function mysqlcon() { global $db_host, $db_user, $db_pass, $db_name, $db_charset; if (!@mysql_connect($db_host, $db_user, $db_pass)) die(m_error(mysql_error())); mysql_select_db($db_name); mysql_query("SET NAMES "._filter($db_charset).""); }
/** * AJAX to install a widget */ public function addAction() { $module = $this->getModule(); $name = _filter($this->params('name'), 'regexp', array('regexp' => '/^[a-z0-9_\\-]+$/')); $meta = sprintf('%s/meta/%s.php', Pi::service('module')->path($module), $name); if (!file_exists($meta)) { $meta = sprintf('%s/module/%s/meta/%s.php', Pi::path('custom'), $module, $name); } $block = (include $meta); $block['type'] = $this->type; $block['name'] = $name; if (empty($block['render'])) { $block['render'] = sprintf('Module\\Widget\\Render::%s', $name); } else { if (is_array($block['render'])) { $block['render'] = $block['render'][0] . '::' . $block['render'][1]; $class = $block['render'][0]; $method = $block['render'][1]; } else { list($class, $method) = explode('::', $block['render'], 2); } $renderClass = 'Custom\\Widget\\Render\\' . ucfirst($class); if (!class_exists($renderClass)) { $renderClass = 'Module\\Widget\\Render\\' . ucfirst($class); } $block['render'] = $renderClass . '::' . $method; } if (!isset($block['template'])) { $block['template'] = $name; } //$block['template'] = $name; $status = $this->addBlock($block); if ($status) { $message = sprintf(_a('The widget "%s" is installed.'), $name); } else { $message = sprintf(_a('The widget "%s" is not installed.'), $name); } return array('status' => $status, 'message' => $message); }
if ($act == "itemcard") { $modx->setPlaceholder('tsvoptions', $modx->runSnippet('TSVshop_options', array('docid' => $modx->documentIdentifier))); $modx->setPlaceholder('tsvservices', '<input type="hidden" name="formula" value="[*price*]" /><input type="hidden" name="cart_icon" value="[*cart_icon*]" /><script type="text/javascript">Ucalc("' . $modx->documentIdentifier . '")</script>'); $modx->setPlaceholder('tsvprice', '<span id="price' . $modx->documentIdentifier . '">[*price*]</span>'); $modx->setPlaceholder('tsvbattr', 'onkeypress="return testKey(event)" onChange="UserCalc(\'' . $modx->documentIdentifier . '\')"'); $evt = $modx->invokeEvent("TSVshopOnViewItemCard", array("itemid" => $modx->documentIdentifier, "type" => $tsvshop['TypeCat'])); } if ($act == "info") { print '<div id="infoblock_cont">' . tsv_display_infoblock($cache) . '</div>'; } if ($act == "basket") { print '<div id="basket_cont">' . tsv_display_cart($cache, "basket") . '</div>'; } if ($act == "checkout") { print '<div id="checkout_cont">' . tsv_display_cart($cache, "checkout") . '</div>'; } if ($act == "finish") { print tsv_display_success($cache); } if ($a == "clear") { tsv_clear_cart(); } if ($a == "del") { tsv_delete_item(_filter(intval($_GET['num']))); } if ($a == "add") { tsv_add_item($cache, $idnum, $name, $opt, $icon, $qty, $url, $typeitem); } if ($a == "chq") { tsv_modify_quantity(_filter(intval($_GET['num'])), _filter(floatval($_GET['qnt']))); }
'Q','R','S','T','U','V', 'W','X','Y','Z','1','2', '3','4','5','6','7','8', '9','0'); // Генерируем пароль $pass = ""; for($i = 0; $i < $number; $i++){// Вычисляем случайный индекс массива $index = rand(0, count($arr) - 1); $pass .= $arr[$index]; } return $pass; } $pass=generate_password($num); $password = md5($pass); if ($_POST['vindex'] == 'on') {$vindex = 1; } else {$vindex = 0;}; $send = mysql_query("INSERT INTO users VALUES(NULL,'"._filter($name)."','"._filter($password)."','"._filter($vindex)."')"); if ($send == 'true') { ?> Пользователь добавлен! Его логин - <?=$name?>, пароль - <?=$pass?> <? exit; } else { ?> Неизвестная ошибка <?
function map($s) { $s->assign("lat",LAT_YOLA); $s->assign("lon",LON_YOLA); $s->assign("YANDEX_KEY",YANDEX_KEY); $ids = ''; $rooms = ''; $prices = ''; $prices_m = ''; $areas = ''; $addresses = ''; $storeys = ''; $dates = ''; $types = ''; $lons = ''; $lats = ''; $photos = ''; $icons = ''; if (!isset($_REQUEST['act']) || $_REQUEST['act']=='sales') { $status=REALTY_STATUS_SALE; } else { $status=REALTY_STATUS_RENT; } $res = _filter($status); $add_sql = "f.updated_on>'".getNextDate(date('Y-m-d'),-30)."' AND t.status=".REALTY_STATUS_ACTIVE.' AND '.$res['sql']; $db_res = Land::getFullListLink($add_sql); while ($row = $db_res->fetchRow()) { $ids .= $row['id'].','; $rooms .= $row['rooms'].','; $prices .= "'".number_format($row['price'],0)."',"; $prices_m .= "'".number_format($row['price_m'],0)."',"; $areas .= "'".$row['total_area']."',"; $addr = "{$row['street']}, {$row['tnum']}"; $addresses .= "'".$addr."',"; $date = explode(' ',$row['updated_on']); $ds = explode('-',$date[0]); $date = $ds[2].'.'.$ds[1].'.'.$ds[0]; $dates .= "'".$date."',"; $storeys .= "'".$row['storey']."/".$row['storeys']."',"; $types .= "'".Tenement::$TYPE[$row['ttype']]."',"; $lons .= "'".$row['lon']."',"; $lats .= "'".$row['lat']."',"; $photo = ($row['photo_tenement']!='') ? $row['tenement_id']."/".$row['photo_tenement']."_prev" : ''; $photos .= "'".$photo."',"; if ($row['price_m']<30000) { $color = 'a'; } else if ($row['price_m']<40000) { $color = 'b'; } else { $color = 'c'; } $ri = ($row['rooms']<4) ? $row['rooms'] : 3; $icons .= "'".$ri."k".$color."',"; } $s->assign("ids",$ids); $s->assign("rooms",$rooms); $s->assign("prices",$prices); $s->assign("prices_m",$prices_m); $s->assign("areas",$areas); $s->assign("addresses",$addresses); $s->assign("storeys",$storeys); $s->assign("dates",$dates); $s->assign("types",$types); $s->assign("lons",$lons); $s->assign("lats",$lats); $s->assign("photos",$photos); $s->assign("icons",$icons); $block_html = Html::getBlock('Квартиры на продажу на карте Йошкар-Олы',Html::pagelandMap()); $s->assign("block_html",$block_html); $s->display("land_map.tpl"); }
function vieworder($filename) { global $modx, $shop_lang, $theme, $tsvshop, $tables, $moduleid, $modulea; $user = $modx->userLoggedIn(); $out = ""; $output_sales_notice = ""; $output_sales_error = ""; $temp = ""; $act = $_GET['act']; $id = _filter($_GET['idorder'], 1); $filename = empty($filename) ? TSVSHOP_PATH . 'addons/sales/tpl/orderview.tpl' : $filename; if ($user['usertype'] == "manager") { if (!empty($act) && $act == "vieworder" && $tables['sales'] != "none" && $tsvshop['dborders'] != "" && !empty($id) && is_numeric($id)) { if ($res = $modx->db->select('*', $tsvshop['dborders'], 'numorder = "' . $id . '"', 'numorder', '1')) { $row = $modx->db->getRow($res); $url = "index.php"; $tpl = get_file_contents($filename); $row1 = array('moduleurl' => $url, 'modulea' => $modulea, 'moduleid' => $moduleid, 'theme' => $theme); $tpltr = getStr($tpl, '<!--repeat-->', '<!--/repeat-->'); $row = array_merge($shop_lang, $row1, $row); foreach ($row as $key => $value) { if (in_array($key, explode(",", $tsvshop['SecFields']))) { $value = DeCryptMessage($value, $tsvshop['SecPassword']); } if ($key == "dateorder") { $value = date("d.m.Y H:i:s", $value); } if ($key == "status") { $tpl = str_replace('[+buildstatus+]', '<select name="status" id="status">' . buildstatus($value, explode("||", $tsvshop['StatusOrder'])) . '</select>', $tpl); } $tpl = str_replace('[+' . $key . '+]', $value, $tpl); } if ($res = $modx->db->select('*', $tsvshop['dborders_details'], 'numorder = "' . $id . '"', 'numorder')) { while ($order = $modx->db->getRow($res)) { $row = array_merge($row, $order); $r++; $temp = str_replace('[+moduleid+]', $_GET['id'], $tpltr); foreach ($order as $key => $value) { $temp = str_replace('[+' . $key . '+]', $value, $temp); } $temp = str_replace('[+num+]', $r, $temp); $out .= $temp; } $out = str_replace($tpltr, $out, $tpl); $out = preg_replace('/(\\[\\+.*?\\+\\])/', '', $out); return $out; } } //--- } } }
function _filter($var, $sql = 0) { global $modx; $tmp = array(); if (!is_array($var)) { $var = shop_striptags($var); $var = str_replace("\n", " ", $var); $var = str_replace("\r", "", $var); //$var = htmlentities($var); if ($sql == 1) { $var = $modx->db->escape($var); } } else { foreach ($var as $k => $v) { $tmp[$k] = _filter($v, $sql); } $var = $tmp; unset($tmp); } return $var; }
$name = htmlspecialchars($_POST['sitename']); $name = iconv( "utf-8", "windows-1251", $name); $slogan = htmlspecialchars($_POST['slogan']); $slogan = iconv( "utf-8", "windows-1251", $slogan); $theme = htmlspecialchars($_POST['theme']); $theme = iconv( "utf-8", "windows-1251", $theme); $sp = htmlspecialchars($_POST['startpage']); $sp = iconv( "utf-8", "windows-1251", $sp); if ($_POST['on'] == 'on') {$vindex = 1; } else {$vindex = 0;}; $send = mysql_query("UPDATE config SET value = '"._filter($name)."' WHERE name = 'sitename'"); $send = mysql_query("UPDATE config SET value = '"._filter($slogan)."' WHERE name = 'siteslogan'"); $send = mysql_query("UPDATE config SET value = '"._filter($theme)."' WHERE name = 'theme'"); $send = mysql_query("UPDATE config SET value = '"._filter($vindex)."' WHERE name = 'notworking'"); $send = mysql_query("UPDATE config SET value = '"._filter($sp)."' WHERE name = 'sp'"); if ($send == 'true') { ?> Настройки сохранены <? die; } else { ?> Ошибка <? }
if ($_POST) { if (empty($_POST['name'])) { ?> Введите название категории! <? exit; } $name = htmlspecialchars($_POST['name']); $name = iconv( "utf-8", "windows-1251", $name); if ($_POST['vindex'] == 'on') {$vindex = 1; } else {$vindex = 0;}; $send = mysql_query("INSERT INTO categories VALUES(NULL, '"._filter($name)."', '"._filter($vindex)."')"); if ($send == 'true') { ?> Категория добавлена! <? exit; } else { ?> <?=$errorlang?> <?
else { ?> Ошибка! <? } exit; } if ($_GET["action"] == 'edit' || !empty($_GET["id"])) { $id =$_GET["id"]; $query = mysql_query("SELECT * FROM pages WHERE id='"._filter($id)."'"); $rower = mysql_fetch_array($query); if (mysql_num_rows($query) == 0) { die ("Страница не существует!"); } $title = $rower["name"];
mysql_query("INSERT INTO `users` (`login`, `password`, `admin`) VALUES ('"._filter($login)."', '"._filter($upass)."', 1)") or die(m_error(mysql_error())); $date = date('Y-m-d H:i:s', $date); mysql_query("INSERT INTO `config` (`id`, `name`, `value`) VALUES (1, 'theme', 'lcms'), (2, 'sitename', 'Light Cms'), (3, 'siteslogan', 'Тест)))'), (4, 'posts_num', '10'), (5, 'cutpostcount', '1000'), (6, 'cmsname', 'Light CMS'), (7, 'curcmsver', '0.5.0 RC2'), (8, 'mail', '"._filter($mail)."'), (9, 'aupdate', '"._filter($au)."'), (10, 'notworking', '0'), (11, 'sp', '')") or die(m_error(mysql_error())); ?> <script> location="index.php"; document.location.href="index.php"; window.location.reload("index.php"); document.location.replace("index.php"); </script> <? } ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> <head>
/** * Filter value with filter_var * * @param mixed $value Value to be filtered * @param int|string $filter * String for filter name or int for filter_id * @param mixed $options * @return mixed */ public function filter($value, $filter, $options = null) { $value = _filter($value, $filter, $options); return $value; }
bark("Прямой доступ к этому файлу не разрешен."); } $ip = $_SERVER['REMOTE_ADDR']; $ipquery = mysql_query("SELECT * FROM views WHERE ip='" . _filter($ip) . "' AND postid = '" . _filter($id) . "'"); if (mysql_num_rows($ipquery) == 0) { mysql_query("INSERT INTO views VALUES(NULL,'" . _filter($id) . "','" . _filter($ip) . "')"); mysql_query("UPDATE posts SET views = views + 1 WHERE id = " . _filter($id) . ""); } $smarty->display('header.tpl'); $smarty->display('right.tpl'); $pnum = 10; $curp = $pnum * $page; $news = mysql_query("SELECT * FROM posts WHERE id='" . _filter($id) . "'"); $rows = array(); while ($row = mysql_fetch_array($news)) { $rows[] = $row; } $smarty->assign('news', $rows); $smarty->display('content.tpl'); $comm = mysql_query("SELECT * FROM comments WHERE postid = '" . _filter($id) . "' ORDER BY id DESC "); $com = array(); while ($row = mysql_fetch_array($comm)) { $com[] = $row; } $smarty->assign('comments', $com); $smarty->display('comment.tpl'); ?> <hr /> <? include ("templates/$theme/addcomment.php"); $smarty->display('footer.tpl');
include_once $_api_path . 'assets/snippets/tsvshop/admin/includes/core.inc.php'; include_once $_api_path . 'assets/snippets/tsvshop/include/cart.inc.php'; include_once $_api_path . 'assets/snippets/tsvshop/include/config.inc.php'; $modx->config['base_path'] = $tsvshop['basePath']; $modx->config['modx_charset'] = $tsvshop['charset']; define("TSVSHOP_PATH", MODX_BASE_PATH . "assets/snippets/tsvshop/"); define("TSVSHOP_URL", MODX_BASE_URL . "assets/snippets/tsvshop/"); define("TSVSHOP_SURL", MODX_SITE_URL . "assets/snippets/tsvshop/"); $mode = _filter($_REQUEST['mode']); $idnum = _filter(intval($_REQUEST['idnum'])); $name = _filter($_REQUEST['name']); $price = _filter($_REQUEST['price']); $icon = _filter($_REQUEST['icon']); $opt = _filter($_REQUEST['opt']); $qty = ($q = _filter($_REQUEST['qty'])) ? $q : 1; $typeitem = ($t = _filter($_REQUEST['typeitem'])) ? $t : 'physical'; //$url = ($u = _filter($_REQUEST['url'])) ? $u : "&tovar=".$idnum; //$url = ($tsvshop['TypeCat']=='docs' || empty($tsvshop['TypeCat'])) ? $modx->makeUrl($idnum) : "&tovar=".$idnum; $url = $idnum; $addonspath = TSVSHOP_PATH . "addons/"; if (!($folders = $cache->cache('folders', 'tsvshop'))) { $folders = scandir($addonspath, 1); $cache->cache('folders', 'tsvshop', $folders); } foreach ($folders as $folder) { if ($folder != "." && $folder != "..") { $file = $addonspath . $folder . '/includes/functions.inc.php'; $langfile = $addonspath . $folder . '/lang/' . $tsvshop['lang'] . '.inc.php'; if ($tsvshop['addons_' . $folder . '_active'] == "yes") { if (file_exists($file) && file_exists($langfile)) { require_once $file;
else { ?> Ошибка! <? exit; } exit; } if ($_GET["action"] == 'edit' || !empty($_GET["id"])) { $id =$_GET["id"]; $query = mysql_query("SELECT * FROM categories WHERE id='"._filter($id)."'"); $rower = mysql_fetch_array($query); if (mysql_num_rows($query) == 0) { ?> Таких тут нет:) <? exit; }
global $modx, $shop_lang; $user = $modx->userLoggedIn(); $output = ""; $output_sales_notice = ""; $output_sales_error = ""; $act = $_GET['act']; if ($user['usertype'] == "manager") { if (!empty($act) && $act == "addonoff" && !empty($addon) && $tables[$addon] != "system") { setConf("addons", $addon . "_active", "no", 1); $output = notice($shop_lang['addons_off_ok'], 'success'); } } return $output; } $anotice = ""; $addon = _filter($_GET['addon'], 1); switch ($_GET['act']) { case 'addoninstall': $anotice .= install_addon($addon); break; case 'addonuninstall': $anotice .= uninstall_addon($addon); break; case 'addonon': $anotice .= on_addon($addon); break; case 'addonoff': $anotice .= off_addon($addon); break; } ?>
die; } } } ?> <div id="rightside"> <div class="headings alt"> <h2><?php echo $pagename; ?> </h2> </div> <div class="contentbox"> <? $query = mysql_query("SELECT id,login FROM users WHERE admin = '0' ORDER BY id DESC"); $query1 = mysql_query("SELECT * FROM users WHERE login = '******'minibo_login'])."' AND password = '******'minibo_password'])."' AND admin = '1' ORDER BY id DESC"); if (mysql_num_rows($query) > 0 && mysql_num_rows($query1) == 1) { $rower = mysql_fetch_array($query); ?> <table width="100%"> <thead> <tr> <th>Администратор</th> <th>Действия</th> </tr> </thead> <tbody> <?php do { $id = $rower['id'];
$frompage = $config[10]; $host = $config[11]; if($nw == 1) { session_start(); if (!isset($_SESSION['admin_id'])) { if (isset($_COOKIE['minibo_login']) && isset($_COOKIE['minibo_password'])) { $login = mysql_real_escape_string($_COOKIE['minibo_login']); $password = mysql_real_escape_string($_COOKIE['minibo_password']); $query = mysql_query("SELECT id FROM users WHERE login='******' AND password='******' LIMIT 1") or die(m_error(mysql_error())); if (mysql_num_rows($query) == 1) { $sqlrow = mysql_fetch_array($query); $_SESSION['admin_id'] = $sqlrow['id']; } else { } }
$text = iconv( "utf-8", "windows-1251", $text); $page = $_POST['page']; $page = iconv( "utf-8", "windows-1251", $page); $rusname = rus2translit($name); $rusname = strtolower($rusname); $date = time(); $proverka = mysql_query("SELECT * FROM pages WHERE page='"._filter($page)."'"); if(mysql_num_rows($proverka) >= 1) { m_error("Такая страница уже существует"); exit; } $send = mysql_query("INSERT INTO pages VALUES(NULL,'"._filter($name)."','"._filter2($text)."','"._filter($date)."','"._filter($page)."', '0')"); if ($send == 'true') { ?> Страница добавлена! <? exit; } else { ?> Неизвестная ошибка <?
function tsv_Finish(&$fields) { global $modx, $session, $tsvshop, $shop_lang, $mail; include $modx->config['base_path'] . MGR_DIR . "/includes/controls/class.phpmailer.php"; include TSVSHOP_PATH . "include/config.inc.php"; if (!$mail) { $mail = new PHPMailer(); } $order = $orderfields = array(); $today = date("d.m.Y "); $strMessageBody = ""; $strMessageBody1 = ""; //Подключаем чанк письма - переменная tplmail $tplmail = getTpl($tsvshop['tplmailadmin']); $tplmail1 = getTpl($tsvshop['tplmailklient']); //Выделяем из него ту часть, которая отвечает за таблицу товаров $tablemail = preg_replace("#.*?(<!--table-->(.*?)<!--/table-->|\$)#is", "\$2", $tplmail); $tablemail1 = preg_replace("#.*?(<!--table-->(.*?)<!--/table-->|\$)#is", "\$2", $tplmail1); $table = ""; $table1 = ""; //Поля по умолчанию $fields['dateorder'] = time(); $status = explode("||", $tsvshop['StatusOrder']); //$fields['status'] = $status[0]; //тут выводим статус по умолчанию $tmpstatus = explode("==", $status[0]); //тут выводим статус по умолчанию $fields['status'] = $tmpstatus[0]; $payinfo = explode("_", $fields['payments']); $fields['payments'] = $payinfo[1]; $evt = $modx->invokeEvent("TSVshopOnUserFormFieldsRender", array("fields" => $fields)); if (is_array($evt) && !empty($evt[0])) { $fields = $evt[0]; } if (sizeof($tsvshop['customfields']) > 0) { //v5.3 //добавление в БД недостающих полей tsv_AddFieldstoDB($tsvshop['dborders'], $tsvshop['customfields']); foreach ($tsvshop['customfields'] as $cfield) { //проверяем кастомные поля на существование $cfield = _filter(trim($cfield)); if (!empty($_SESSION[$session]['result'][$cfield])) { $order[$cfield] = _filter($_SESSION[$session]['result'][$cfield]); } if (!empty($fields[$cfield])) { if (empty($order[$cfield])) { $order[$cfield] = _filter($fields[$cfield]); } if (empty($_SESSION[$session]['result'][$cfield])) { $_SESSION[$session]['result'][$cfield] = _filter($fields[$cfield]); } } } } //формируем поля для данных заказа $sf = explode(",", $tsvshop['sysfields']); //v5.3 //добавление в БД недостающих полей tsv_AddFieldstoDB($tsvshop['dborders'], $tsvshop['sysfields']); foreach ($sf as $sfield) { $sfield = _filter(trim($sfield)); if (!empty($_SESSION[$session]['result'][$sfield])) { if (in_array($sfield, explode(",", $tsvshop['SecFields']))) { $_SESSION[$session]['result'][$sfield] = CryptMessage($_SESSION[$session]['result'][$sfield], $tsvshop['SecPassword']); } $order[$sfield] = $_SESSION[$session]['result'][$sfield]; } if (!empty($fields[$sfield])) { if (in_array($sfield, explode(",", $tsvshop['SecFields']))) { $fields[$sfield] = CryptMessage($fields[$sfield], $tsvshop['SecPassword']); } if (empty($order[$sfield])) { $order[$sfield] = $fields[$sfield]; } if (empty($_SESSION[$session]['result'][$sfield])) { $_SESSION[$session]['result'][$sfield] = $fields[$sfield]; } } } //запись данных о заказе в базу данных if (sizeof($order) > 0) { $modx->db->insert($order, $tsvshop['dborders']); } //берем последний ИД заказа функцией $numorder=$modx->db->getInsertId(); $numorder = $modx->db->getInsertId(); $_SESSION[$session]['result']['numorder'] = $numorder; $_SESSION[$session]['result']['payment'] = $payinfo[1]; $_SESSION[$session]['result']['paytype'] = $payinfo[0]; $order['numorder'] = _filter($_SESSION[$session]['result']['numorder']); //формируем поля для подробностей заказа $count = sizeof($_SESSION[$session]['orders']); if (!empty($count)) { for ($i = $count - 1; $i >= 0; $i--) { $tmp = $tablemail; // для письма $tmp1 = $tablemail1; // для письма $price = tsv_CalcPrice($_SESSION[$session]['orders'][$i]['price'], $_SESSION[$session]['orders'][$i]['qty'], $_SESSION[$session]['orders'][$i]['opt']); $orderfields = array('numorder' => $numorder, 'name' => $_SESSION[$session]['orders'][$i]['name'], 'articul' => $_SESSION[$session]['orders'][$i]['articul'], 'price' => $price, 'icon' => $_SESSION[$session]['orders'][$i]['icon'], 'quantity' => $_SESSION[$session]['orders'][$i]['qty'], 'url' => $_SESSION[$session]['orders'][$i]['url'], 'options' => $_SESSION[$session]['orders'][$i]['opt'], 'typeitem' => $_SESSION[$session]['orders'][$i]['typeitem']); //формируем таблицу товаров для письма v 5.0.1 foreach ($_SESSION[$session]['orders'][$i] as $key => $val) { switch ($key) { case 'price': $tmp = str_replace("[+shop.mail.price+]", $price, $tmp); $tmp1 = str_replace("[+shop.mail.price+]", $price, $tmp1); break; case 'qty': $tmp = str_replace("[+shop.mail.quantity+]", $val, $tmp); $tmp1 = str_replace("[+shop.mail.quantity+]", $val, $tmp1); break; default: $tmp = str_replace("[+shop.mail." . $key . "+]", $val, $tmp); $tmp1 = str_replace("[+shop.mail." . $key . "+]", $val, $tmp1); $tmp = str_replace("[+shop.mail.num+]", $i, $tmp); $tmp1 = str_replace("[+shop.mail.num+]", $i, $tmp1); break; } } $tmp = str_replace("[+shop.mail.summa+]", tsv_CalcPrice($_SESSION[$session]['orders'][$i]['price'], $_SESSION[$session]['orders'][$i]['qty'], $_SESSION[$session]['orders'][$i]['opt']) * $_SESSION[$session]['orders'][$i]['qty'], $tmp); $tmp1 = str_replace("[+shop.mail.summa+]", tsv_CalcPrice($_SESSION[$session]['orders'][$i]['price'], $_SESSION[$session]['orders'][$i]['qty'], $_SESSION[$session]['orders'][$i]['opt']) * $_SESSION[$session]['orders'][$i]['qty'], $tmp1); $table .= $tmp; $table1 .= $tmp1; //записываем заказы в таблицу if (sizeof($orderfields) > 0) { $modx->db->insert($orderfields, $tsvshop['dborders_details']); } } } //вставляем в шаблон письма сформированную таблицу заказа $strMessageBody = str_replace($tablemail, $table, $tplmail); $strMessageBody1 = str_replace($tablemail1, $table1, $tplmail1); $cf = explode(",", $tsvshop['sysfields']) + $tsvshop['customfields']; foreach ($fields as $key => $value) { if (is_array($cf) && !in_array($key, $cf)) { $strMessageBody = str_replace("[+shop.mail." . $key . "+]", _filter($value), $strMessageBody); $strMessageBody1 = str_replace("[+shop.mail." . $key . "+]", _filter($value), $strMessageBody1); } } $strMessageBody = str_replace("[+shop.mail.monetary+]", $tsvshop['MonetarySymbol'], $strMessageBody); $strMessageBody1 = str_replace("[+shop.mail.monetary+]", $tsvshop['MonetarySymbol'], $strMessageBody1); //if (sizeof($order)>0) { if (sizeof($_SESSION[$session]['result']) > 0) { foreach ($_SESSION[$session]['result'] as $key => $val) { if ($key == "dateorder") { $val = date("d.m.Y H:i:s", $val); } if (in_array($key, explode(",", $tsvshop['SecFields']))) { $val = DeCryptMessage($val, $tsvshop['SecPassword']); } $strMessageBody = str_replace("[+shop.mail." . $key . "+]", $val, $strMessageBody); $strMessageBody1 = str_replace("[+shop.mail." . $key . "+]", $val, $strMessageBody1); } } //и результат помещаем в переменную $fields['orderData'] $fields['orderData'] = $table; //отсылаем письма админу //$modx->webAlert(print_r($order)); $strMessageBody = preg_replace('/(\\[\\+.*?\\+\\])/', '', $strMessageBody); $strMessageBody1 = preg_replace('/(\\[\\+.*?\\+\\])/', '', $strMessageBody1); //обрабатываем текст писем на сниппеты и чанки $modx->minParserPasses = 2; $strMessageBody = $modx->evalSnippets($strMessageBody); $strMessageBody1 = $modx->evalSnippets($strMessageBody1); if (empty($tsvshop['SmtpFromEmail'])) { $tsvshop['SmtpFromEmail'] = $tsvshop['youremail']; } tsv_sendMail($tsvshop['SmtpFromEmail'], $tsvshop['SubjectMailAdmin'], $strMessageBody, 'true'); //и клиенту if (in_array('email', explode(",", $tsvshop['SecFields']))) { $fields['email'] = DeCryptMessage($fields['email'], $tsvshop['SecPassword']); } tsv_sendMail($fields['email'], $tsvshop['SubjectMailUser'], $strMessageBody1, 'true'); $_SESSION['tsvshopfin']['orders'] = $_SESSION[$session]['orders']; $_SESSION['tsvshopfin']['result'] = $_SESSION[$session]['result']; //if (sizeof($orderfields)>0) {$evt = $modx->invokeEvent("TSVshopOnOrderSuccess",array("fields" =>$_SESSION['tsvshopfin']));} $modx->invokeEvent("TSVshopOnOrderSuccess"); $_SESSION[$session] = array(); return true; }
<?php include "include/init.php"; $id = $_GET["page"]; $news = mysql_query("SELECT * FROM pages WHERE page='" . _filter($id) . "'"); if (mysql_num_rows($news) == 0) { bark("см"); } $smarty->display('header.tpl'); $smarty->display('right.tpl'); $pnum = 10; $curp = $pnum * $page; $rows = array(); while ($row = mysql_fetch_array($news)) { $rows[] = $row; } $smarty->assign('news', $rows); $smarty->display('pages.tpl'); $smarty->display('footer.tpl');
?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="author" content="Suraj Jain" /> <title>Opencart - Change URL Pattern | Developersign</title> <link rel="stylesheet" href="css/devsj.css" media="all" /> </head> <body> <div id="main"> <div class="top-menu"> <ul> <?php foreach (glob("*.php") as $file) { echo '<li><a href="' . $file . '">' . _filter($file) . '</a></li>'; } ?> </ul> </div> <h1>Opencart - Change URL Pattern</h1> <?php if (isset($_POST['replaceBy'], $_POST['replaceTo'], $_POST['url_pattern'], $_POST['currentTheme']) && !empty($_POST['replaceBy']) && !empty($_POST['replaceTo']) && !empty($_POST['currentTheme'])) { extract($_POST); /* / This is a new replacement value to change url pattern. */ if (!scan($replaceBy)) { Session::_setSession('status', '<p style="margin-top: 5px;color: red;">Invalid Text.</p>'); Redirect::to('index.php');
<? include (getenv ("DOCUMENT_ROOT")."/include/config.php"); include (getenv ("DOCUMENT_ROOT")."/include/functions.php"); include (getenv ("DOCUMENT_ROOT")."/lang/russian.php"); mysqlcon(); include('chklogin.php'); $idt = $_GET["id"]; $delete = mysql_query("DELETE FROM pages WHERE id = '"._filter($idt)."'"); if ($delete == 'true') { ?> Страница удалена! <? exit; } else { ?> Ошибка системы! <? }
<?php ob_start(); session_start(); include getenv("DOCUMENT_ROOT") . "/include/config.php"; include getenv("DOCUMENT_ROOT") . "/include/functions.php"; include getenv("DOCUMENT_ROOT") . "/lang/russian.php"; mysqlcon(); include "chklogin.php"; $pagename = $adminlang['con_posts']; require "adminskin/head.php"; if (!empty($_POST['pnum'])) { $pnum = htmlspecialchars($_POST['pnum']); $cutcount = htmlspecialchars($_POST['cutcount']); $send = mysql_query("UPDATE config SET value = '" . _filter($pnum) . "' WHERE name = 'posts_num'"); $send = mysql_query("UPDATE config SET value = '" . _filter($cutcount) . "' WHERE name = 'cutpostcount'"); if ($send == 'true') { print '<br><h2>' . $adminlang['con_posts'] . '</h2><br>' . $adminlang['edit_config_suc']; die; } } $query = mysql_query("SELECT * FROM config"); $roc = mysql_fetch_array($query); do { $config[] = $roc['value']; } while ($roc = mysql_fetch_array($query)); $pnum = $config[3]; $cutcount = $config[4]; ?> <br><h2><?php
function tsv_showorder() { global $modx, $tsvshop; $dborders = $modx->getFullTableName('shop_order'); $dborders_details = $modx->getFullTableName('shop_order_detail'); $userid = $modx->getLoginUserID(); $i = explode(":", _filter($_GET['i'], 1)); $n = $i[0]; $c = $i[1]; $out = ""; $r = 0; $temp = ""; $filename = $modx->config['base_path'] . 'assets/snippets/tsvoffice/tpl/orderview.tpl'; if (!empty($n) && !empty($c) && !empty($userid)) { $res = $modx->db->select('*', $dborders, 'numorder = "' . $n . '" AND code="' . $c . '" AND userid="' . $userid . '"', 'numorder', '1'); $row = $modx->db->getRow($res); if ($res && is_array($row)) { //$row = $modx->db->getRow($res); $tpl = get_file_contents($filename); $tpltr = getStr($tpl, '<!--repeat-->', '<!--/repeat-->'); foreach ($row as $key => $value) { if (in_array($key, explode(",", $tsvshop['SecFields']))) { $value = DeCryptMessage($value, $tsvshop['SecPassword']); //echo "key=".$key.", value=".$value; } if ($key == "dateorder") { $value = date("d.m.Y H:i:s", $value); } // игнорируем дисконтную карту, проверим позже if ($key == "discountnum") { $value = '[+discountnum+]'; } // $tpl = str_replace('[+' . $key . '+]', $value, $tpl); } // Проверим валидна ли дисконтная карта и если её нет в базе выведем предупреждение if ($tsvshop['addons_discount_active'] == 'yes') { $discountres = $modx->db->query("SELECT * FROM " . $modx->getFullTableName('shop_discount') . " AS a WHERE a.discountnum = '" . $row['discountnum'] . "' AND a.active = 1 AND (a.use < a.count OR a.count = 0) AND (a.summa >= '" . $sub . "' OR a.summa = 0) LIMIT 1"); $discountrow = $modx->db->getRow($discountres); } if ($discountrow['discountnum']) { $tpl = str_replace('[+discountnum+]', $discountrow['discountnum'], $tpl); } else { $tpl = str_replace('[+discountnum+]', '<span class="error_discount">Карта указана неверно или неактивна</span>', $tpl); } // end if ($res = $modx->db->select('*', $dborders_details, 'numorder = "' . $n . '"', 'numorder')) { while ($row = $modx->db->getRow($res)) { $r++; $temp = $tpltr; foreach ($row as $key => $value) { $temp = str_replace('[+' . $key . '+]', $value, $temp); } $temp = str_replace('[+num+]', $r, $temp); $out .= $temp; } $out = str_replace($tpltr, $out, $tpl); $out = preg_replace('/(\\[\\+.*?\\+\\])/', '', $out); return $out; } } else { return '<div class="error">Извините, но такого заказа не существует.</div>'; } } else { return '<div class="error">Извините, но такого заказа не существует.</div>'; } // если номер заказа, ид пользователя и код доступа подходят, выдаем подробности заказа // backid }
include (getenv ("DOCUMENT_ROOT")."/include/config.php"); include (getenv ("DOCUMENT_ROOT")."/include/functions.php"); include (getenv ("DOCUMENT_ROOT")."/lang/russian.php"); mysqlcon(); include ("chklogin.php"); $pagename = $adminlang['editpage']; require("adminskin/head.php"); $dir = _filter($_GET['dir']); if (!empty($dir)) { ?> <div id="rightside"> <div class="headings alt"> <h2><?=$pagename?></h2> </div> <div class="contentbox"> <iframe width="100%" id="myframe" name="myframe" class="autoHeight" scrolling="auto" frameborder="0" src="modules/<?=$dir?>/index.php"> Включите поддержку IFrame! </iframe> <? } else {
<? exit;}} else{ echo "hi"; } $rand = ('#<page>(.*?)</page>#is'); //(.*?) - рандомное значение preg_match_all($rand,$open,$out); for($i = 0; $i < count($out[1]); $i++) {$up1 = "".$out[1][$i]."";} $up8 = $up1.$up8; if($up8 == 1 || $up8 == 2) { $q2 = mysql_query("DELETE FROM pages WHERE mod_id = '"._filter($idt)."'")or die(m_error(mysql_error())); if ($q2 == 'true') { }else { ?><?php echo $errorlang; ?> <? exit;}} else{ echo "hi"; } $delete = mysql_query("DELETE FROM modules WHERE id = '"._filter($idt)."'")or die(m_error(mysql_error())); if ($delete == 'true') {?> Модуль удалён!<? exit; }else { ?><?php echo $errorlang; ?> <? exit;} ?>
$text = $_POST['text']; $text = iconv( "utf-8", "windows-1251", $text); if ($_POST['vindex'] == 'on') {$vindex = 1; } else {$vindex = 0;}; $catquery = mysql_query("SELECT catvis FROM categories WHERE id = "._filter($category).""); $rower = mysql_fetch_array($catquery); if ($rower['catvis'] == 1) {$vindex = 1;} $date = time(); $send = mysql_query("INSERT INTO posts VALUES(NULL, '"._filter($category)."','"._filter($name)."','"._filter2($text)."','"._filter($date)."', 0, 0, "._filter($vindex).", 0)"); if ($send == 'true') { ?> Вы добавили новость! <? exit; } else { ?> Ошибка! <?
} if ($temps[2 + $i] != $file) { echo "<option value='" . $temps[2 + $i] . "'>" . $temps[2 + $i]; } $i++; } ?> </select><br><br> <? } ?> <?php echo mysql_real_escape_string($lang['position']); ?> <br><br><input type="text" id="textfield" class="inputbox" name="pos" value="<?php echo _filter($pos); ?> "/><br /><br> <br><br> <input name="sid" type="hidden" value="<?php echo $id; ?> "> <input type="submit" value="Submit" class="btn" /> </form> </div> </div> <?php include "menu.php";
<? include (getenv ("DOCUMENT_ROOT")."/include/config.php"); include (getenv ("DOCUMENT_ROOT")."/include/functions.php"); include (getenv ("DOCUMENT_ROOT")."/lang/russian.php"); mysqlcon(); include('chklogin.php'); $idt = $_GET["id"]; $delete = mysql_query("DELETE FROM categories WHERE id = '"._filter($idt)."'"); mysql_query("UPDATE posts SET catid = 1 WHERE catid = '"._filter($idt)."'"); if ($delete == 'true') {?> Категория удалена!<? exit; }else { ?><?php echo $errorlang; ?> <? exit;} ?>