$smarty = new Smarty(); // Аутентификация $autMgr = new AuthenticationManager(); $userID = $autMgr->getUserID(); $userGroup = $autMgr->getUserGroup(); if ($userID == 1 or $userGroup != 5) { $autMgr->endSession(); header('location: /login'); exit; } if (isset($_POST['id']) && is_numeric($_POST['id'])) { $id = $_POST['id']; $name = $_POST['name']; $email = $_POST['email']; $comment = $_POST['comment']; $db->query("UPDATE pm_comments SET name='{$name}', email='{$email}', comment='{$comment}' WHERE cID='{$id}' LIMIT 1"); } if (isset($_GET['id']) && is_numeric($_GET['id'])) { $id = $_GET['id']; } else { die('bad aruments'); } $db->query("SELECT * FROM pm_comments WHERE cID = {$id} LIMIT 1"); $db->fetch(); $smarty->assign('id', $db->data->cID); $smarty->assign('name', $db->data->name); $smarty->assign('email', $db->data->email); $smarty->assign('comment', $db->data->comment); $smarty->display('form.html'); print '<!-- Generated in ' . round(get_microtime() - $stime, 3) . ' sec -->'; mysql_close();
public function LoadComment($id) { global $user; $cfg = new config(); $sql = new sql(); $text = ''; $trash = ''; $query = $sql->exe($cfg->get("realmd"), "SELECT * FROM `bt_comment` WHERE `entry` = '" . $id . "' AND `admin_reply` = '0' ORDER BY `id` DESC"); while ($row = $sql->fetch($query)) { if ($user['gmlevel'] >= $cfg->get("mingm")) { $trash = '<img src="img/trash.png" onClick="DeleteComment(' . $row['id'] . ',' . $_GET['detail'] . ')" onMouseOver="this.src=\'img/ontrash.png\'" onMouseOut="this.src=\'img/trash.png\'" style="cursor:pointer;" title="Удалить">'; $name = '<a href="' . $cfg->get("LinkPlayer") . $row['player'] . '" target="_blank">' . $this->GetNameByGUID($row['player']) . '</a>'; } else { $name = $this->GetNameByGUID($row['player']); } $text .= '<div class="pad2">' . $trash . $row['date'] . ' [' . $name . ']:<div class="pad2">' . $row['text'] . '</div></div><hr>'; } return $text; }
static function get($table, $keys, $where = NULL, $order = NULL, $limit = NULL, $stop = NULL, $revelance = FALSE) { $where = self::__combine_where($where, $revelance); $keys = self::__combine_select($keys, $revelance); $q = sql::query('SELECT ' . $keys . ' FROM ' . self::__combine_table($table) . $where . self::__combine_order($order, $revelance) . self::__combine_limit($limit, $stop)); return self::escape_data(sql::fetch($q)); }
} $from = 0; $per_page = 15; $cond = ''; if (isset($_GET['id']) && is_numeric($_GET['id'])) { $cond = 'WHERE c.sID=' . $_GET['id']; $smarty->assign('id', $_GET['id']); } $page_line = ''; if (isset($_GET['page']) && is_numeric($_GET['page'])) { $page = $_GET['page']; } else { $page = 1; } $db->query("SELECT COUNT(c.sID) as count FROM pm_comments c {$cond}"); $db->fetch(); $page_line = get_page_line($page, $per_page, $db->data->count, '/comments/' . (isset($_GET['id']) && is_numeric($_GET['id']) ? '?id=' . $_GET['id'] : '')); $from = ($page - 1) * $per_page; /* ob_start(); print_r($_POST); $smarty->assign('message', nl2br(str_replace(' ', ' ', ob_get_contents()) ) ); ob_end_clean(); */ $com_list = array(); $sQuery = "SELECT c.*, s.Title FROM pm_comments c LEFT JOIN pm_structure s ON (c.sID = s.sID) {$cond} ORDER BY date DESC LIMIT {$from}, {$per_page}"; $db->query($sQuery); //print_r($sQuery); while ($db->fetch()) { $db->data->date = date('d-m-Y (H:i)', $db->data->date); $db->data->comment = nl2br(htmlspecialchars(substr($db->data->comment, 0, 1024)));
public function view() { global $user; $cfg = new config(); $main = new main(); if (empty($_GET['detail'])) { if (isset($_GET['type'])) { $type = intval($_GET['type']); } else { $type = 0; } if (isset($_GET['sort'])) { $sort = intval($_GET['sort']); } else { $sort = 1; } if ($type > 0 && $type < 3) { $href = "index.php?a=list&type=" . $type; } else { $href = "index.php?a=list"; } $sortto = 'desc'; if (isset($_GET['sortto']) && ($_GET['sortto'] == "desc" || $_GET['sortto'] == "asc")) { if (isset($_GET['last']) && $_GET['last'] == $sort) { $_GET['sortto'] == "desc" ? $sortto = 'asc' : ($sortto = 'desc'); } } $mass = array(1 => array("30px", "#"), 2 => array("513px", "Заголовок"), 3 => array("120px", "Отправитель"), 4 => array("100px", "Прогресс"), 5 => array("100px", "Статус"), 6 => array("100px", "Приоритет")); $text = ' <table height="100%" border="0" cellpadding="0" cellspacing="0" align="left"> <tr>'; for ($i = 1; $i < count($mass) + 1; $i++) { if ($i == 4 && $cfg->get("progressbar") || $i != 4) { $text .= '<td style="width:' . $mass[$i][0] . ';background-color:#666;" onClick="window.location.href=\'' . $href . '&sort=' . $i . '&sortto=' . $sortto . '&last=' . $sort . '\';" onMouseover="this.style.cursor=\'pointer\';this.style.backgroundColor=\'#777\';" onMouseout="this.style.cursor=\'default\';this.style.backgroundColor=\'#666\';"><div class="pad"><b>' . $mass[$i][1] . '</b></div></td>'; if ($i != count($mass)) { $text .= '<td width="1px" style="background-color: #000;"></td>'; } } } $text .= ' </tr> </table>'; $this->blocknot($text); $text = '<table width="100%" height="19px" border="0" cellpadding="0" cellspacing="0" align="left">'; $psort = ''; if (isset($_GET['sort']) && intval($_GET['sort']) > 0 && $_GET['sort'] > "0" && $_GET['sort'] < "6") { if ($_GET['sortto'] == "desc") { $psort = 'desc_' . $sort; } else { if ($_GET['sortto'] == "asc") { $psort = 'asc_' . $sort; } } } if ($type == 1) { $result = $main->LoadList("new", $psort); } else { if ($type == 2) { $result = $main->LoadList("my", $psort); } else { $result = $main->LoadList("all", $psort); } } $m = 0; $js = ""; $sql = new sql(); while ($row = $sql->fetch($result)) { if ($m > 0) { $text .= ' <tr style="height:1px;background-color: #000;"> <td></td><td></td><td></td> <td></td><td></td><td></td> <td></td><td></td><td></td>'; if ($cfg->get("progressbar")) { $text .= ' <td></td><td></td>'; } $text .= ' </tr>'; } $all = $main->SelectMessage($row['id']); $opt = $main->SelectOptions($row['id']); $title = $all['title']; $pcn = $main->GetPercent($all); $pix = str_replace("%", "", $pcn); $stream = 'stream' . $row['id']; $width = $cfg->get("anim") == true ? 0 : $pix; $img = '<div id="stream' . $m . '" style="height:19px;width:' . $width . 'px;background-color:#006400;"></div>'; $text .= ' <tr style="background-color: #666;" onClick="if(tr_select)window.location.href=\'index.php?a=admin&edit=' . $row['id'] . '\';else window.location.href=\'index.php?a=list&detail=' . $row['id'] . '\';" onMouseover="this.style.cursor=\'pointer\';this.style.backgroundColor=\'#888\';" onMouseout="this.style.cursor=\'default\';this.style.backgroundColor=\'#666\';"> <td width="' . $mass[1][0] . '" class="view"><div class="pad">' . $row['id'] . '</div></td> <td width="1px" style="background-color: #000;"></td> <td width="' . $mass[2][0] . '" class="view"><div class="pad">' . $title . '</div></td> <td width="1px" style="background-color: #000;"></td> <td width="' . $mass[3][0] . '" class="view"><div class="pad">' . $main->GetNameByGUID(intval($row['sender'])) . '</div></td> <td width="1px" style="background-color: #000;"></td>'; if ($cfg->get("progressbar")) { $text .= ' <td width="' . $mass[4][0] . '" class="view" style="padding:0;margin:0;">' . $img . '</td> <td width="1px" style="background-color: #000;"></td>'; } $text .= ' <td width="' . $mass[5][0] . '" class="view"><div class="pad">' . $main->GetStatus($all) . '</div></td> <td width="1px" style="background-color: #000;"></td> <td width="' . $mass[6][0] . '" class="view"><div class="pad">' . $main->GetPriority($all) . '</div></td> </tr>'; if ($cfg->get("anim") && $pix > "0") { $js .= 'streamimg(' . $m . ',' . $pix . ');'; } $m++; } $text .= '</table>'; $text .= '<script>' . $js . '</script>'; if ($m > 1) { $this->blocknot($text); } else { if ($m > 0) { $this->blocknot($text, '', '', 'ultramini'); } } } else { if (intval($_GET['detail']) > 0) { $int = addslashes(intval($_GET['detail'])); if ($main->isValidSection($int)) { $this->detail($int); } else { echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?a=list">'; exit; } } else { if (strlen($_GET['detail']) > 1) { $this->inject(addslashes($_GET['detail'])); } else { echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?a=list">'; exit; } } } }
} } break; case 5: $table = $cfg->get("wd_object"); if ($cfg->get("lang") == 8) { $query = "SELECT `name_loc8`,`entry` FROM `locales_gameobject` WHERE `name_loc8` LIKE '%" . $string . "%'"; } else { if ($cfg->get("lang") == 1) { $query = "SELECT `name`,`entry` FROM `gameobject_template` WHERE `name` LIKE '%" . $string . "%'"; } } break; } $result = $sql->exe($cfg->get("mangos"), $query . " LIMIT " . $cfg->get("searchlimit")); $text = '<div class="pad">Результаты поиска:</div><br><table border="0" align="left" width="100%" cellpadding="0" cellspacing="0" style="padding: 3px;">'; $i = 0; while ($row = $sql->fetch($result)) { $name = str_replace("'", "", $row[0]); $pname = preg_replace('/(' . $string . ')/iu', '<font color="gold">\\0</font>', $name); $entry = $row[1]; $link = '<a href="12345">1</a>'; $text .= ' <tr> <td width="16" valign="top"><div style="cursor:pointer;" onClick=\'searchresult("' . $cfg->get("Database") . $table . $entry . '","' . $name . '")\' title="Добавить"><img src="img/add.png"></div></td> <td><div class="search"><a href="' . $cfg->get("Database") . $table . $entry . '" target="_blank">' . $pname . '</a></div></td> </tr>'; $i++; } echo $i . '^' . $text . '</table>'; }
static function szukaj_info($dane, $order = NULL, $start = NULL, $limit = 30) { $allow = array('id', 'tytul', 'autor', 'wydawnictwo', 'miejsce', 'rok', 'wydanie', 'wycofana'); $replace = array('tytul' => 'tytul~~', 'autor' => 'autor~~', 'wydawnictwo' => 'wydawnictwo~~'); $where = array(); foreach ($dane as $key => $value) { if (!in_array($key, $allow) or $value === '') { continue; } if ($replace[$key]) { $key = $replace[$key]; } $where[$key] = $value; } if ($where['id']) { validate::$kod = TRUE; switch (validate::type($where['id'])) { case 'ISBN': $where['ISBN'] = $where['id']; unset($where['id']); break; case 'ISSN': $where['ISSN'] = $where['id']; unset($where['id']); break; case 'MSC': $where['regal'] = $where['id']; if ($dane['polka']) { $where['polka'] = $dane['polka']; } if ($dane['rzad']) { $where['rzad'] = $dane['rzad']; } unset($where['id']); break; } validate::$kod = FALSE; } if (!$where['regal']) { unset($where['polka']); unset($where['rzad']); } if ($where['id']) { $ret[] = self::szukaj_KOD($where['id']); $num = count($ret); } else { if ($dane['do']) { $num = db2::num('pozycz', 'id'); if ($num == 0) { $ret = array(); } else { $ret = db2::get(array('pozycz', array('J', 'ksiazki', 'USING', 'id')), '*', NULL, $order, $start, $limit); } } else { $num = db2::num('ksiazki', 'id', $where); if ($num == 0) { $ret = array(); } else { $where = db2::__combine_where($where, TRUE); $ret = db2::escape_data(sql::fetch(sql::query('SELECT `ksiazki`.*, `pozycz`.`od`, `pozycz`.`kto`' . (db2::revelance() ? ', ' . db2::$revelance : '') . ' FROM `ksiazki` LEFT OUTER JOIN `pozycz` ON `pozycz`.`id`=`ksiazki`.`id` ' . $where . db2::__combine_order($order, TRUE) . db2::__combine_limit($start, $limit)))); } } self::cache_addarray($ret); } return array($num, $ret, db2::revelance()); }