function check_login($username,$pw,$pw_hash) { $hash=$_SESSION[pwhash]; $_SESSION[pwhash]=""; // check if $pw is ok if($pw_hash!=md5($pw.$hash)) return false; $nid=getsql("select id from user where md5(concat(name,'$hash'))='$username' and md5(concat(password,'$has'))='$pw'"); if($nid!="") { $_SESSION[userid]=$nid; return true; } }
function user_info($_id = 0) { $id = $_id; if ($_id == 0 && is_authed()) { $id = $_SESSION['id']; } if (!is_authed() && $id == 0) { return null; } $uinfq = getsql()->query("SELECT * FROM `users` WHERE `id`=" . $id); // Make sure to destroy our session if this user doesn't exist anymore. if ($uinfq->num_rows == 0 && $id == $_SESSION['id']) { Header("Location: /logout?accdel"); } return $uinfq->fetch_object(); }
function display_wad_table($limit = 0) { echo "\n<table>\n\t<tr>\n\t\t<th></th>\n\t\t<th>File</th>\n\t\t<th>Size</th>\n\t\t<th>Uploaded by</th>\n\t\t<th>Date and time</th>\n\t\t<th>MD5</th>\n\t</tr>\n"; $db = getsql(); $limitstring = ''; if ($limit > 0) { $limitstring = " LIMIT {$limit}"; } $q = $db->query("SELECT * FROM `wads` ORDER BY `time` DESC {$limitstring}"); if ($q->num_rows < 1) { echo "\n<div id='serversbox'>\n\t<div style='width: 100%; text-align: center'>\n\t\tThere are no WADs uploaded yet.\n\t\t"; if (is_authed()) { echo "\n\t\t<br />\n\t\tFeel free to upload one from the main WADs page.\n\t\t"; } echo "\n\t</div>\n</div>\n\t\t\t\t\t"; } elseif ($q->num_rows > 0) { while ($o = $q->fetch_object()) { $id = $o->id; $size = human_filesize(filesize(disciple_json()->serverdata . '/wads/' . $o->filename)); $filename = $o->filename; $uploader = $o->uploader; $uploader_name = user_info($uploader)->username; $time = date('Y-m-d \\a\\t H:i:s', $o->time); echo "\n<tr id='wadrow-{$id}'>\n\t<td>\n"; if (is_authed()) { if (user_info()->userlevel >= UL_ADMINISTRATOR || $uploader == $_SESSION['id']) { echo "<a href='javascript:deleteWad({$id});' title='Delete'><i class='material-icons'>delete</i></a>"; } if (user_info()->userlevel >= UL_ADMINISTRATOR) { if ($db->query("SELECT * FROM `wadbans` WHERE `md5`='" . $o->md5 . "'")->num_rows == 0) { echo "<a href='javascript:banWad({$id});' title='Ban'><i class='material-icons'>not_interested</i></a>"; } else { echo "<a href='javascript:unbanWad({$id});' title='Unban'><i class='material-icons'>done</i></a>"; } } } echo "\n</td>\n<td><a href='/wads/{$filename}'>{$filename}</a></td>\n<td>{$size}</td>\n<td>{$uploader_name}</td>\n<td>{$time}</td>\n<td id='wadmd5-{$id}'><a href='javascript:wadMd5({$id});'>Show</a></td>\n</tr>\n"; } echo "</table>"; } }
} elseif ($call == 'search') { $s = api_checkarg_post('q'); $db = getsql(); $q = $db->query(sprintf("SELECT id,filename FROM wads WHERE filename LIKE '%%%s%%'", $db->real_escape_string($s))); if ($q->num_rows < 1) { echo '[]'; exit; } $out = array(); while ($o = $q->fetch_object()) { array_push($out, array('id' => intval($o->id), 'plain' => $o->filename, 'html' => str_replace($s, "<span class='ul'>{$s}</span>", $o->filename))); } Header("Content-Type: text/json"); echo json_encode($out); } elseif ($call == 'info') { $id = intval(api_checkarg_post('id')); $db = getsql(); if ($id == 0) { api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a number'); } $q = $db->query(sprintf("SELECT id,filename,md5 FROM wads WHERE id=%d", $id)); if ($q->num_rows < 1) { api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a valid WAD id'); } $o = $q->fetch_object(); if (user_info()->userlevel < UL_ADMINISTRATOR && $o->owner != $_SESSION['id']) { api_error(SN_FORBIDDEN, 'You do not have access to this operation.'); } Header("Content-Type: text/json"); echo json_encode(array('id' => intval($o->id), 'filename' => $o->filename, 'md5' => $o->md5)); }
public static function get_user_saves($uid) { $db = getsql(); $q = $db->query(sprintf("SELECT * FROM `savedservers` WHERE owner='%d'", $db->real_escape_string($uid))); $r = array(); while ($o = $q->fetch_object()) { array_push($r, json_decode($o->json)); } return $r; }
function newPart($name) { global $db; $id=getsql("select id from Part where id=".getInput("Part"),"id"); $db->query("insert into Part (name,parentID) values ('$name','$id');"); }
function runquery($sqlfile, $DB, $db_prefix, $tablenum = '0', $dbcharset) { $sqlfile = "install.sql"; $sql = getsql($sqlfile); $sql = str_replace("\r", "\n", str_replace('yxb_', ' ' . $db_prefix, $sql)); //替换表前缀 $ret = array(); $num = 0; foreach (explode(";\n", trim($sql)) as $query) { //以";\n"分割sql $queries = explode("\n", trim($query)); foreach ($queries as $query) { $ret[$num] .= $query[0] == '#' ? '' : $query; //把#开头的行当作注释 } $num++; } unset($sql); //销毁变量 foreach ($ret as $query) { $query = trim($query); if ($query) { if (substr($query, 0, 6) == 'CREATE') { //语句前面12割字符是CREATE TABLE $name = preg_replace("/CREATE TABLE ([a-z0-9_]+) .*/is", "\\1", $query); //CREATE TABLE后面紧接着的a到z,0到9范围内字符组成的字符串第一次匹配当作表名 echo '<font color="#0f0dEE"></font>创建表 ' . $name . ' .................................................................................................................................................................... <font color="#0000EE">成功</font><br />'; $DB->query(createtable($query, $dbcharset)); //调用createtable函数 $tablenum++; //表的数量增加 } else { $DB->query($query); //不是CREATE TABLE语句则调用query方法直接执行 } } } }
/** * @param \yii\db\Query $select * @param \yii\db\Connection $db */ function ddsql(\yii\db\Query $select, $db = null) { dd(getsql($select, $db)); }