table class="datatable solidtable"> <?php if (@is_writeable($GLOBALS['WWW_ROOT_DISK'] . 'images/avatars')) { ?> <tr class="field">