/** * Updates the players name associated with the passed uuid. * * @param playerUUID The UUID of the player to update * @param playerName The new name for the player * @return True on success, false on failure */ function setPlayerName($playerUUID, $playerName) { // do the update based on the internal ID, rather than the public UUID $playerID = getPlayerFromUUID($playerUUID); $qryUpdate = 'UPDATE players SET name = \'' . dbEscape($playerName) . '\' WHERE id = \'' . (int) dbEscape($playerID) . '\''; $resUpdate = mysql_query($qryUpdate); return $resUpdate ? true : false; }
/** * Returns all accounts with pagination * * @param array $data * @param int $perPage * @return mixed */ public function search(array $data, $perPage = 10) { $model = $this->getNew(); if (isset($data['perPage'])) { $perPage = (int) $data['perPage'] < 1 || (int) $data['perPage'] > 10 ? 10 : $data['perPage']; } if (isset($data['username'])) { $username = dbEscape($data['username']); $model = $model->where('login', 'LIKE', '%' . $username . '%'); } if (isset($data['email'])) { $email = dbEscape($data['email']); $model = $model->where('email', 'LIKE', '%' . $email . '%'); } return $model->paginate($perPage); }
break; } if ($ok) { $sets[dbEscape($sqlname)] = $content; } } else { $deletes[] = "'" . dbEscape($sqlname) . "'"; } } } // Set fields that were submitted with custom value if (count($sets)) { // Escape variable names for save use inside below SQL IN query $sqlset = array(); foreach (array_keys($sets) as $var) { $sqlset[] = "'" . dbEscape($var) . "'"; } // Fetch current rows in config file so we know which one to UPDATE and which one to INSERT $in_db_rows = dbFetchRows('SELECT * FROM `config` WHERE `config_key` IN (' . implode(',', $sqlset) . ')'); foreach ($in_db_rows as $index => $row) { $in_db[$row['config_key']] = $row['config_value']; } foreach ($sets as $key => $value) { if (isset($in_db[$key])) { // Already present in DB, update row if (serialize($value) != $in_db[$key]) { // Submitted value is different from current value dbUpdate(array('config_value' => serialize($value)), 'config', '`config_key` = ?', array($key)); $updates++; } } else {
// This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // if (!canView('Events')) { $view = "error"; return; } $sql = "select E.*,M.Name as MonitorName,M.Width,M.Height from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '" . dbEscape($_REQUEST['eid']) . "'"; $event = dbFetchOne($sql); $sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '" . dbEscape($_REQUEST['eid']) . "' order by FrameId"; $frames = dbFetchAll($sql); $focusWindow = true; xhtmlHeaders(__FILE__, $SLANG['Frames'] . " - " . $event['Id']); ?> <body> <div id="page"> <div id="header"> <div id="headerButtons"><a href="#" onclick="closeWindow();"><?php echo $SLANG['Close']; ?> </a></div> <h2><?php echo $SLANG['Frames']; ?> - <?php
$view = "error"; return; } $eid = validInt($_REQUEST['eid']); if (!empty($_REQUEST['fid'])) { $fid = validInt($_REQUEST['fid']); } $sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '" . dbEscape($eid) . "'"; $event = dbFetchOne($sql); if (!empty($fid)) { $sql = "select * from Frames where EventId = '" . dbEscape($eid) . "' and FrameId = '" . dbEscape($fid) . "'"; if (!($frame = dbFetchOne($sql))) { $frame = array('FrameId' => $fid, 'Type' => 'Normal', 'Score' => 0); } } else { $frame = dbFetchOne("select * from Frames where EventId = '" . dbEscape($eid) . "' and Score = '" . $event['MaxScore'] . "'"); } $maxFid = $event['Frames']; $firstFid = 1; $prevFid = $frame['FrameId'] - 1; $nextFid = $frame['FrameId'] + 1; $lastFid = $maxFid; $alarmFrame = $frame['Type'] == 'Alarm'; if (isset($_REQUEST['scale'])) { $scale = validInt($_REQUEST['scale']); } else { $scale = max(reScale(SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE), SCALE_BASE); } $imageData = getImageSrc($event, $frame, $scale, isset($_REQUEST['show']) && $_REQUEST['show'] == "capt"); $imagePath = $imageData['thumbPath']; $eventPath = $imageData['eventPath'];
// This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // if (!canView('Stream')) { $view = "error"; return; } $groupSql = ""; if (!empty($_REQUEST['group'])) { $sql = "select * from Groups where Id = '" . dbEscape($_REQUEST['group']) . "'"; $row = dbFetchOne($sql); $groupSql = " and find_in_set( Id, '" . $row['MonitorIds'] . "' )"; } $sql = "select * from Monitors where Function != 'None'{$groupSql} order by Sequence"; $maxWidth = 0; $maxHeight = 0; $showControl = false; $index = 0; $monitors = array(); foreach (dbFetchAll($sql) as $row) { if (!visibleMonitor($row['Id'])) { continue; } if (isset($_REQUEST['scale'])) { $scale = validInt($_REQUEST['scale']);
function dbFetchGroup($gid) { return dbFetchOne("select * from Groups where Id = '" . dbEscape($gid) . "'"); }
// if (!canEdit('Events')) { $view = "error"; return; } if (isset($_REQUEST['eid'])) { $mode = 'single'; $eid = validInt($_REQUEST['eid']); $sql = "select E.* from Events as E where E.Id = '" . dbEscape($eid) . "'"; $newEvent = dbFetchOne($sql); } elseif (isset($_REQUEST['eids'])) { $mode = 'multi'; $sql = "select E.* from Events as E where "; $sqlWhere = array(); foreach ($_REQUEST['eids'] as $eid) { $sqlWhere[] = "E.Id = '" . dbEscape($eid) . "'"; } unset($eid); $sql .= join(" or ", $sqlWhere); foreach (dbFetchAll($sql) as $row) { if (!isset($newEvent)) { $newEvent = $row; } else { if ($newEvent['Cause'] && $newEvent['Cause'] != $row['Cause']) { $newEvent['Cause'] = ""; } if ($newEvent['Notes'] && $newEvent['Notes'] != $row['Notes']) { $newEvent['Notes'] = ""; } } }
function getNearEvents() { global $user, $sortColumn, $sortOrder; $eventId = dbEscape($_REQUEST['id']); $event = dbFetchOne("select * from Events where Id = '" . $eventId . "'"); parseFilter($_REQUEST['filter']); parseSort(); if ($user['MonitorIds']) { $midSql = " and MonitorId in (" . join(",", preg_split('/["\'\\s]*,["\'\\s]*/', $user['MonitorIds'])) . ")"; } else { $midSql = ''; } $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where " . dbEscape($sortColumn) . " " . ($sortOrder == 'asc' ? '<=' : '>=') . " '" . $event[$_REQUEST['sort_field']] . "'" . $_REQUEST['filter']['sql'] . $midSql . " order by {$sortColumn} " . ($sortOrder == 'asc' ? 'desc' : 'asc'); $result = dbQuery($sql); while ($id = dbFetchNext($result, 'Id')) { if ($id == $eventId) { $prevId = dbFetchNext($result, 'Id'); break; } } $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where {$sortColumn} " . ($sortOrder == 'asc' ? '>=' : '<=') . " '" . $event[$_REQUEST['sort_field']] . "'" . $_REQUEST['filter']['sql'] . $midSql . " order by {$sortColumn} {$sortOrder}"; $result = dbQuery($sql); while ($id = dbFetchNext($result, 'Id')) { if ($id == $eventId) { $nextId = dbFetchNext($result, 'Id'); break; } } $result = array('EventId' => $eventId); $result['PrevEventId'] = empty($prevId) ? 0 : $prevId; $result['NextEventId'] = empty($nextId) ? 0 : $nextId; return $result; }
$optUnits = array(); foreach (getEnumValues('Zones', 'Units') as $optUnit) { $optUnits[$optUnit] = $optUnit; } $optCheckMethods = array(); foreach (getEnumValues('Zones', 'CheckMethod') as $optCheckMethod) { $optCheckMethods[$optCheckMethod] = $optCheckMethod; } $monitor = dbFetchMonitor($mid); $minX = 0; $maxX = $monitor['Width'] - 1; $minY = 0; $maxY = $monitor['Height'] - 1; if (!isset($newZone)) { if ($zid > 0) { $zone = dbFetchOne("select * from Zones where MonitorId = '" . dbEscape($monitor['Id']) . "' and Id = '" . dbEscape($zid) . "'"); } else { $zone = array('Name' => $SLANG['New'], 'Id' => 0, 'MonitorId' => $monitor['Id'], 'NumCoords' => 4, 'Coords' => sprintf("%d,%d %d,%d, %d,%d %d,%d", $minX, $minY, $maxX, $minY, $maxX, $maxY, $minX, $maxY), 'Area' => $monitor['Width'] * $monitor['Height'], 'AlarmRGB' => 0xff0000, 'CheckMethod' => 'Blobs', 'MinPixelThreshold' => '', 'MaxPixelThreshold' => '', 'MinAlarmPixels' => '', 'MaxAlarmPixels' => '', 'FilterX' => '', 'FilterY' => '', 'MinFilterPixels' => '', 'MaxFilterPixels' => '', 'MinBlobPixels' => '', 'MaxBlobPixels' => '', 'MinBlobs' => '', 'MaxBlobs' => '', 'OverloadFrames' => ''); } $zone['Points'] = coordsToPoints($zone['Coords']); $newZone = $zone; } //if ( !$points ) //{ //$points = $zone['Points']; //} ksort($newZone['Points'], SORT_NUMERIC); $newZone['Coords'] = pointsToCoords($newZone['Points']); $newZone['Area'] = getPolyArea($newZone['Points']); $selfIntersecting = isSelfIntersecting($newZone['Points']); $wd = getcwd();
/** * Find similar articles * * @param array $keywords * @param string $slug * @param string $type * @param int $max * @return mixed */ public function findSimilar(array $keywords, $slug, $type = 'title', $max = 5) { $query = $this->model; $query = $query->where(function ($query) use($type, $keywords) { foreach ($keywords as $keyword) { $query = $query->orWhere($type, 'LIKE', '%' . dbEscape($keyword) . '%'); } return $query; }); $query = $query->where('slug', '!=', $slug); return $this->convert($query->take($max)->get()); }
id, player_id, seed, processed, ip, host, urlargs ) VALUES( \'\', \'' . (int) dbEscape($playerID) . '\', \'' . dbEscape($gameSeed) . '\', NOW(), \'' . dbEscape($playerIP) . '\', \'' . dbEscape($playerHost) . '\', \'' . dbEscape($gameArgs) . '\' )'; $resGame = mysql_query($qryGame); $gameID = mysql_insert_id(); ?> <newgame> <id><?php echo xmlEscape($gameID); ?> </id> <seed><?php echo xmlEscape($gameSeed); ?> </seed> </newgame>
<?php $content_tpl->set_block("F_CONTENT", "B_MESSAGE_LOGGED_IN", "H_MESSAGE_LOGGED_IN"); $content_tpl->set_block("F_CONTENT", "B_MESSAGE", "H_MESSAGE"); $content_tpl->set_block("F_CONTENT", "B_WARNING_LOGIN_FAILED", "H_WARNING_LOGIN_FAILED"); $content_tpl->set_block("F_CONTENT", "B_WARNING_USERNAME", "H_WARNING_USERNAME"); $content_tpl->set_block("F_CONTENT", "B_WARNING", "H_WARNING"); $username = dbEscape($_REQUEST['username']); $users_ref = dbQuery("SELECT * FROM `{$cfg['db_table_prefix']}users` " . "WHERE `username` = '{$username}'"); if ($users_row = dbFetch($users_ref)) { $password = crypt($_REQUEST['password'], substr($users_row['password'], 0, 2)); if ($password == $users_row['password']) { // Set cookie if (isset($_REQUEST['remember'])) { // Expiration in 1 year $expire = time() + 3600 * 24 * 365; } else { // Session cookie expiration $expire = null; } $user_id_md5 = serialize(array($users_row['id'], md5($password))); setcookie("user_id", $user_id_md5, $expire, $cfg['path']); setUser($user_id_md5); $content_tpl->parse("H_MESSAGE_LOGGED_IN", "B_MESSAGE_LOGGED_IN"); $content_tpl->parse("H_MESSAGE", "B_MESSAGE"); } else { $content_tpl->parse("H_WARNING_LOGIN_FAILED", "B_WARNING_LOGIN_FAILED"); $content_tpl->parse("H_WARNING", "B_WARNING"); } } else { $content_tpl->parse("H_WARNING_LOGIN_FAILED", "B_WARNING_LOGIN_FAILED");
setcookie("zmGroup", "", time() - 3600 * 24 * 2); $refreshParent = true; } } } } } else { if (ZM_USER_SELF_EDIT && $action == "user") { $uid = $user['Id']; $dbUser = dbFetchOne("select Id, Password, Language from Users where Id = '" . dbEscape($uid) . "'"); $types = array(); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); if (!empty($_REQUEST['newUser']['Password'])) { $changes['Password'] = "******" . dbEscape($_REQUEST['newUser']['Password']) . "')"; } else { unset($changes['Password']); } if (count($changes)) { $sql = "update Users set " . implode(", ", $changes) . " where Id = '" . dbEscape($uid) . "'"; dbQuery($sql); $refreshParent = true; } $view = 'none'; } } if ($action == "reset") { $_SESSION['zmEventResetTime'] = strftime(STRF_FMT_DATETIME_DB); setcookie("zmEventResetTime", $_SESSION['zmEventResetTime'], time() + 3600 * 24 * 30 * 12 * 10); //if ( $cookies ) session_write_close(); } }
// of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // if (!canView('Stream')) { $view = "error"; return; } $sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '" . dbEscape($_REQUEST['mid']) . "'"; $monitor = dbFetchOne($sql); if (isset($_REQUEST['control'])) { $control = validInt($_REQUEST['control']); } else { $control = canView('Control') && $monitor['DefaultView'] == 'Control'; } $showPtzControls = ZM_OPT_CONTROL && $monitor['Controllable'] && canView('Control'); if (isset($_REQUEST['scale'])) { $scale = validInt($_REQUEST['scale']); } else { $scale = reScale(SCALE_BASE, $monitor['DefaultScale'], ZM_WEB_DEFAULT_SCALE); } $connkey = generateConnKey(); if (ZM_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT) { $streamMode = "mpeg";
$content_tpl->set_var("I_USERNAME", htmlspecialchars($comments_row['username'])); if ($user['usertype_admin']) { $ip = $comments_row['ip']; } else { $ip = preg_replace("/(.*\\.).*/", "\$1xxx", $comments_row['ip']); } $content_tpl->set_var("I_IP", htmlspecialchars($ip)); $content_tpl->set_var("I_BODY", nl2br(htmlspecialchars($comments_row['body']))); $content_tpl->set_var("I_SUBMITTED", htmlspecialchars($comments_row['submitted'])); if ($user['usertype_admin'] == 1) { $ip = $comments_row['ip']; $content_tpl->set_var("I_IP", htmlspecialchars($ip)); $content_tpl->set_var("I_ID_SEASON", $season['id']); $content_tpl->parse("H_BANS", "B_BANS"); } $username = dbEscape($comments_row['username']); $users_ref = dbQuery("SELECT * FROM `{$cfg['db_table_prefix']}users` WHERE `username` = '{$username}'"); $users_row = dbFetch($users_ref); $content_tpl->set_var("I_ID_USER", $users_row['id']); $content_tpl->parse("H_VIEW_COMMENT", "B_VIEW_COMMENT", true); $counter++; } } $content_tpl->parse("H_VIEW_COMMENTS", "B_VIEW_COMMENTS"); $content_tpl->set_var("I_BODY", ""); if ($user['uid']) { $content_tpl->set_var("I_ID_SEASON", $season['id']); $content_tpl->parse("H_ADD_COMMENT", "B_ADD_COMMENT"); } else { $content_tpl->parse("H_LOGIN_TO_COMMENT", "B_LOGIN_TO_COMMENT"); }
function parseFilter(&$filter, $saveToSession = false, $querySep = '&') { $filter['query'] = ''; $filter['sql'] = ''; $filter['fields'] = ''; if (isset($filter['terms']) && count($filter['terms'])) { for ($i = 0; $i < count($filter['terms']); $i++) { if (isset($filter['terms'][$i]['cnj'])) { $filter['query'] .= $querySep . "filter[terms][{$i}][cnj]=" . urlencode($filter['terms'][$i]['cnj']); $filter['sql'] .= " " . $filter['terms'][$i]['cnj'] . " "; $filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][{$i}][cnj]\" value=\"" . htmlspecialchars($filter['terms'][$i]['cnj']) . "\"/>\n"; } if (isset($filter['terms'][$i]['obr'])) { $filter['query'] .= $querySep . "filter[terms][{$i}][obr]=" . urlencode($filter['terms'][$i]['obr']); $filter['sql'] .= " " . str_repeat("(", $filter['terms'][$i]['obr']) . " "; $filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][{$i}][obr]\" value=\"" . htmlspecialchars($filter['terms'][$i]['obr']) . "\"/>\n"; } if (isset($filter['terms'][$i]['attr'])) { $filter['query'] .= $querySep . "filter[terms][{$i}][attr]=" . urlencode($filter['terms'][$i]['attr']); $filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][{$i}][attr]\" value=\"" . htmlspecialchars($filter['terms'][$i]['attr']) . "\"/>\n"; switch ($filter['terms'][$i]['attr']) { case 'MonitorName': $filter['sql'] .= 'M.' . preg_replace('/^Monitor/', '', $filter['terms'][$i]['attr']); break; case 'DateTime': $filter['sql'] .= "E.StartTime"; break; case 'Date': $filter['sql'] .= "to_days( E.StartTime )"; break; case 'Time': $filter['sql'] .= "extract( hour_second from E.StartTime )"; break; case 'Weekday': $filter['sql'] .= "weekday( E.StartTime )"; break; case 'Id': case 'Name': case 'MonitorId': case 'Length': case 'Frames': case 'AlarmFrames': case 'TotScore': case 'AvgScore': case 'MaxScore': case 'Cause': case 'Notes': case 'Archived': $filter['sql'] .= 'E.' . $filter['terms'][$i]['attr']; break; case 'DiskPercent': $filter['sql'] .= getDiskPercent(); break; case 'DiskBlocks': $filter['sql'] .= getDiskBlocks(); break; case 'SystemLoad': $filter['sql'] .= getLoad(); break; } $valueList = array(); foreach (preg_split('/["\'\\s]*?,["\'\\s]*?/', preg_replace('/^["\']+?(.+)["\']+?$/', '$1', $filter['terms'][$i]['val'])) as $value) { switch ($filter['terms'][$i]['attr']) { case 'MonitorName': case 'Name': case 'Cause': case 'Notes': $value = dbEscape($value); break; case 'DateTime': $value = "'" . strftime(STRF_FMT_DATETIME_DB, strtotime($value)) . "'"; break; case 'Date': $value = "to_days( '" . strftime(STRF_FMT_DATETIME_DB, strtotime($value)) . "' )"; break; case 'Time': $value = "extract( hour_second from '" . strftime(STRF_FMT_DATETIME_DB, strtotime($value)) . "' )"; break; default: $value = dbEscape($value); break; } $valueList[] = $value; } switch ($filter['terms'][$i]['op']) { case '=': case '!=': case '>=': case '>': case '<': case '<=': $filter['sql'] .= " " . $filter['terms'][$i]['op'] . " {$value}"; break; case '=~': $filter['sql'] .= " regexp " . $value; break; case '!~': $filter['sql'] .= " not regexp " . $value; break; case '=[]': $filter['sql'] .= " in (" . join(",", $valueList) . ")"; break; case '![]': $filter['sql'] .= " not in (" . join(",", $valueList) . ")"; break; } $filter['query'] .= $querySep . "filter[terms][{$i}][op]=" . urlencode($filter['terms'][$i]['op']); $filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][{$i}][op]\" value=\"" . htmlspecialchars($filter['terms'][$i]['op']) . "\"/>\n"; $filter['query'] .= $querySep . "filter[terms][{$i}][val]=" . urlencode($filter['terms'][$i]['val']); $filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][{$i}][val]\" value=\"" . htmlspecialchars($filter['terms'][$i]['val']) . "\"/>\n"; } if (isset($filter['terms'][$i]['cbr'])) { $filter['query'] .= $querySep . "filter[terms][{$i}][cbr]=" . urlencode($filter['terms'][$i]['cbr']); $filter['sql'] .= " " . str_repeat(")", $filter['terms'][$i]['cbr']) . " "; $filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][{$i}][cbr]\" value=\"" . htmlspecialchars($filter['terms'][$i]['cbr']) . "\"/>\n"; } } if ($filter['sql']) { $filter['sql'] = " and ( " . $filter['sql'] . " )"; } if ($saveToSession) { $_SESSION['filter'] = $filter; } } }
$content_tpl->set_block("F_CONTENT", "B_MESSAGE", "H_MESSAGE"); $content_tpl->set_block("F_CONTENT", "B_WARNING_NO_ACCESS", "H_WARNING_NO_ACCESS"); $content_tpl->set_block("F_CONTENT", "B_WARNING_SEASON_NAME", "H_WARNING_SEASON_NAME"); $content_tpl->set_block("F_CONTENT", "B_WARNING_UNIQUE_SEASON_NAME", "H_WARNING_UNIQUE_SEASON_NAME"); $content_tpl->set_block("F_CONTENT", "B_WARNING", "H_WARNING"); $content_tpl->set_block("F_CONTENT", "B_BACK", "H_BACK"); $content_tpl->set_block("F_CONTENT", "B_BACK_OVERVIEW", "H_BACK_OVERVIEW"); // Access for root only if ($user['usertype_root']) { $is_complete = 1; if ($_REQUEST['season_name'] == "") { $is_complete = 0; $content_tpl->parse("H_WARNING_SEASON_NAME", "B_WARNING_SEASON_NAME"); } $id_season = intval($_REQUEST['opt']); $season_name = dbEscape($_REQUEST['season_name']); $seasons_ref = dbQuery("SELECT * FROM `{$cfg['db_table_prefix']}seasons` " . "WHERE `name` = '{$season_name}' AND `id` <> {$id_season} AND `deleted` = 0"); if (dbNumRows($seasons_ref) == 1) { $is_complete = 0; $content_tpl->parse("H_WARNING_UNIQUE_SEASON_NAME", "B_WARNING_UNIQUE_SEASON_NAME"); } if ($is_complete) { dbQuery("UPDATE `{$cfg['db_table_prefix']}seasons` SET " . "`name` = '{$season_name}' " . "WHERE `id` = {$id_season}"); $content_tpl->parse("H_MESSAGE_SEASON_EDITED", "B_MESSAGE_SEASON_EDITED"); $content_tpl->parse("H_MESSAGE", "B_MESSAGE"); $content_tpl->set_var("I_ID_SEASON", $season['id']); $content_tpl->parse("H_BACK_OVERVIEW", "B_BACK_OVERVIEW"); } if (!$is_complete) { $content_tpl->parse("H_WARNING", "B_WARNING"); $content_tpl->parse("H_BACK", "B_BACK");
$content_tpl->set_block("F_CONTENT", "B_MESSAGE_MAP_ADDED", "H_MESSAGE_MAP_ADDED"); $content_tpl->set_block("F_CONTENT", "B_MESSAGE", "H_MESSAGE"); $content_tpl->set_block("F_CONTENT", "B_WARNING_NO_ACCESS", "H_WARNING_NO_ACCESS"); $content_tpl->set_block("F_CONTENT", "B_WARNING_MAP", "H_WARNING_MAP"); $content_tpl->set_block("F_CONTENT", "B_WARNING", "H_WARNING"); $content_tpl->set_block("F_CONTENT", "B_BACK", "H_BACK"); $content_tpl->set_block("F_CONTENT", "B_BACK_OVERVIEW", "H_BACK_OVERVIEW"); // Access for headadmins only if ($user['usertype_headadmin']) { $is_complete = 1; if ($_REQUEST['map'] == "") { $is_complete = 0; $content_tpl->parse("H_WARNING_MAP", "B_WARNING_MAP"); } if ($is_complete) { $map = dbEscape($_REQUEST['map']); dbQuery("INSERT INTO `{$cfg['db_table_prefix']}mappool` (`map`, `id_season`) " . "VALUES ('{$map}', {$season['id']})"); $content_tpl->parse("H_MESSAGE_MAP_ADDED", "B_MESSAGE_MAP_ADDED"); $content_tpl->parse("H_MESSAGE", "B_MESSAGE"); $content_tpl->set_var("I_ID_SEASON", $season['id']); $content_tpl->parse("H_BACK_OVERVIEW", "B_BACK_OVERVIEW"); } if (!$is_complete) { if (isset($_REQUEST['map'])) { $content_tpl->set_var("I_MAP", htmlspecialchars($_REQUEST['map'])); } $content_tpl->parse("H_WARNING", "B_WARNING"); $content_tpl->parse("H_BACK", "B_BACK"); } } else { $content_tpl->parse("H_WARNING_NO_ACCESS", "B_WARNING_NO_ACCESS");
// GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // if (!canView('Events')) { $view = "error"; return; } $sql = "select * from Monitors"; foreach (dbFetchAll($sql) as $row) { $monitors[$row['Id']] = $row; } if (isset($_REQUEST['filterName'])) { $dbFilter = dbFetchOne("select * from Filters where Name = '" . dbEscape($_REQUEST['filterName']) . "'"); $_REQUEST['filter'] = jsonDecode($dbFilter['Query']); $_REQUEST['sort_field'] = isset($_REQUEST['filter']['sort_field']) ? $_REQUEST['filter']['sort_field'] : "DateTime"; $_REQUEST['sort_asc'] = isset($_REQUEST['filter']['sort_asc']) ? $_REQUEST['filter']['sort_asc'] : "1"; $_REQUEST['limit'] = isset($_REQUEST['filter']['limit']) ? $_REQUEST['filter']['limit'] : ""; unset($_REQUEST['filter']['sort_field']); unset($_REQUEST['filter']['sort_asc']); unset($_REQUEST['filter']['limit']); } if (empty($_REQUEST['sort_field'])) { $_REQUEST['sort_field'] = "DateTime"; } if (empty($_REQUEST['sort_asc'])) { $_REQUEST['sort_asc'] = "1"; } $countSql = "select count(E.Id) as EventCount from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where";
,'Table'=> "GivProj" ,'PK'=> 'Id' ,'Sync'=> 'undefined' ,'NewFields'=> 'GiverId,StartDt,KrMon,ProjectId,LastPayment,LastPaymentTot,PaidTot,OneTimePromise,OneTimePromisePaid,LastYearSi,Status,Db' ,'EditFields'=> 'GiverId,StartDt,KrMon,ProjectId,LastPayment,LastPaymentTot,PaidTot,OneTimePromise,OneTimePromisePaid,LastYearSi,Status,Db' ,'FieldTypes'=>'undefined' ,'Cascade'=> '' ,'CascadeSQL'=> '' )); if (isset($dataSources[$IN['datasource']])) { $dsname = $IN['datasource']; $datasource = $dataSources[$dsname]; if ($IN['Action'] == "UpdateNew") { $db = dbConnect(''); //find out if this is an update or a new.... $sql = "select count(${datasource['Sync']}) from ${datasource['Table']} where ${datasource['Sync']}='".dbEscape($IN[$datasource['Sync']])."'"; print $sql; $result = dbQuery($db,$sql); if ($datasource['Type'] == 'sqlite') { $row = sqlite_fetch_array($result, SQLITE_NUM); if ($row[0] ==0) { $IN['Action'] = 'New'; } else { $IN['Action'] = 'UpdateFields'; } } } switch($datasource['Type']) { case 'sqlite': switch($IN['Action']) { case "New":
} else { $is_complete = 1; if ($_REQUEST['round'] == "") { $is_complete = 0; $content_tpl->parse("H_WARNING_ROUND", "B_WARNING_ROUND"); } if (!preg_match("/\\d\\d\\d\\d-\\d\\d-\\d\\d/", $_REQUEST['deadline'])) { $is_complete = 0; $content_tpl->parse("H_WARNING_DEADLINE", "B_WARNING_DEADLINE"); } if ($is_complete) { $id_deadline = intval($_REQUEST['opt']); $round = dbEscape($_REQUEST['round']); $deadlines_ref = dbQuery("SELECT * FROM `{$cfg['db_table_prefix']}deadlines` " . "WHERE `id_season` = {$season['id']} AND `round` = '{$round}' AND `id` <> {$id_deadline}"); if (dbNumRows($deadlines_ref) == 0) { $deadline = dbEscape($_REQUEST['deadline']); dbQuery("UPDATE `{$cfg['db_table_prefix']}deadlines` SET `round` = '{$round}', `deadline` = '{$deadline}' " . "WHERE `id` = {$id_deadline}"); $content_tpl->parse("H_MESSAGE_DEADLINE_EDITED", "B_MESSAGE_DEADLINE_EDITED"); $content_tpl->parse("H_MESSAGE", "B_MESSAGE"); $content_tpl->set_var("I_ID_SEASON", $season['id']); $content_tpl->parse("H_BACK_OVERVIEW", "B_BACK_OVERVIEW"); } else { $is_complete = 0; $content_tpl->parse("H_WARNING_UNIQUE_ROUND", "B_WARNING_UNIQUE_ROUND"); $content_tpl->parse("H_WARNING", "B_WARNING"); } } if (!$is_complete) { $content_tpl->parse("H_WARNING", "B_WARNING"); $content_tpl->parse("H_BACK", "B_BACK"); }
function discover_neighbour($protocol, $local_port_id, $neighbour) { $port = get_port_by_id_cache($local_port_id); print_debug("Discover neighbour: " . $port['device_id'] . " -> {$protocol}, {$local_port_id}, " . implode(', ', $neighbour)); $neighbour['protocol'] = $protocol; $params = array('protocol', 'remote_port_id', 'remote_hostname', 'remote_port', 'remote_platform', 'remote_version', 'remote_address'); $neighbour_db = dbFetchRow("SELECT * FROM `neighbours` WHERE `port_id` = ? AND `protocol` = ? AND `remote_hostname` = ? AND `remote_port` = ?", array($local_port_id, $protocol, $neighbour['remote_hostname'], $neighbour['remote_port'])); if (!isset($neighbour_db['neighbour_id'])) { $update = array('port_id' => $local_port_id); foreach ($params as $param) { $update[$param] = $neighbour[$param]; if ($neighbour[$param] == NULL) { $update[$param] = array('NULL'); } } $id = dbInsert($update, 'neighbours'); $GLOBALS['module_stats']['neighbours']['added']++; //echo('+'); } else { $update = array(); foreach ($params as $param) { if (dbEscape($neighbour[$param]) != $neighbour_db[$param]) { $update[$param] = $neighbour[$param]; } } if (count($update)) { dbUpdate($update, 'neighbours', '`neighbour_id` = ?', array($neighbour_db['neighbour_id'])); $GLOBALS['module_stats']['neighbours']['updated']++; //echo('U'); } else { $GLOBALS['module_stats']['neighbours']['unchanged']++; //echo('.'); } } $GLOBALS['valid']['neighbours'][$local_port_id][$neighbour['remote_hostname']][$neighbour['remote_port']] = 1; }
function exportFileList($eid, $exportDetail, $exportFrames, $exportImages, $exportVideo, $exportMisc) { if (canView('Events') && $eid) { $sql = "select E.Id,E.MonitorId,M.Name As MonitorName,M.Width,M.Height,E.Name,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where E.Id = '" . dbEscape($eid) . "'"; $event = dbFetchOne($sql); $eventPath = mygetEventPath($event); $files = array(); if ($dir = opendir($eventPath)) { while (($file = readdir($dir)) !== false) { if (is_file($eventPath . "/" . $file)) { $files[$file] = $file; } } closedir($dir); } $exportFileList = array(); if ($exportDetail) { $file = "zmEventDetail.html"; if (!($fp = fopen($eventPath . "/" . $file, "w"))) { Fatal("Can't open event detail export file '{$file}'"); } fwrite($fp, exportEventDetail($event, $exportFrames, $exportImages)); fclose($fp); $exportFileList[$file] = $eventPath . "/" . $file; } if ($exportFrames) { $file = "zmEventFrames.html"; if (!($fp = fopen($eventPath . "/" . $file, "w"))) { Fatal("Can't open event frames export file '{$file}'"); } fwrite($fp, exportEventFrames($event, $exportDetail, $exportImages)); fclose($fp); $exportFileList[$file] = $eventPath . "/" . $file; } if ($exportImages) { $filesLeft = array(); $myfilelist = array(); foreach ($files as $file) { if (preg_match("/-(?:capture|analyse).jpg\$/", $file)) { $exportFileList[$file] = $eventPath . "/" . $file; $myfilelist[$file] = $eventPath . "/" . $file; } else { $filesLeft[$file] = $file; } } $files = $filesLeft; // create an image slider if (!empty($myfilelist)) { $file = "zmEventImages.html"; if (!($fp = fopen($eventPath . "/" . $file, "w"))) { Fatal("Can't open event images export file '{$file}'"); } fwrite($fp, exportEventImages($event, $exportDetail, $exportFrames, $myfilelist)); fclose($fp); $exportFileList[$file] = $eventPath . "/" . $file; } } if ($exportVideo) { $filesLeft = array(); foreach ($files as $file) { if (preg_match("/\\.(?:mpg|mpeg|avi|asf|3gp)\$/", $file)) { $exportFileList[$file] = $eventPath . "/" . $file; } else { $filesLeft[$file] = $file; } } $files = $filesLeft; } if ($exportMisc) { foreach ($files as $file) { $exportFileList[$file] = $eventPath . "/" . $file; } $files = array(); } } return array_values($exportFileList); }
if ($_REQUEST['gid'] == $_COOKIE['zmGroup']) { unset($_COOKIE['zmGroup']); setcookie("zmGroup", "", time() - 3600 * 24 * 2); $refreshParent = true; } } } } } else { if (ZM_USER_SELF_EDIT && $action == "user") { $uid = $user['Id']; $dbUser = dbFetchOne("select Id, Password, Language from Users where Id = ?", NULL, array($uid)); $types = array(); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); if (!empty($_REQUEST['newUser']['Password'])) { $changes['Password'] = "******" . dbEscape($_REQUEST['newUser']['Password']) . ")"; } else { unset($changes['Password']); } if (count($changes)) { dbQuery("update Users set " . implode(", ", $changes) . " where Id=?", array($uid)); $refreshParent = true; } $view = 'none'; } } if ($action == "reset") { $_SESSION['zmEventResetTime'] = strftime(STRF_FMT_DATETIME_DB); setcookie("zmEventResetTime", $_SESSION['zmEventResetTime'], time() + 3600 * 24 * 30 * 12 * 10); //if ( $cookies ) session_write_close(); }
function doesIdExist($slideshowId) { $count = dbCountRows("SELECT id FROM slideshows WHERE id='" . dbEscape($slideshowId) . "';"); return $count > 0; }
$news_row = dbFetch($news_ref); // Access for headadmins [public / private news] // Access for admins [public / private news that they wrote themselves] if ($user['usertype_headadmin'] or $user['uid'] == $news_row['id_user']) { $is_complete = 1; if ($_REQUEST['heading'] == "") { $is_complete = 0; $content_tpl->parse("H_WARNING_HEADING", "B_WARNING_HEADING"); } if ($_REQUEST['body'] == "") { $is_complete = 0; $content_tpl->parse("H_WARNING_BODY", "B_WARNING_BODY"); } if ($is_complete) { $heading = dbEscape($_REQUEST['heading']); $body = dbEscape($_REQUEST['body']); dbQuery("UPDATE `{$cfg['db_table_prefix']}news` " . "SET `heading` = '{$heading}', " . "`body` = '{$body}' " . "WHERE `id` = {$news_row['id']}"); $content_tpl->parse("H_MESSAGE_NEWS_EDITED", "B_MESSAGE_NEWS_EDITED"); $content_tpl->parse("H_MESSAGE", "B_MESSAGE"); $content_tpl->set_var("I_ID_SEASON", $season['id']); $content_tpl->set_var("I_OPT", $news_row['id_news_group']); $content_tpl->parse("H_BACK_OVERVIEW", "B_BACK_OVERVIEW"); } if (!$is_complete) { $content_tpl->parse("H_WARNING", "B_WARNING"); $content_tpl->parse("H_BACK", "B_BACK"); } } else { $content_tpl->parse("H_WARNING_NO_ACCESS", "B_WARNING_NO_ACCESS"); $content_tpl->parse("H_WARNING", "B_WARNING"); }
<?php require_once 'includes/control_functions.php'; // Monitor control actions, require a monitor id and control view permissions for that monitor if (empty($_REQUEST['id'])) { ajaxError("No monitor id supplied"); } if (canView('Control', $_REQUEST['id'])) { $monitor = dbFetchOne("select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id ) where M.Id = '" . dbEscape($_REQUEST['id']) . "'"); $ctrlCommand = buildControlCommand($monitor); if ($ctrlCommand) { $socket = socket_create(AF_UNIX, SOCK_STREAM, 0); if (!$socket) { ajaxError("socket_create() failed: " . socket_strerror(socket_last_error())); } $sock_file = ZM_PATH_SOCKS . '/zmcontrol-' . $monitor['Id'] . '.sock'; if (@socket_connect($socket, $sock_file)) { $options = array(); foreach (explode(" ", $ctrlCommand) as $option) { if (preg_match('/--([^=]+)(?:=(.+))?/', $option, $matches)) { $options[$matches[1]] = !empty($matches[2]) ? $matches[2] : 1; } } $option_string = jsonEncode($options); if (!socket_write($socket, $option_string)) { ajaxError("socket_write() failed: " . socket_strerror(socket_last_error())); } ajaxResponse('Used socket'); //socket_close( $socket ); } else { $ctrlCommand .= " --id=" . $monitor['Id'];
// You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // /* * console.php is updated by Jai Dhar, FPS-Tech, for use with eyeZm * iPhone application. This is not intended for use with any other applications, * although source-code is provided under GPL. * * For questions, please email support@eyezm.com (http://www.eyezm.com) * */ $eventCounts = array(array("title" => $SLANG['Events'], "filter" => array("terms" => array())), array("title" => $SLANG['Hour'], "filter" => array("terms" => array(array("attr" => "Archived", "op" => "=", "val" => "0"), array("cnj" => "and", "attr" => "DateTime", "op" => ">=", "val" => "-1 hour")))), array("title" => $SLANG['Day'], "filter" => array("terms" => array(array("attr" => "Archived", "op" => "=", "val" => "0"), array("cnj" => "and", "attr" => "DateTime", "op" => ">=", "val" => "-1 day")))), array("title" => $SLANG['Week'], "filter" => array("terms" => array(array("attr" => "Archived", "op" => "=", "val" => "0"), array("cnj" => "and", "attr" => "DateTime", "op" => ">=", "val" => "-7 day")))), array("title" => $SLANG['Month'], "filter" => array("terms" => array(array("attr" => "Archived", "op" => "=", "val" => "0"), array("cnj" => "and", "attr" => "DateTime", "op" => ">=", "val" => "-1 month")))), array("title" => $SLANG['Archived'], "filter" => array("terms" => array(array("attr" => "Archived", "op" => "=", "val" => "1"))))); $running = daemonCheck(); $status = $running ? $SLANG['Running'] : $SLANG['Stopped']; if ($group = dbFetchOne("select * from Groups where Id = '" . (empty($_COOKIE['zmGroup']) ? 0 : dbEscape($_COOKIE['zmGroup'])) . "'")) { $groupIds = array_flip(split(',', $group['MonitorIds'])); } $maxWidth = 0; $maxHeight = 0; $cycleCount = 0; $minSequence = 0; $maxSequence = 1; $seqIdList = array(); $monitors = dbFetchAll("select * from Monitors order by Sequence asc"); $displayMonitors = array(); for ($i = 0; $i < count($monitors); $i++) { if (!visibleMonitor($monitors[$i]['Id'])) { continue; } if ($group && !empty($groupIds) && !array_key_exists($monitors[$i]['Id'], $groupIds)) {
// GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // if (!canView('Events')) { $view = "error"; return; } if (!empty($user['MonitorIds'])) { $midSql = " and MonitorId in (" . join(",", preg_split('/["\'\\s]*,["\'\\s]*/', $user['MonitorIds'])) . ")"; } else { $midSql = ''; } $sql = "select E.*,M.Name as MonitorName,M.Width,M.Height,M.DefaultRate,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = " . dbEscape($_REQUEST['eid']) . $midSql; $event = dbFetchOne($sql); if (isset($_REQUEST['rate'])) { $rate = validInt($_REQUEST['rate']); } else { $rate = reScale(RATE_BASE, $event['DefaultRate'], ZM_WEB_DEFAULT_RATE); } if (isset($_REQUEST['scale'])) { $scale = validInt($_REQUEST['scale']); } else { $scale = reScale(SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE); } $eventPath = ZM_DIR_EVENTS . '/' . getEventPath($event); $videoFormats = array(); $ffmpegFormats = preg_split('/\\s+/', ZM_FFMPEG_FORMATS); foreach ($ffmpegFormats as $ffmpegFormat) {