FUNCTION Query($query) { $result = MySQL_Query($query, $this->DB) OR Die(VA_Message("MySQL Error #".MySQL_ErrNo()." :\n".MySQL_Error()."\n".$query, "bug")); $this->affected_rows = MySQL_Affected_Rows($this->DB); $this->mysql_queries++; RETURN NEW result($result); }
function prava($modul,$subint='*',$osoba='*') { // jako default subintu dat parametr subint z URL // jako default osoby dat to definici funkce toho, kdo je prihlasenej //echo "DEBUG: $subint<br>"; if ($subint!=='*') $subint_sql=" AND subint='$subint'"; if ($osoba==='*') $osoba=13740; //echo "DEBUG: subint=$subint osoba=$osoba<br>"; $tmp=MySQL_Query("SELECT * FROM prava WHERE modul='$modul' AND (osoba=0 OR osoba='$osoba') $subint_sql ORDER BY uroven DESC LIMIT 1"); if ($zaznam=MySQL_Fetch_Assoc($tmp)) return $zaznam[uroven]; else return 0; }
?> </ul> <!-- end of # --> <?php } else { ?> <em>Symbol nebyl přiřazen žádnému případu.</em><br /><?php } // konec seznamu přiřazených případů // generování seznamu přiřazených hlášení if ($usrinfo['right_power']) { $sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 ORDER BY " . DB_PREFIX . "reports.label ASC"; } else { $sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 AND " . DB_PREFIX . "reports.secret=0 ORDER BY " . DB_PREFIX . "reports.label ASC"; } $pers = MySQL_Query($sql_s); $i = 0; while ($perc = MySQL_Fetch_Assoc($pers)) { $i++; if ($i == 1) { ?> <strong>Hlášení:</strong> <ul id=""><?php } ?> <li><a href="readactrep.php?rid=<?php echo $perc['id']; ?> "><?php echo $perc['label']; ?>
MySQL_Free_Result($res); echo date("H:i:s")." nalezeno $count zaznamu<br>\n"; break; case "kraje": $res=MySQL_Query("SELECT * FROM kraje"); while ($record=MySQL_Fetch_Assoc($res)) $kraj[$record[oznaceni]]=$record[id]; MySQL_Free_Result($res); echo date("H:i:s")." načteny kraje<br>\n"; $count=0; $res=MySQL_Query("SELECT * FROM oddily"); while ($record=MySQL_Fetch_Assoc($res)): $count++; $up=$kraj[substr($record[fox_id],0,1)]; MySQL_Query("UPDATE oddily SET kraj=$up WHERE id='$record[id]'"); endwhile; MySQL_Free_Result($res); echo date("H:i:s")." nastaveno $count krajů<br>\n"; break; case "rc": $osoba[jmeno]='jm'; $osoba[prijmeni]='pr'; $osoba[narozeni]='1967-11-19'; $osoba[pohlavi]='Z'; $osoba[cizinec]='N'; $osoba[rc]='6711191553'; kontrola_osoby($osoba); echo '<pre>'; var_dump($osoba);
function page_counter($id, $table, $sort, $view_number, $sess, $link, $i, $page) { $count = MySQL_Query("SELECT {$id} FROM {$table} WHERE {$sort} AND ul_group = '{$sess['4']}'") or die($query_error); //vybíráme zprávy $page_count = Ceil(MySQL_Num_Rows($count) / $view_number); //poèet stran, na kterých se zprávy zobrazí for ($i = 0; $i < $page_count; $i++) { echo " | "; if ($page != $i) { echo "<a href=\"{$link}{$i}\">"; } echo $i + 1; if ($page != $i) { echo '</a> '; } } }
<?php require_once './inc/func_main.php'; MySQL_Query("CREATE TABLE nw_unread (id int NOT NULL PRIMARY KEY AUTO_INCREMENT, idtable int, idrecord int, iduser int)"); $sql = "SELECT id as 'id' FROM " . DB_PREFIX . "users"; $res = MySQL_Query($sql); while ($rec_utc = MySQL_Fetch_Assoc($res)) { MySQL_Query("INSERT INTO nw_unread (idtable,idrecord) SELECT idtable,idrecord FROM nw_unread_" . $rec_utc['id']); MySQL_Query("UPDATE nw_unread SET iduser = "******" WHERE iduser IS NULL;"); MySQL_Query("DROP TABLE nw_unread" . $rec_utc['id']); echo 'vysledek=' . $rec_utc; print_r($rec_utc); debug_zval_dump($rec_utc); echo '<br />'; }
function filter() { global $f_cat, $f_sort, $f_user, $f_type, $usrinfo, $f_org, $f_my, $f_glob, $f_count; echo '<div id="filter-wrapper"><form action="audit.php" method="post" id="filter"> <fieldset> <legend>Filtr</legend> <p>Vypsat <select name="kategorie"> <option value="0"' . ($f_cat == 0 ? ' selected="selected"' : '') . '>všechny auditní záznamy</option> <option value="1"' . ($f_cat == 1 ? ' selected="selected"' : '') . '>i s aktualitami</option> <option value="2"' . ($f_cat == 2 ? ' selected="selected"' : '') . '>prohlížení auditních záznamů</option> <option value="3"' . ($f_cat == 3 ? ' selected="selected"' : '') . '>manipulaci s osobami</option> <option value="4"' . ($f_cat == 4 ? ' selected="selected"' : '') . '>manipulaci se skupinami</option> <option value="5"' . ($f_cat == 5 ? ' selected="selected"' : '') . '>manipulaci s případy</option> <option value="6"' . ($f_cat == 6 ? ' selected="selected"' : '') . '>manipulaci s hlášeními</option> </select> <select name="typ"> <option value="0"' . ($f_type == 0 ? ' selected="selected"' : '') . '>všech typů</option> <option value="1"' . ($f_type == 1 ? ' selected="selected"' : '') . '>jen zásahy</option> <option value="2"' . ($f_type == 2 ? ' selected="selected"' : '') . '>bez souborů a poznámek</option> </select> provedené uživatelem <select name="user" id="user"> <option value=0 ' . ($f_user == 0 ? ' selected="selected"' : '') . '>všemi</option>'; $sql_u = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC"; $res_u = MySQL_Query($sql_u); while ($rec_u = MySQL_Fetch_Assoc($res_u)) { echo '<option value="' . $rec_u['id'] . '"' . ($rec_u['id'] == $f_user ? ' selected="selected"' : '') . '>' . $rec_u['login'] . '</option>'; } echo '</select>'; echo 'a seřadit je podle <select name="sort"> <option value="1"' . ($f_sort == 1 ? ' selected="selected"' : '') . '>času vzestupně</option> <option value="2"' . ($f_sort == 2 ? ' selected="selected"' : '') . '>času sestupně</option> </select>.</p>'; if ($usrinfo['right_org'] == 1) { echo ' <label for="org">Zobrazit i zásahy organizátorů</label> <input type="checkbox" name="org" ' . ($f_org == 1 ? ' checked="checked"' : '') . '/><br/> <div class="clear"> </div>'; } echo '<label for="my">Zobrazit i moje zásahy</label> <input type="checkbox" name="my" ' . ($f_my == 1 ? ' checked="checked"' : '') . '/><br/> <div class="clear"> </div> <label for="my">Zobrazit i globální operace</label> <input type="checkbox" name="glob" ' . ($f_glob == 1 ? ' checked="checked"' : '') . '/><br/> <div class="clear"> </div> Zobrazit <input type="text" name="count" size=5 value="' . $f_count . '"> posledních záznamů. (Pro všechny záznamy ponechte pole prázdné).<br/> <div id="filtersubmit"><input type="submit" name="filter" value="Filtrovat" /></div> </fieldset> </form></div><!-- end of #filter-wrapper -->'; }
function DB_insert ($SQL, &$id) { //echo "<P>SQL = ".$SQL."<P>"; $funguje = false; if (!(DB_spojeni(c_Databaze, $chyba, $spojeni))): echo "<FONT COLOR=red><B><P>Do�lo k chyb� p�i spojen� s datab�z�. ($chyba)<P></B></FONT><BR>\n"; return false; endif; MySQL_Query($SQL); $id = MySQL_Insert_Id(); DB_odpojeni($spojeni); return $funguje; }
<?php include "mysql.connect.php"; mysql_query("SET NAMES cp1251"); $valueSearch = $_POST['valueSearch']; if (isset($_GET['addAppeals'])) { if ($_GET['addAppeals'] != null) { $result = mysql_query("SELECT * FROM books WHERE ID=" . $_GET['addAppeals'] . ""); $data = mysql_fetch_array($result); $updateAppeals = $data['Appeals'] + 1; $updateLastAppeals = date("d.m.Y"); MySQL_Query("UPDATE `{$database}`.`books` SET `Appeals` = '{$updateAppeals}' WHERE ID=" . $_GET['addAppeals'] . ""); MySQL_Query("UPDATE `{$database}`.`books` SET `LastAppeals` = '{$updateLastAppeals}' WHERE ID=" . $_GET['addAppeals'] . ""); header("Location: " . $data['Link'] . ""); } else { echo "Не возможно перейти на страницу."; } } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <title><?php if ($valueSearch != null) { echo "" . $valueSearch . " | "; } ?> Library Cube - Special for You</title> </head> <body>
if (isset($_POST['uploadfile'])) { pageStart('Přiložení souboru'); mainMenu(5); sparklets('<a href="./persons.php">osoby</a> » <a href="./editperson.php?rid=' . $_POST['personid'] . '">úprava osoby</a> » <strong>přiložení souboru neúspěšné</strong>'); echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>'; pageEnd(); } } if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) { auditTrail(1, 5, $_POST['personid']); if ($usrinfo['right_text']) { $fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); $frec = MySQL_Fetch_Assoc($fres); UnLink('./files/' . $frec['uniquename']); MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); } Header('Location: editperson.php?rid=' . $_GET['personid']); } if (isset($_GET['deletesymbol'])) { auditTrail(1, 2, $_GET['personid']); if ($usrinfo['right_text']) { $sps = MySQL_Query("SELECT symbol FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']); $spc = MySQL_Fetch_Assoc($sps); $prsn_res = MySQL_Query("SELECT name, surname FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']); $prsn_rec = MySQL_Fetch_Assoc($prsn_res); $sdate = "<p>" . Date("j/m/Y H:i:s", Time()) . " Odpojeno od " . $prsn_rec['name'] . " " . $prsn_rec['surname'] . "</p>"; MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET `desc` = concat('" . $sdate . "', `desc`), assigned=0 WHERE id=" . $spc['symbol']); MySQL_Query("UPDATE " . DB_PREFIX . "persons SET symbol='' WHERE id=" . $_GET['personid']); } Header('Location: editperson.php?rid=' . $_GET['personid']); }
} else { if (isset($_POST['insertuser'])) { pageStart('Přidán uživatel'); mainMenu(2); sparklets('<a href="./users.php">uživatelé</a> » <a href="./newuser.php">nový uživatel</a> » <strong>přidán uživatel</strong>'); echo '<div id="obsah"><p>Chyba při vytváření, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>'; pageEnd(); } } if (isset($_POST['userid']) && isset($_POST['edituser']) && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['login']) && is_numeric($_POST['power']) && is_numeric($_POST['texty'])) { auditTrail(8, 2, $_POST['userid']); pageStart('Uložení změn'); mainMenu(2); sparklets('<a href="./users.php">uživatelé</a> » <a href="./edituser.php">úprava uživatele</a> » <strong>uložení změn</strong>'); $ures = MySQL_Query("SELECT id FROM " . DB_PREFIX . "users WHERE UCASE(login)=UCASE('" . mysql_real_escape_string(safeInput($_POST['login'])) . "') AND id<>" . $_POST['userid']); if (MySQL_Num_Rows($ures)) { echo '<div id="obsah"><p>Uživatel již existuje, změňte jeho jméno.</p></div>'; } else { MySQL_Query("UPDATE " . DB_PREFIX . "users SET login='******'login'])) . "', right_power='" . $_POST['power'] . "', right_text='" . $_POST['texty'] . "', idperson='" . $_POST['idperson'] . "' WHERE id=" . $_POST['userid']); echo '<div id="obsah"><p>Uživatel upraven.</p></div>'; } pageEnd(); } else { if (isset($_POST['edituser'])) { pageStart('Uložení změn'); mainMenu(2); sparklets('<a href="./users.php">uživatelé</a> » <a href="./edituser.php">úprava uživatele</a> » <strong>uložení změn</strong>'); echo '<div id="obsah"><p>Chyba při ukládání změn, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>'; pageEnd(); } }
<?php require_once './inc/func_main.php'; $sql = "SELECT id as 'id' FROM " . DB_PREFIX . "users"; $res = MySQL_Query($sql); while ($rec_utc = MySQL_Fetch_Assoc($res)) { MySQL_Query("CREATE TABLE nw_unread_" . $rec_utc['id'] . " (id int NOT NULL PRIMARY KEY AUTO_INCREMENT, idtable int, idrecord int)"); echo 'vysledek=' . $rec_utc; print_r($rec_utc); debug_zval_dump($rec_utc); echo '<br />'; }
announces_print_subsections($sub_sel, $sess); } } else { // user listing of announces announces_print_user($uoz, $sess); } ?> <tr> <td colspan="6"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr><td colspan="2"><hr size="3" noshade></td></tr> </tr> <td> <b><?php $message = MySQL_Query("SELECT * FROM lets_skupiny WHERE s_id = '{$sess['4']}'") or die($query_error); //vybíráme zprávy - seøazeno podle id $entry = MySQL_Fetch_Row($message); echo $entry[1]; ?> </b> </td> <td align="right"> <b>uniLETIM</b> <?php $date = date("Y-m-d"); $date = Explode("-", $date); echo " " . $date[2] . ". " . $date[1] . ". " . $date[0] . ""; ?> </td> </tr>
$memberExists = MySQL_Num_Rows(MySQL_Query("SELECT mbr_id FROM uniletim_members")) ? 1 : 0; if (!$memberExists) { include "./install.php"; exit; } if ($lang == "") { $lang = $app_lang; } } else { $lang = $sess[9]; $MSQ = MySQL_Query("UPDATE uniletim_auth SET aut_date = {$date} WHERE aut_id = '{$sid}'"); } // change group if ($group_ch != "") { mysql_query("UPDATE uniletim_auth SET aut_group='{$group_ch}', aut_group_name='{$grp_name}' WHERE aut_id='{$sess['0']}'"); $MSQ = MySQL_Query("SELECT * FROM uniletim_auth WHERE (aut_id = '{$sid}')"); // AND (aut_date >= '$ad') $sess = mysql_fetch_row($MSQ); } // included files include "language/lang-{$lang}.php"; include "./includes/page.inc.php"; include "./includes/announces.inc.php"; include "./includes/members.inc.php"; if ($action == "print") { include "./includes/announces-print.inc.php"; // printing of announces announces_print($sess, $uoz, $rub, $pri, $keyword, $age); } else { include "./includes/admin.inc.php"; if (!$menu) {
// in the terms of the Vseobecna zverejnovacia licencia GNU) as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. // You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or visit http://www.gnu.sk/ for Vseobecna zverejnovacia licencia GNU //odstraníme nebezpeèné znaky $zaco = SubStr($zacof, 0, 1500); //bereme pouze 1500 znakù $zaco = Trim($zaco); //odstraníme mezery ze zaèátku a konce øetìzce $zaco = HTMLSpecialChars($zaco); //odstraníme nebezpeèné znaky $zaco = Str_Replace("\r\n", " <BR> ", $zaco); //nahradíme konce øádkù na tagy <BR> $zacof = WordWrap($zaco, 90, "\n", 1); //rozdìlíme dlouhá slova $kedyf = Date("Y-m-d"); //kedy @($tsi = time()); include "./config.php"; $kolkof = Str_Replace(",", ".", $kolkof); $kolkof = abs($kolkof); $add = MySQL_Query("INSERT INTO uniletim_services VALUES ('', '{$ktof}', '{$komuf}', '{$kedyf}', '{$zacof}', '{$kolkof}', '{$tsi}', '{$lgr}')") or die($query_error1); //vložíme zprávu $ads = MySQL_Query("select * from uniletim_services where ser_time like '{$tsi}' AND ul_group = '{$sess['4']}'") or die($query_error2); $adk = mysql_fetch_row($ads); $result = _PAYMENT_SCSFL; //zavøeme databázi MySQL_Close(); header("Location: ./platby.php?pres=pl");
<?php require_once './inc/func_main.php'; // najde nejvyssi aktualni symbol id $sql_count = "SELECT id as 'id' FROM " . DB_PREFIX . "symbols ORDER BY id desc LIMIT 1"; $res_count = MySQL_Query($sql_count); $rec_count = MySQL_Fetch_Assoc($res_count); $highest_id = $rec_count['id']; // prida sloupec assigned to tabulky symbols MySQL_Query("ALTER TABLE `nw_symbols` ADD `assigned` INT NOT NULL"); // hodnoty symbolu z persons vlozi do symbols MySQL_Query("INSERT INTO nw_symbols (symbol) SELECT symbol FROM nw_persons WHERE symbol <> ''"); $time = time(); $sql = "SELECT id as 'id', symbol as 'symbol' FROM " . DB_PREFIX . "symbols WHERE " . DB_PREFIX . "symbols.id > " . $highest_id; $res = MySQL_Query($sql); while ($rec_utc = MySQL_Fetch_Assoc($res)) { // prepise v persons puvodni hodnoty symbolu novymi symbol id MySQL_Query("UPDATE " . DB_PREFIX . "persons SET symbol = " . $rec_utc['id'] . " WHERE symbol = '" . $rec_utc['symbol'] . "'"); // do tabulky symbols prida k novym symbolum ostatni hodnoty MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET created = '" . $time . "', created_by = 1, modified = '" . $time . "', modified_by = 1, assigned = 1 WHERE id = " . $rec_utc['id']); echo 'vysledek=' . $rec_utc; print_r($rec_utc); debug_zval_dump($rec_utc); echo '<br />'; }
$view_number = 10; //zpravy budou zobrazeny po ... $start = $page * $view_number; //prvni zprava, ktera se zobrazi if (!isset($order)) { $order = "ser_time"; } if (!isset($adesc)) { $adesc = "DESC"; } if ($adesc == "ASC") { $message = MySQL_Query("SELECT * FROM uniletim_services WHERE {$sort} AND ul_group = '{$sess['4']}' ORDER BY {$order} ASC LIMIT {$start},{$view_number}") or die($query_error); //vybíráme zprávy - seøazeno podle id $adesc = "DESC"; } else { $message = MySQL_Query("SELECT * FROM uniletim_services WHERE {$sort} AND ul_group = '{$sess['4']}' ORDER BY {$order} DESC LIMIT {$start},{$view_number}") or die($query_error); //vybíráme zprávy - seøazeno podle id $adesc = "ASC"; } ?> </th> </tr> <tr class="th_sub"> <th width="70"><A HREF="platby.php?order=ser_time&adesc=<?php echo $adesc; ?> "><?php echo _DATE; ?> </A></th>
$rec_count = MySQL_Num_Rows($pers); echo $rec_count; ?> </h3><p> <?php $cases = array(); while ($perc = MySQL_Fetch_Assoc($pers)) { $cases[] = '<a href="./readcase.php?rid=' . $perc['id'] . '&hidenotes=0">' . StripSlashes($perc['title']) . '</a>'; } echo implode($cases, '<br />') != "" ? implode($cases, '<br />') : '<em>Uživatel nemá žádný přiřazený neuzavřený případ.</em>'; ?> </p> <div class="clear"> </div> <h3>Nedokončené úkoly: <?php $sql_r = "SELECT * FROM " . DB_PREFIX . "tasks WHERE " . DB_PREFIX . "tasks.iduser="******" AND " . DB_PREFIX . "tasks.status=0 ORDER BY " . DB_PREFIX . "tasks.created ASC"; $res_r = MySQL_Query($sql_r); $rec_count = MySQL_Num_Rows($res_r); echo $rec_count; ?> </h3><p> <?php if (MySQL_Num_Rows($res_r)) { $tasks = array(); while ($rec_r = MySQL_Fetch_Assoc($res_r)) { $tasks[] = StripSlashes($rec_r['task']) . ' (' . getAuthor($rec_r['created_by'], 2) . ')'; } echo implode($tasks, '<br />'); } else { echo 'Uživatel nemá žádné nedokončené úkoly.'; } ?>
</div> <!-- end of #new-file .otherform-wrap --> <fieldset><legend><h2>Aktuálně připojené poznámky:</h2></legend> <span class="poznamka-edit-buttons"><a class="new" href="newnote.php?rid=<?php echo $_REQUEST['rid']; ?> &idtable=3" title="nová poznámka"><span class="button-text">nová poznámka</span></a><em style="font-size:smaller;"> (K případu si můžete připsat kolik chcete poznámek.)</em></span> <ul> <?php if ($usrinfo['right_power']) { $sql_n = "SELECT " . DB_PREFIX . "notes.iduser AS 'iduser', " . DB_PREFIX . "notes.title AS 'title', " . DB_PREFIX . "notes.secret AS 'secret', " . DB_PREFIX . "users.login AS 'user', " . DB_PREFIX . "notes.id AS 'id' FROM " . DB_PREFIX . "notes, " . DB_PREFIX . "users WHERE " . DB_PREFIX . "notes.iduser="******"users.id AND " . DB_PREFIX . "notes.iditem=" . $_REQUEST['rid'] . " AND " . DB_PREFIX . "notes.idtable=3 AND " . DB_PREFIX . "notes.deleted=0 ORDER BY " . DB_PREFIX . "notes.datum DESC"; } else { $sql_n = "SELECT " . DB_PREFIX . "notes.iduser AS 'iduser', " . DB_PREFIX . "notes.title AS 'title', " . DB_PREFIX . "notes.secret AS 'secret', " . DB_PREFIX . "users.login AS 'user', " . DB_PREFIX . "notes.id AS 'id' FROM " . DB_PREFIX . "notes, " . DB_PREFIX . "users WHERE " . DB_PREFIX . "notes.iduser="******"users.id AND " . DB_PREFIX . "notes.iditem=" . $_REQUEST['rid'] . " AND " . DB_PREFIX . "notes.idtable=3 AND " . DB_PREFIX . "notes.deleted=0 AND (" . DB_PREFIX . "notes.secret=0 OR " . DB_PREFIX . "notes.iduser="******") ORDER BY " . DB_PREFIX . "notes.datum DESC"; } $res_n = MySQL_Query($sql_n); while ($rec_n = MySQL_Fetch_Assoc($res_n)) { ?> <li><a href="readnote.php?rid=<?php echo $rec_n['id']; ?> &idtable=3"><?php echo StripSlashes($rec_n['title']); ?> </a> - <?php echo StripSlashes($rec_n['user']); if ($rec_n['secret'] == 0) { ?> (veřejná)<?php } if ($rec_n['secret'] == 1) {
// header("Location: ./group.php?action=info"); } // DELETE GROUP if ($group_del != "") { @($sql = mysql_query("DELETE FROM uniletim_groups WHERE grp_id = '{$group_del}'")); @($sql = mysql_query("DELETE FROM uniletim_announces WHERE ul_group = '{$group_del}'")); @($sql = mysql_query("DELETE FROM uniletim_members WHERE ul_group = '{$group_del}'")); @($sql = mysql_query("DELETE FROM uniletim_sections WHERE ul_group = '{$group_del}'")); @($sql = mysql_query("DELETE FROM uniletim_subsections WHERE ul_group = '{$group_del}'")); $result = _GROUP . " " . _WAS_DELETED_FEMALE; } // ADD GROUP if ($group_add != "") { mysql_query("select * from uniletim_groups"); if (mysql_affected_rows() == 0) { $dbInstalled = MySQL_Num_Rows(MySQL_Query("SHOW TABLES")) ? 1 : 0; if (!$dbInstalled) { include "./includes/tables.inc.php"; } } if ($mbr_password == "" || $grp_name == "") { $error = _INS_RQRD_DATA . "\n"; } elseif ($mbr_password != $mbr_password2) { $error = _PASSWD_TWICE_RQRD . "\n"; } else { mysql_query("select * from uniletim_members where mbr_login = '******'"); if (mysql_affected_rows() > 0) { $error1 = "<b>{$in_chu}</b>\n"; } else { mysql_query("select * from uniletim_groups where grp_name = '{$grp_name}'"); if (mysql_affected_rows() > 0) {
mainMenu(5); sparklets('<a href="./symbols.php">symboly</a> » <a href="./editsymbol.php?rid=' . $_POST['symbolid'] . '">úprava symbolu</a> » <strong>uložení změn neúspešné</strong>'); echo '<div id="obsah"><p>Chyba při ukládání změn, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>'; pageEnd(); } } // Ukoly if (isset($_REQUEST['acctask']) && is_numeric($_REQUEST['acctask']) && $usrinfo['right_text']) { auditTrail(10, 2, $_REQUEST['acctask']); MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=2, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['acctask']); // deleteAllUnread (1,$_REQUEST['delete']); Header('Location: ' . $_SERVER['HTTP_REFERER']); } if (isset($_REQUEST['rtrntask']) && is_numeric($_REQUEST['rtrntask']) && $usrinfo['right_text']) { auditTrail(10, 2, $_REQUEST['rtrntask']); MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=0, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['rtrntask']); // deleteAllUnread (1,$_REQUEST['delete']); Header('Location: ' . $_SERVER['HTTP_REFERER']); } if (isset($_REQUEST['fnshtask']) && is_numeric($_REQUEST['fnshtask'])) { auditTrail(10, 2, $_REQUEST['fnshtask']); MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=1, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['fnshtask']); // deleteAllUnread (1,$_REQUEST['delete']); Header('Location: ' . $_SERVER['HTTP_REFERER']); } if (isset($_REQUEST['cncltask']) && is_numeric($_REQUEST['cncltask']) && $usrinfo['right_text']) { auditTrail(10, 2, $_REQUEST['cncltask']); MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=3, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['cncltask']); // deleteAllUnread (1,$_REQUEST['delete']); Header('Location: ' . $_SERVER['HTTP_REFERER']); }
function custom_Filter($idtable, $idrecord = 0) { global $usrinfo; switch ($idtable) { case 1: $table = "persons"; break; case 2: $table = "groups"; break; case 3: $table = "cases"; break; case 4: $table = "reports"; break; case 8: $table = "users"; break; case 9: $table = "evilpts"; break; case 10: $table = "tasks"; break; case 11: $table = "audit"; break; case 13: $table = "search"; break; case 14: $table = "group" . $idrecord; break; case 15: $table = "p2c"; break; case 16: $table = "c2ar"; break; case 17: $table = "p2ar"; break; case 18: $table = "ar2c"; break; case 19: $table = "p2g"; break; case 20: $table = "sy2p"; break; case 21: $table = "sy2c"; break; case 22: $table = "sy2ar"; break; } $sql_cf = "SELECT filter FROM " . DB_PREFIX . "users WHERE id = " . $usrinfo['id']; $res_cf = MySQL_Query($sql_cf); $filter = $_REQUEST; // pokud přichází nový filtr a nejedná se o zadání úkolu či přidání zlobodů, případně pokud se jedná o konkrétní záznam a je nově filtrovaný, // použij nový filtr a ulož ho do databáze if (!empty($filter) && !isset($_POST['inserttask']) && !isset($_POST['addpoints']) && !isset($filter['rid']) || isset($filter['sort']) && isset($filter['rid'])) { if ($res_cf) { $rec_cf = MySQL_Fetch_Assoc($res_cf); $filters = unserialize($rec_cf['filter']); $filters[$table] = $filter; } else { $filters[$table] = $filter; } $sfilters = serialize($filters); $sql_scf = "UPDATE " . DB_PREFIX . "users SET filter='" . $sfilters . "' WHERE id=" . $usrinfo['id']; MySQL_Query($sql_scf); // v opačném případě zkontroluj, zda existuje odpovídající filtr v databázi, a pokud ano, načti jej } else { if ($res_cf) { $rec_cf = MySQL_Fetch_Assoc($res_cf); $filters = unserialize($rec_cf['filter']); if (!empty($filters)) { if (array_key_exists($table, $filters)) { $filter = $filters[$table]; } } } } return $filter; }
echo ' selected="selected"'; } ?> >tajná</option> <option value="2"<?php if ($rec['secret'] == 2) { echo ' selected="selected"'; } ?> >soukromá</option> </select> </div> <?php if ($usrinfo['right_power']) { $sql = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC"; $res_n = MySQL_Query($sql); echo '<div> <label for="nowner">Vlastník:</label> <select name="nowner" id="nowner">'; while ($rec_n = MySQL_Fetch_Assoc($res_n)) { echo '<option value="' . $rec_n['id'] . '"' . ($rec_n['id'] == $usrinfo['id'] ? ' selected="selected"' : '') . '>' . $rec_n['login'] . '</option>'; } echo '</select> </div>'; } else { echo '<input type="hidden" name="nowner" value="' . $rec['iduser'] . '" />'; } if ($usrinfo['right_org'] == 1) { echo ' <div> <label for="nnotnew">Není nové</label>
$sourceurl = "reports.php"; $sourcename = "hlášení"; break; default: $sourceurl = ""; $sourcename = ""; break; } sparklets('<a href="./' . $sourceurl . '">' . $sourcename . '</a> » <strong>úprava poznámky</strong> » <strong>uložení změn</strong>'); echo '<div id="obsah"><p>Chyba při ukládání změn, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>'; pageEnd(); } } // nová poznámka if (isset($_POST['setnote'])) { if (!preg_match('/^[[:blank:]]*$/i', $_POST['note']) && !preg_match('/^[[:blank:]]*$/i', $_POST['title']) && is_numeric($_POST['secret'])) { auditTrail($_POST['tableid'], 7, $_POST['itemid']); MySQL_Query("INSERT INTO " . DB_PREFIX . "notes VALUES('','" . mysql_real_escape_string($_POST['note']) . "','" . mysql_real_escape_string($_POST['title']) . "','" . Time() . "','" . $usrinfo['id'] . "','" . $_POST['tableid'] . "','" . $_POST['itemid'] . "','" . $_POST['secret'] . "','0')"); // echo '<div id="obsah"><p>Poznámka upravena.</p></div>'; if (!isset($_POST['nnotnew'])) { unreadRecords($_POST['tableid'], $_POST['itemid']); } } Header('Location: ' . $_POST['backurl']); } // vymazání poznámky if (isset($_GET['deletenote'])) { MySQl_Query("UPDATE " . DB_PREFIX . "notes SET deleted=1 WHERE " . DB_PREFIX . "notes.id=" . $_GET['deletenote']); // echo '<div id="obsah"><p>Poznámka smazána.</p></div>'; Header('Location: ' . URLDecode($_GET['backurl'])); }
} } if (isset($_POST['uploadfile']) && is_uploaded_file($_FILES['attachment']['tmp_name']) && is_numeric($_POST['caseid']) && is_numeric($_POST['secret'])) { auditTrail(3, 4, $_POST['caseid']); $newname = Time() . MD5(uniqid(Time() . Rand())); move_uploaded_file($_FILES['attachment']['tmp_name'], './files/' . $newname); $sql = "INSERT INTO " . DB_PREFIX . "data VALUES('','" . $newname . "','" . mysql_real_escape_string($_FILES['attachment']['name']) . "','" . mysql_real_escape_string($_FILES['attachment']['type']) . "','" . $_FILES['attachment']['size'] . "','" . Time() . "','" . $usrinfo['id'] . "','3','" . $_POST['caseid'] . "','" . $_POST['secret'] . "')"; MySQL_Query($sql); if (!isset($_POST['fnotnew'])) { unreadRecords(3, $_POST['caseid']); } Header('Location: ' . $_POST['backurl']); } else { if (isset($_POST['uploadfile'])) { pageStart('Přiložení souboru'); mainMenu(4); sparklets('<a href="./cases.php">případy</a> » <a href="./editcase.php?rid=' . $_POST['caseid'] . '">úprava případu</a> » <strong>přiložení souboru neúspěšné</strong>'); echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>'; pageEnd(); } } if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) { auditTrail(3, 5, $_GET['caseid']); if ($usrinfo['right_text']) { $fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); $frec = MySQL_Fetch_Assoc($fres); UnLink('./files/' . $frec['uniquename']); MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); } Header('Location: editcase.php?rid=' . $_GET['caseid']); }
public function Query($Query) { #------------------------------------------------------------------------------- if (!Is_String($Query)) { return ERROR | @Trigger_Error('[MySQL->Query]: первый параметр не является строкой'); } #------------------------------------------------------------------------------- if (!Is_Resource($this->Link)) { return ERROR | @Trigger_Error('[MySQL->Query]: нет соединения с MySQL'); } #------------------------------------------------------------------------------- Debug(SPrintF('[MySQL->Query]: %s', $Query)); #------------------------------------------------------------------------------- $this->Query = $Query; #------------------------------------------------------------------------------- $Result = MySQL_Query($Query, $this->Link); if ($Result) { return $Result; } #------------------------------------------------------------------------------- $Error = $this->GetError(); #------------------------------------------------------------------------------- return ERROR | @Trigger_Error(SPrintF('[MySQL->Query]: %s', $Error)); #------------------------------------------------------------------------------- }
<?php require_once './inc/func_main.php'; if (isset($_SESSION['sid'])) { auditTrail(5, 3, 0); } pageStart('Přidáno'); mainMenu(1); sparklets('<a href="./index.php">aktuality</a> » <a href="./newnews.php">nová aktualita</a> » <strong>přidáno</strong>'); if ($_POST['insertnews'] && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['nadpis']) && !preg_match('/^[[:blank:]]*$/i', $_POST['obsah']) && is_numeric($_POST['kategorie'])) { MySQL_Query("INSERT INTO " . DB_PREFIX . "news VALUES('','" . Time() . "','" . $usrinfo['id'] . "','" . $_POST['kategorie'] . "','" . mysql_real_escape_string(safeInput($_POST['nadpis'])) . "','" . mysql_real_escape_string($_POST['obsah']) . "')"); unreadRecords(5, 0); echo '<div id="obsah"><p>Aktualita vložena.</p></div>'; } else { echo '<div id="obsah"><p>Chyba při přidávání, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>'; } pageEnd();
<?php require_once './inc/func_main.php'; // odhlaseni MySQL_Query("DELETE FROM " . DB_PREFIX . "loggedin WHERE iduser=" . $usrinfo['id']); unset($_SESSION['sid']); Header('location: login.php');
<td class="filter"><input type="checkbox" name="ssymbols" value="1"' . ($ssymbols ? ' checked="checked"' : '') . '> Zobrazit symboly.</td> <td class="filter"><input type="checkbox" name="farchiv" value="1"' . ($farchiv == 1 ? ' checked="checked"' : '') . '> Zobrazit i archiv.</td> </tr> </table> <div id="filtersubmit"><input type="hidden" name="rid" value="' . $_REQUEST['rid'] . '" /><input type="submit" name="filter" value="Filtrovat" /></div> </fieldset> </form><form name="addpersons" action="addpersons.php" method="post" class="otherform">'; } filter(); // vypis osob if ($usrinfo['right_power']) { $sql = "SELECT " . DB_PREFIX . "persons.phone AS 'phone', " . DB_PREFIX . "persons.secret AS 'secret', " . DB_PREFIX . "persons.name AS 'name', " . DB_PREFIX . "persons.surname AS 'surname', " . DB_PREFIX . "persons.id AS 'id', " . DB_PREFIX . "persons.symbol AS 'symbol', " . DB_PREFIX . "ar2p.role AS 'role', " . DB_PREFIX . "ar2p.iduser FROM " . DB_PREFIX . "persons LEFT JOIN " . DB_PREFIX . "ar2p ON " . DB_PREFIX . "ar2p.idperson=" . DB_PREFIX . "persons.id AND " . DB_PREFIX . "ar2p.idreport=" . $_REQUEST['rid'] . " WHERE " . DB_PREFIX . "persons.deleted=0 " . $fsql_dead . $fsql_archiv . " ORDER BY " . $fsql_sort; } else { $sql = "SELECT " . DB_PREFIX . "persons.phone AS 'phone', " . DB_PREFIX . "persons.secret AS 'secret', " . DB_PREFIX . "persons.name AS 'name', " . DB_PREFIX . "persons.surname AS 'surname', " . DB_PREFIX . "persons.id AS 'id', " . DB_PREFIX . "persons.symbol AS 'symbol', " . DB_PREFIX . "ar2p.role AS 'role', " . DB_PREFIX . "ar2p.iduser FROM " . DB_PREFIX . "persons LEFT JOIN " . DB_PREFIX . "ar2p ON " . DB_PREFIX . "ar2p.idperson=" . DB_PREFIX . "persons.id AND " . DB_PREFIX . "ar2p.idreport=" . $_REQUEST['rid'] . " WHERE " . DB_PREFIX . "persons.deleted=0 " . $fsql_dead . $fsql_archiv . " AND " . DB_PREFIX . "persons.secret=0 ORDER BY " . $fsql_sort; } $res = MySQL_Query($sql); ?> <div id="in-form-table"> <?php if (MySQL_Num_Rows($res)) { echo '<table> <thead> <tr> <th>#</th> <th>Úloha</th> ' . ($sportraits ? '<th>Portrét</th>' : '') . ($ssymbols ? '<th>Symbol</th>' : '') . ' <th>Jméno</th> </tr> </thead> <tbody> ';
<?php if (isset($_POST['addBook'])) { if ($_POST['Name'] != null && $_POST['Author'] != null && $_POST['Annotation'] != null && $_POST['Pages'] != null && $_POST['Department'] != null && $_POST['Subject'] != null && $_POST['Tags'] != null && $_POST['Link'] != null) { $CountTable = mysql_query("SELECT COUNT(1) FROM books"); $Count = mysql_fetch_array($CountTable); $ID = $Count[0] + 1; $Name = $_POST['Name']; $Author = $_POST['Author']; $Annotation = $_POST['Annotation']; $Pages = $_POST['Pages']; $Department = $_POST['Department']; $Subject = $_POST['Subject']; $Tags = $_POST['Tags']; $Link = $_POST['Link']; $Date = date("d.m.Y"); MySQL_Query("INSERT INTO `{$database}`.`books` (`ID`, `Name`, `Author`, `Annotation`, `Pages`, `Department`, `Subject`, `Tags`, `Date`, `Appeals`, `LastAppeals`, `Link`) VALUES ('{$ID}', '{$Name}', '{$Author}', '{$Annotation}', '{$Pages}', '{$Department}', '{$Subject}', '{$Tags}', '{$Date}', '0', '{$Date}', '{$Link}')"); echo "Книга успешно добавлена.<br>"; } else { echo "Заполните все поля.<br>"; } } ?> <form method="post"> <table align="center" border="0"> <tr> <td>Название:</td> <td><input type="text" name="Name" value="<?php if ($_POST['Name'] != null) { echo $_POST['Name']; } ?>