function _openMenuGroupList($menuName, $isSelected, $skipIfAlreadyInGroup = false)
{
global $SHOW_EXPANDED_MENU;
if ($skipIfAlreadyInGroup && @$GLOBALS['IN_GROUP']) {
return;
}
$aClass = 'nav-top-item';
$liAttr = '';
$ulAttr = ' style="display: none;"';
if ($isSelected) {
$aClass .= ' current';
$liAttr = ' class="current"';
}
if ($isSelected || $SHOW_EXPANDED_MENU || $menuName == '') {
$ulAttr = '';
}
$html = _closeMenuGroupList();
$html .= "\n <li{$liAttr}>";
if ($menuName) {
$html .= "<a href='javascript:void(0);' class='{$aClass}'>" . htmlencode($menuName) . "</a>";
}
$html .= "\n <ul{$ulAttr}>\n";
$GLOBALS['IN_GROUP'] = true;
return $html;
}
function editFormHtml($record)
{
// set field attributes
$fieldHeight = @$this->fieldHeight ? $this->fieldHeight : 100;
$fieldPrefix = @$this->fieldPrefix;
if ($fieldPrefix != '') {
$fieldPrefix .= "<br/>\n";
}
// get field value
if ($record) {
$fieldValue = @$record[$this->name];
} else {
if (array_key_exists($this->name, $_REQUEST)) {
$fieldValue = @$_REQUEST[$this->name];
} else {
$fieldValue = getEvalOutput(@$this->defaultContent);
}
}
//
if ($this->autoFormat) {
$fieldValue = preg_replace("/<br\\/>\n/", "\n", $fieldValue);
}
// remove autoformat break tags
$encodedValue = htmlencode($fieldValue);
// display field
print <<<__HTML__
<tr>
<td style="vertical-align: top">{$this->label}</td>
<td>
{$fieldPrefix}
<textarea name="{$this->name}" style="width: 100%; height: {$fieldHeight}px" rows="5" cols="50">{$encodedValue}</textarea>
</td>
</tr>
__HTML__;
}
function editFormHtml($record)
{
// set field attributes
$description = getEvalOutput(@$this->description);
$fieldHeight = @$this->fieldHeight ? $this->fieldHeight : 100;
$fieldPrefix = @$this->fieldPrefix;
if ($fieldPrefix != '') {
$fieldPrefix .= "<br/>\n";
}
// get field value
if ($record) {
$fieldValue = @$record[$this->name];
} else {
if (array_key_exists($this->name, $_REQUEST)) {
$fieldValue = @$_REQUEST[$this->name];
} else {
$fieldValue = getEvalOutput(@$this->defaultContent);
}
}
$encodedValue = htmlencode($fieldValue);
// display field
print <<<__HTML__
<tr>
<td style="vertical-align: top">{$this->label}</td>
<td>
{$fieldPrefix}
<textarea name="{$this->name}" id="field_{$this->name}" rows="5" cols="40" style="width: 100%; height: {$fieldHeight}px; visibility: hidden;">{$encodedValue}</textarea>
{$description}
</td>
</tr>
__HTML__;
}
function editFormHtml($record)
{
global $isMyAccountMenu;
// set field attributes
$formRowAttrs = array('inputType' => @$this->isPasswordField ? 'password' : 'text', 'maxLengthAttr' => @$this->maxLength ? "maxlength='{$this->maxLength}'" : '', 'styleWidth' => @$this->fieldWidth ? "{$this->fieldWidth}px" : "250px", 'description' => getEvalOutput(@$this->description), 'prefixText' => @$this->fieldPrefix, 'readOnly' => '');
// get field value
if ($record) {
$fieldValue = @$record[$this->name];
} else {
if (array_key_exists($this->name, $_REQUEST)) {
$fieldValue = @$_REQUEST[$this->name];
} else {
$fieldValue = getEvalOutput(@$this->defaultValue);
}
}
$encodedValue = htmlencode($fieldValue);
// special case for My Account's password field
if ($isMyAccountMenu && $this->name == 'password') {
$this->_editFormRow($formRowAttrs + array('label' => t('Current Password'), 'fieldname' => 'password:old', 'encodedValue' => ''));
$this->_editFormRow($formRowAttrs + array('label' => t('New Password'), 'fieldname' => $this->name, 'encodedValue' => ''));
$this->_editFormRow($formRowAttrs + array('label' => t('New Password (again)'), 'fieldname' => 'password:again', 'encodedValue' => ''));
} else {
$this->_editFormRow($formRowAttrs + array('label' => $this->label, 'fieldname' => $this->name, 'encodedValue' => $encodedValue));
}
}
function set_var(&$result, $var, $type, $multibyte = false, $regex = '')
{
settype($var, $type);
$result = $var;
if ($type == 'string') {
$result = htmlencode($result, $multibyte);
}
}
function getDisplayValue($record)
{
// override me in derived classes
$value = $this->getDatabaseValue($record);
if (is_array($value)) {
return 'array';
}
// for debugging
return htmlencode($value);
}
function HtmlEditor($FieldName, $Value, $Width = '100%', $Height = '300px')
{
global $__CKEDITOR_JS_LOAD_Status__;
if (!$__CKEDITOR_JS_LOAD_Status__) {
$html_js = '<script type="text/javascript" src="/Plugins/ckeditor/ckeditor.js"></script><script type="text/javascript" src="/Javascripts/editor.functions.js"></script>';
$__CKEDITOR_JS_LOAD_Status__ = true;
}
$html = '<textarea name="' . $FieldName . '" cols="45" rows="5" style="width:' . $Width . ';height:' . $Height . ';">' . htmlencode($Value) . '</textarea>';
if ($html_js) {
$html .= $html_js;
}
$html .= '<script language="javascript" type="text/javascript">HtmlEditor(\'' . $FieldName . '\');</script>';
return $html;
}
function _pel_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array())
{
if ($tableName != '_error_log') {
return $displayValue;
}
// skip all by our table
//
if ($fieldname == 'dateLogged') {
if (!$record) {
return str_replace(' ', ' ', t("Date / When"));
}
// header - we detect the header hook by checking if the 4th argument is set
$displayValue = "<div title='" . htmlencode($record['dateLogged']) . "'>";
$displayValue .= str_replace(' ', ' ', prettyDate($record['dateLogged']));
// row cell - we detect the row cell by checking if $record is set
$displayValue .= "</div>";
}
//
if ($fieldname == '_error_summary_') {
if (!$record) {
return t("Error Details");
}
// header - we detect the header hook by checking if the 4th argument is set
// row cell - we detect the row cell by checking if $record is set
// get truncated url
$truncatedUrl = $record['url'];
$maxLength = 90;
if (preg_match("/^(.{0,{$maxLength}})(\\s|\$)/s", $truncatedUrl, $matches)) {
$truncatedUrl = $matches[1];
} else {
$truncatedUrl = mb_substr($truncatedUrl, 0, $maxLength);
}
// otherwise force cut at maxlength (for content with no whitespace such as malicious or non-english)
if (strlen($truncatedUrl) < strlen($record['url'])) {
$truncatedUrl .= " ...";
}
//
$displayValue = "<div style='line-height:1.5em'>\n";
$displayValue .= nl2br(htmlencode("{$record['error']}\n{$record['filepath']} (line {$record['line_num']})\n{$truncatedUrl}"));
$displayValue .= "</div>";
//$displayValue = "<table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n";
// $displayValue .= " <tr><td>" .t('Error'). "</td><td> : </td><td>" .htmlencode($record['error']). "</div></td></tr>\n";
//if ($record['url']) { $displayValue .= " <tr><td>" .t('URL'). "</td><td> : </td><td>" .htmlencode($record['url']). "</div></td></tr>\n"; }
//if ($record['filepath']) { $displayValue .= " <tr><td>" .t('Filepath'). "</td><td> : </td><td>" .htmlencode($record['filepath']). "</div></td></tr>\n"; }
//$displayValue .= " </table>\n";
}
return $displayValue;
}
function editFormHtml($record)
{
global $TABLE_PREFIX, $tableName;
$calendarTable = $TABLE_PREFIX . "_datecalendar";
// get dates
$dates = array();
$date = getdate();
$monthNum = $date['mon'];
$year = $date['year'];
$firstMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01');
for ($i = 1; $i <= 12; $i++) {
$dates[] = array('year' => $year, 'monthNum' => $monthNum);
if (++$monthNum > 12) {
$year++;
$monthNum = 1;
}
}
$lastMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01');
// load dates from database
$selectedDates = array();
$query = "SELECT DATE_FORMAT(date, '%Y%m%d') as date FROM `{$calendarTable}` ";
$query .= "WHERE `tablename` = '{$tableName}' ";
$query .= " AND `fieldname` = '{$this->name}' ";
$query .= " AND `recordNum` = '" . mysql_escape($_REQUEST['num']) . "' ";
$query .= " AND '{$firstMonth}' <= `date` AND `date` <= '{$lastMonth}'";
$result = mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
while ($row = mysql_fetch_assoc($result)) {
$selectedDates[$row['date']] = 1;
}
if (is_resource($result)) {
mysql_free_result($result);
}
// get calendar HTML
$calendarHtml = '';
foreach ($dates as $date) {
$calendarHtml .= _createEditCalendar($date['monthNum'], $date['year'], $selectedDates);
}
// display field
print <<<__HTML__
<tr>
<td valign="top">{$this->label}</td>
<td>{$calendarHtml}</td>
</tr>
__HTML__;
}
function _ogm_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array())
{
if ($tableName != '_outgoing_mail') {
return $displayValue;
}
// skip all by our table
if ($fieldname != '_message_summary_') {
return $displayValue;
}
// skip all but pseudo-field
// header - we detect the header hook by checking if the 4th argument is set
if (!$record) {
return t("Messages");
}
// row cell - we detect the row cell by checking if $record is set
$output = "\n <table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n <tr><td><b>" . t('Date') . "</b></td><td> : </td><td>" . htmlencode($record['createdDate']) . "</td></tr>\n <tr><td><b>" . t('From') . "</b></td><td> : </td><td>" . htmlencode($record['from']) . "</td></tr>\n <tr><td><b>" . t('To') . "</b></td><td> : </td><td>" . htmlencode($record['to']) . "</td></tr>\n <tr><td><b>" . t('Subject') . "</b></td><td> : </td><td>" . htmlencode($record['subject']) . "</td></tr>\n </table>\n";
return $output;
}
function showListResultsForHookKey($hookInfo, $key)
{
uksort($hookInfo[$key], '_sortUnderscoresLast');
$i = 0;
foreach (array_keys($hookInfo[$key]) as $callerName) {
$i++;
if ($i == 2) {
echo "\n<a href=\"#\" onclick=\"\$(this).hide(); \$(this).closest('td').find('div').show(); return false;\">(" . count(array_keys(array_keys($hookInfo[$key]))) . " " . t('total') . ")</a><div style=\"display: none;\">\n";
}
echo htmlencode($callerName);
if ($i != 1) {
echo "<br/>\n";
}
}
if ($i > 1) {
echo "</div>\n";
}
}
function showCopyOptions()
{
$includedTypes = array('single', 'multi', 'category');
$skippedTables = array('accounts');
foreach (getSortedSchemas() as $tableName => $schema) {
if (preg_match("/^_/", $tableName)) {
continue;
}
// skip private tables
if (in_array($tableName, $skippedTables)) {
continue;
}
// skip system tables
if (!in_array(@$schema['menuType'], $includedTypes)) {
continue;
}
// skip unknown menu types
$encodedValue = htmlencode($tableName);
$encodedLabel = htmlencode(coalesce(@$schema['menuName'], $tableName));
print "<option value='{$encodedValue}'>{$encodedLabel}</option>\n";
}
}
function saveUploadDetails()
{
global $TABLE_PREFIX;
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
// update uploads
if (is_array(@$_REQUEST['uploadNums'])) {
foreach ($_REQUEST['uploadNums'] as $uploadNum) {
if (!$uploadNum) {
die(__FUNCTION__ . ": No upload num specified!");
}
$query = "UPDATE `{$TABLE_PREFIX}uploads`\n";
$query .= " SET info1 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info1"]) . "',\n";
$query .= " info2 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info2"]) . "',\n";
$query .= " info3 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info3"]) . "',\n";
$query .= " info4 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info4"]) . "',\n";
$query .= " info5 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info5"]) . "'\n";
$query .= " WHERE num = '" . mysql_escape($uploadNum) . "' AND ";
if ($_REQUEST['num']) {
$query .= "recordNum = '" . mysql_escape($_REQUEST['num']) . "'";
} else {
if ($_REQUEST['preSaveTempId']) {
$query .= "preSaveTempId = '" . mysql_escape($_REQUEST['preSaveTempId']) . "'";
} else {
die("No value specified for 'num' or 'preSaveTempId'!");
}
}
mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
}
}
//
print "<script type='text/javascript'>self.parent.reloadIframe('{$_REQUEST['fieldName']}_iframe')</script>";
// reload uploadlist
print "<script type='text/javascript'>self.parent.tb_remove();</script>\n";
// close thickbox
exit;
}
function editFormHtml($record)
{
global $escapedTableName, $CURRENT_USER;
// set field attributes
$fieldValue = $record ? @$record[$this->name] : '';
// load categories
$categoriesByNum = array();
$query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder";
$result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
while ($row = mysql_fetch_assoc($result)) {
$isOwner = @$row['createdByUserNum'] == $CURRENT_USER['num'];
if (@$row['createdByUserNum'] && (!$isOwner && !$GLOBALS['hasEditorAccess'])) {
continue;
}
$categoriesByNum[$row['num']] = $row;
}
if (is_resource($result)) {
mysql_free_result($result);
}
//
print " <tr>\n";
print " <td>{$this->label}</td>\n";
print " <td>\n";
print " <select name='{$this->name}'>\n";
print " <option value='0'>None (top level category)</option>\n";
foreach ($categoriesByNum as $num => $category) {
$value = $category['num'];
$selectedAttr = selectedIf($value, $fieldValue, true);
$encodedLabel = htmlencode($category['breadcrumb']);
$isUnavailable = preg_match("/:" . @$record['num'] . ":/", $category['lineage']);
$extraAttr = $isUnavailable ? "style='color: #AAA' disabled='disabled' " : '';
print "<option value=\"{$value}\" {$extraAttr} {$selectedAttr}>{$encodedLabel}</option>\n";
}
print " </select>\n";
//
print " </td>\n";
print " </tr>\n";
}
function _emt_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array())
{
if ($tableName != '_email_templates') {
return $displayValue;
}
// skip all by our table
//
if ($fieldname == '_template_summary_') {
if (!$record) {
return t("Template");
}
// header - we detect the header hook by checking if the 4th argument is set
// row cell - we detect the row cell by checking if $record is set
$displayValue = "\n <table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n <tr><td><b>" . str_replace(' ', ' ', t('Template ID')) . "</b></td><td> : </td><td>" . htmlencode($record['template_id']) . "</td></tr>\n <tr><td><b>" . t('Description') . "</b></td><td> : </td><td>" . htmlencode($record['description']) . "</td></tr>\n <tr><td><b>" . t('Subject') . "</b></td><td> : </td><td>" . htmlencode($record['subject']) . "</td></tr>\n </table>\n ";
}
//
if ($fieldname == '_message_summary_') {
if (!$record) {
return t("Content");
}
// header - we detect the header hook by checking if the 4th argument is set
// row cell - we detect the row cell by checking if $record is set
$displayValue = "<table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n";
$displayValue .= " <tr><td><b>" . t('From') . "</b></td><td> : </td><td>" . htmlencode($record['from']) . "</td></tr>\n";
if ($record['reply-to']) {
$displayValue .= " <tr><td><b>" . t('Reply-To') . "</b></td><td> : </td><td>" . htmlencode($record['reply-to']) . "</td></tr>\n";
}
$displayValue .= " <tr><td><b>" . t('To') . "</b></td><td> : </td><td>" . htmlencode($record['to']) . "</td></tr>\n";
if ($record['cc']) {
$displayValue .= " <tr><td><b>" . t('CC') . "</b></td><td> : </td><td>" . htmlencode($record['cc']) . "</td></tr>\n";
}
if ($record['bcc']) {
$displayValue .= " <tr><td><b>" . t('BCC') . "</b></td><td> : </td><td>" . htmlencode($record['bcc']) . "</td></tr>\n";
}
$displayValue .= " </table>\n";
}
return $displayValue;
}
function _cg2_getGeneratorList($heading, $description, $type)
{
$html = '';
// list header
$html .= "<h3>" . htmlencode(t($heading)) . "</h3>\n";
$html .= "<div style='margin-left: 25px'>\n";
$html .= " " . htmlencode($description) . "\n";
$html .= "<table class='data' style='width: inherit'>\n";
$html .= "<tr><td colspan='2'></td></tr>";
// adds top line to row set
// list rows
$rows = '';
foreach (getGenerators($type) as $generator) {
$trClass = '';
//(@$trClass == "listRowOdd") ? 'listRowEven' : 'listRowOdd'; # rotate bgclass
$link = "?menu=" . urlencode(@$_REQUEST['menu']) . "&_generator=" . urlencode($generator['function']);
if (@$_REQUEST['tableName']) {
$link .= "&tableName=" . urlencode($_REQUEST['tableName']);
}
$rows .= "<tr class='listRow {$trClass}'>\n";
$rows .= " <td><a href='{$link}'>" . htmlencode(t($generator['name'])) . "</a></td>\n";
$rows .= " <td>" . htmlencode(t($generator['description'])) . "</td>\n";
$rows .= "</tr>\n";
}
if (!$rows) {
$rows .= "<tr class='listRow'>\n";
$rows .= " <td colspan='2' style='color: #999'>" . t('There are current no generators in this category.') . "</td>\n";
$rows .= "</tr>\n";
}
$html .= $rows;
// list footer
$html .= "</table>\n";
$html .= "</div><br/><br/>\n";
//
return $html;
}
function _getColumnDisplayValueAndAttributes($fieldname, &$record)
{
global $schema, $tableName;
$fieldValue = @$record[$fieldname];
$fieldSchema = @$schema[$fieldname];
if ($fieldSchema) {
$fieldSchema['name'] = $fieldname;
}
// default display value and attribute
if (!is_array($fieldValue)) {
$fieldValue = htmlencode($fieldValue);
}
$displayValue = $fieldValue;
$tdAttributes = "style='text-align:left'";
// date fields
$isSpecialDatefield = in_array($fieldname, array('createdDate', 'updatedDate'));
if (@$fieldSchema['type'] == 'date' || $isSpecialDatefield) {
$showSeconds = @$fieldSchema['showSeconds'];
$showTime = @$fieldSchema['showTime'];
$use24Hour = @$fieldSchema['use24HourFormat'];
// settings for createdDate and updatedDate
if ($isSpecialDatefield) {
$showSeconds = true;
$showTime = true;
$use24Hour = true;
}
$secondsFormat = '';
if ($showSeconds) {
$secondsFormat = ':s';
}
$timeFormat = '';
if ($showTime) {
if ($use24Hour) {
$timeFormat = " - H:i{$secondsFormat}";
} else {
$timeFormat = " - h:i{$secondsFormat} A";
}
}
$dateFormat = '';
$dayMonthOrder = @$GLOBALS['SETTINGS']['dateFormat'];
if ($dayMonthOrder == 'dmy') {
$dateFormat = "jS M, Y" . $timeFormat;
} elseif ($dayMonthOrder == 'mdy') {
$dateFormat = "M jS, Y" . $timeFormat;
} else {
$dateFormat = "Y-m-d" . $timeFormat;
}
$displayValue = date($dateFormat, strtotime($fieldValue));
if (!$fieldValue || $fieldValue == '0000-00-00 00:00:00') {
$displayValue = '';
}
}
// dragSortOrder fields
if ($fieldname == 'dragSortOrder') {
if (!userHasFieldAccess($schema[$fieldname])) {
return;
}
// skip fields that the user has no access to
$tdAttributes = "class='dragger'";
$displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />";
$displayValue .= "<img src='lib/images/drag.gif' height='6' width='19' class='dragger' title='" . t('Click and drag to change order.') . "' alt='' /><br/>";
}
// Category Section: name fields - pad category names to their depth
$isCategorySection = @$schema['menuType'] == 'category' && $fieldname == 'name';
if ($isCategorySection) {
$depth = @$record["depth"];
$parentNum = @$record["parentNum"];
//$displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />";
//$displayValue .= "<input type='hidden' value='$fieldValue' class='_categoryName' />";
//$displayValue .= "<input type='hidden' value='$depth' class='_categoryDepth' />";
$displayValue = "<input type='hidden' value='{$parentNum}' class='_categoryParent' />";
//$displayValue .= "<img style='float:left' src='lib/images/drag.gif' height='6' width='19' class='dragHandle' title='" .
// t('Click and drag to change order.').
// "' alt='' />";
if (@$record['depth']) {
$padding = str_repeat(" ", @$record['depth']);
$displayValue .= $padding . ' - ';
}
$displayValue .= $fieldValue;
}
// display first thumbnail for upload fields
if (@$fieldSchema['type'] == 'upload') {
$displayValue = '';
$upload = @$record[$fieldname][0];
if ($upload) {
ob_start();
showUploadPreview($upload, 50);
$displayValue = ob_get_clean();
}
}
// display labels for list fields
#if (@$fieldSchema['type'] == 'list' && $suffix == 'label') { // require ":label" field suffix in future to show labels, just do it automatic for now though.
if (@$fieldSchema['type'] == 'list') {
$displayValue = _getListOptionLabelByValue($fieldSchema, $record);
}
// display labels for checkboxes
if (@$fieldSchema['type'] == 'checkbox') {
if (@$fieldSchema['checkedValue'] || @$fieldSchema['uncheckedValue']) {
$displayValue = $fieldValue ? @$fieldSchema['checkedValue'] : @$fieldSchema['uncheckedValue'];
}
}
// v2.50 - display formatted textbox content
if (@$fieldSchema['type'] == 'textbox') {
if ($fieldSchema['autoFormat']) {
$displayValue = @$record[$fieldname];
// overwrite previous htmlencoded value
$displayValue = preg_replace("/<br\\s*\\/?>\r?\n/", "\n", $displayValue);
// remove autoformat break tags
$displayValue = htmlencode($displayValue);
// html encode content
}
$displayValue = nl2br($displayValue);
// re-add break tags after nextlines
}
// return display value
return array($displayValue, $tdAttributes);
}
function _upgradeToVersion1_10_accessLevels()
{
global $TABLE_PREFIX;
// error checking (check upgrade files were uploaded)
$errors = '';
$accessListSchema = loadSchema("_accesslist");
$accountsSchema = loadSchema("accounts");
if (empty($accessListSchema)) {
$errors .= "Error: You must upload the latest /data/schema/_accesslist.ini.php before upgrading!<br/>\n";
}
if ($errors) {
die($errors);
}
// check if already upraded
$result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts` LIMIT 0,1") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
$record = mysql_fetch_assoc($result);
if (!$record || !array_key_exists('tableAccessList', $record)) {
return;
}
// create new access table
$query = "CREATE TABLE IF NOT EXISTS `{$TABLE_PREFIX}_accesslist` (\n `userNum` int(10) unsigned NOT NULL,\n `tableName` varchar(255) NOT NULL,\n `accessLevel` tinyint(3) unsigned NOT NULL,\n `maxRecords` int(10) unsigned default NULL,\n `randomSaveId` varchar(255) NOT NULL\n ) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
mysql_query($query) || die("Error creating new access table.<br/>\n MySQL error was: " . htmlencode(mysql_error()) . "\n");
// create accessList field
if (!@$accountsSchema['accessList']) {
$accountsSchema['accessList'] = array('type' => 'accessList', 'label' => "Section Access", 'isSystemField' => '1', 'order' => 20);
createMissingSchemaTablesAndFields();
// create missing fields
clearAlertsAndNotices();
// don't show "created table/field" alerts
}
// drop tableAccessList
if (@$accountsSchema['tableAccessList']) {
unset($accountsSchema['tableAccessList']);
saveSchema('accounts', $accountsSchema);
}
### upgrade access levels
$schemaTables = getSchemaTables();
$schemaTables[] = "all";
$result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts`") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
while ($record = mysql_fetch_assoc($result)) {
if (!array_key_exists('tableAccessList', $record)) {
die(__FUNCTION__ . ": Couldn't load field 'tableAccessList'!");
}
// convert section access to new format
$tableNames = array();
$tableNames['all'] = 1;
// default all to "By Section" access
foreach ($schemaTables as $tableName) {
$adminAccess = preg_match("/\\b{$tableName}\\b/i", $record['tableAccessList']);
if ($adminAccess) {
$tableNames[$tableName] = '9';
}
}
// foreach table - add to insert query
$insertRows = '';
$fieldNames = "userNum, tableName, accessLevel, maxRecords, randomSaveId";
$foundAll = false;
foreach ($tableNames as $tableName => $accessLevel) {
if ($insertRows) {
$insertRows .= ",\n";
}
$escapedUserNum = mysql_escape($record['num']);
$escapedTableName = mysql_escape($tableName);
$maxRecords = "NULL";
$escapedSaveId = mysql_escape(uniqid('', true));
$insertRows .= "('{$escapedUserNum}', '{$escapedTableName}', '{$accessLevel}', {$maxRecords}, '{$escapedSaveId}')";
}
// add all
$insertQuery = "INSERT INTO `{$TABLE_PREFIX}_accesslist` ({$fieldNames}) VALUES {$insertRows};";
// insert new access rights
if ($insertRows) {
mysql_query($insertQuery) or die("MySQL Error Inserting New Access Rights: " . htmlencode(mysql_error()) . "\n");
}
}
// drop tableAccessList
$query = "ALTER TABLE `{$TABLE_PREFIX}accounts` DROP COLUMN `tableAccessList`;";
mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
}
header("Content-Type:text/html;charset=UTF-8");
require_once "config.php";
date_default_timezone_set('Asia/Taipei');
session_start();
$new_date = date("Y-m-d H:i:s");
$id = $_GET['id'];
$name = $_GET['name'];
$email = $_GET['email'];
$gender = $_GET['gender'];
$sql = "select * from `" . $member . "` where `fb_id` = '" . $id . "'";
$res = mysql_query($sql);
$row = mysql_fetch_array($res);
$isdel = $row['isdel'];
$num = mysql_num_rows($res);
if ($isdel == 0) {
$_SESSION['id'] = $id;
if ($num < 1) {
$sql = "INSERT INTO `" . $member . "`(`fb_id`,`user_name`,`user_account`,`user_sex`,`user_birthday`,`user_idcard`,`user_otherName`,`user_email`,`user_phone`,`isdel`,`wdate`,`udate`,`login`,`sort`)VALUES('" . htmlencode($id) . "','" . htmlencode($name) . "','" . htmlencode($email) . "','" . htmlencode($gender) . "','','','','" . htmlencode($email) . "','','0','" . htmlencode($new_date) . "','" . htmlencode($new_date) . "','" . htmlencode($new_date) . "','')";
$query = mysql_query($sql) or die("無法新增" . mysql_error());
} else {
$sqlu = "UPDATE `" . $member . "` SET `login` = '" . htmlencode($new_date) . "' where `fb_id` = " . $id . " ";
$query = mysql_query($sqlu) or die("無法更新" . mysql_error());
}
echo '<script type="text/JavaScript">
alert("登入成功");
window.location="../index.php"
</script>';
} else {
msgurlbox("您的帳號已停權,請洽管理者", "../index.php");
exit;
}
$delpiceb8 = "y";
}
}
//先刪除圖片===end===
}
if ($_POST["selltime1"] != "") {
$s1 = $_POST["selltime1"];
} else {
$s1 = "0000-00-00";
}
if ($_POST["selltime2"] != "") {
$s2 = $_POST["selltime2"];
} else {
$s2 = "0000-00-00";
}
$sql_data = "update product set `pro_num`='" . htmlencode($_POST["pro_num"]) . "',`pro_name`='" . htmlencode($_POST["pro_name"]) . "',`pro_type`='" . htmlencode($_POST["pro_type"]) . "',`word2`='" . htmlencode($_POST["word2"]) . "',`word`='" . str_replace("'", "''", $_POST["FCKeditor1"]) . "',`pro_sell`='" . $_POST["pro_sell"] . "',`selltime1`='" . $s1 . "',`selltime2`='" . $s2 . "',`pro_other`='" . $_POST["pro_other"] . "',`price1`='" . $_POST["price1"] . "',`price2`='" . $_POST["price2"] . "',`ppl`='" . $_POST["ppl"] . "',`room_type`='" . $_POST["room_type"] . "',`range`=" . $_POST["range"] . ",`t1`='" . $_POST["t1"] . "',`t2`='" . $_POST["t2"] . "',`t3`='" . $_POST["t3"] . "',`t4`='" . $_POST["t4"] . "',`t5`='" . $_POST["t5"] . "',`t6`='" . $_POST["t6"] . "',`t7`='" . $_POST["t7"] . "',`t8`='" . $_POST["t8"] . "'";
if ($sf_file3[0] != NULL) {
$sql_data = $sql_data . ",`pic1`='{$sf_file3['0']}'";
} else {
if ($delpiceb == "y") {
$sql_data = $sql_data . ",`pic1`=''";
}
}
if ($sf_file3[1] != NULL) {
$sql_data = $sql_data . ",`pic2`='{$sf_file3['1']}'";
} else {
if ($delpiceb2 == "y") {
$sql_data = $sql_data . ",`pic2`=''";
}
}
if ($sf_file3[2] != NULL) {
function htmlencode($svar)
{
if (is_array($svar)) {
foreach ($svar as $_k => $_v) {
$svar[$_k] = htmlencode($_v);
}
} else {
$svar = htmlspecialchars($svar, ENT_QUOTES);
}
return $svar;
}
$delpiceb3 = "y";
}
}
//先刪除圖片===end===
}
if ($_POST["selltime1"] != "") {
$s1 = $_POST["selltime1"];
} else {
$s1 = "0000-00-00";
}
if ($_POST["selltime2"] != "") {
$s2 = $_POST["selltime2"];
} else {
$s2 = "0000-00-00";
}
$sql_data = "update product set `pro_num`='" . htmlencode($_POST["pro_num"]) . "',`pro_kind`='" . $_POST["prokind"] . "',`pro_name`='" . htmlencode($_POST["pro_name"]) . "',`pro_type`='" . htmlencode($_POST["pro_type"]) . "',`word5`='" . str_replace("'", "''", $_POST["FCKeditor5"]) . "',`word4`='" . str_replace("'", "''", $_POST["FCKeditor4"]) . "',`word3`='" . str_replace("'", "''", $_POST["FCKeditor3"]) . "',`word2`='" . str_replace("'", "''", $_POST["FCKeditor2"]) . "',`word`='" . str_replace("'", "''", $_POST["FCKeditor1"]) . "',`pro_sell`='" . $_POST["pro_sell"] . "',`selltime1`='" . $s1 . "',`selltime2`='" . $s2 . "',`pro_other`='" . $_POST["pro_other"] . "',`price1`='" . $_POST["price1"] . "',`price2`='" . $_POST["price2"] . "',`ppl`='" . $_POST["ppl"] . "',`room_type`='" . $_POST["room_type"] . "',`price1`='" . $_POST["price1"] . "',`range`=" . $_POST["range"];
if ($sf_file3[0] != NULL) {
$sql_data = $sql_data . ",`pic1`='{$sf_file3['0']}'";
} else {
if ($delpiceb == "y") {
$sql_data = $sql_data . ",`pic1`=''";
}
}
if ($sf_file3[1] != NULL) {
$sql_data = $sql_data . ",`pic2`='{$sf_file3['1']}'";
} else {
if ($delpiceb2 == "y") {
$sql_data = $sql_data . ",`pic2`=''";
}
}
if ($sf_file3[2] != NULL) {
function mysql_where($criteriaArray = null, $extraWhere = 'TRUE')
{
$where = '';
if ($criteriaArray) {
foreach ($criteriaArray as $fieldName => $value) {
if (!preg_match('/^(\\w+)$/', $fieldName)) {
die(__FUNCTION__ . ": Invalid column name '" . htmlencode($fieldName) . "'!");
}
// error checking: whitelist column chars to prevent sql injection
// if $value is an array, use the IN operator
if (is_array($value)) {
$where .= "`{$fieldName}` IN (" . mysql_escapeCSV($value) . ") AND ";
} else {
$where .= mysql_escapef("`{$fieldName}` = ? AND ", $value);
}
}
}
$where .= $extraWhere;
return $where;
}
public function alterTable($table, $alterdefs)
{
global $debug, $lang;
$this->alterError = "";
$errormsg = sprintf($lang['alter_failed'], htmlencode($table)) . ' - ';
if ($debug) {
echo "ALTER TABLE: table=({$table}), alterdefs=({$alterdefs})<hr>";
}
if ($alterdefs != '') {
$recreateQueries = array();
$resultArr = $this->selectArray("SELECT sql,name,type FROM sqlite_master WHERE tbl_name = " . $this->quote($table));
if (sizeof($resultArr) < 1) {
$this->alterError = $errormsg . sprintf($lang['tbl_inexistent'], htmlencode($table));
if ($debug) {
echo "ERROR: unknown table<hr>";
}
return false;
}
for ($i = 0; $i < sizeof($resultArr); $i++) {
$row = $resultArr[$i];
if ($row['type'] != 'table') {
if ($row['sql'] != '') {
// store the CREATE statements of triggers and indexes to recreate them later
$recreateQueries[] = $row;
if ($debug) {
echo "recreate=(" . $row['sql'] . ";)<hr />";
}
}
} else {
// ALTER the table
$tmpname = 't' . time();
$origsql = $row['sql'];
$preg_remove_create_table = "/^\\s*+CREATE\\s++TABLE\\s++" . $this->sqlite_surroundings_preg($table) . "\\s*+(\\(.*+)\$/is";
$origsql_no_create = preg_replace($preg_remove_create_table, '$1', $origsql, 1);
if ($debug) {
echo "origsql=({$origsql})<br />preg_remove_create_table=({$preg_remove_create_table})<hr>";
}
if ($origsql_no_create == $origsql) {
$this->alterError = $errormsg . $lang['alter_tbl_name_not_replacable'];
if ($debug) {
echo "ERROR: could not get rid of CREATE TABLE<hr />";
}
return false;
}
$createtemptableSQL = "CREATE TEMPORARY TABLE " . $this->quote($tmpname) . " " . $origsql_no_create;
if ($debug) {
echo "createtemptableSQL=({$createtemptableSQL})<hr>";
}
$createindexsql = array();
$preg_alter_part = "/(?:DROP(?! PRIMARY KEY)|ADD(?! PRIMARY KEY)|CHANGE|RENAME TO|ADD PRIMARY KEY|DROP PRIMARY KEY)" . "(?:" . "\\s+\\(" . $this->sqlite_surroundings_preg("+", false, "\"'\\[`)") . "+\\)" . "|" . "\\s+" . $this->sqlite_surroundings_preg("+", false, ",'\"\\[`") . ")*/i";
if ($debug) {
echo "preg_alter_part=(" . $preg_alter_part . ")<hr />";
}
preg_match_all($preg_alter_part, $alterdefs, $matches);
$defs = $matches[0];
$get_oldcols_query = "PRAGMA table_info(" . $this->quote_id($table) . ")";
$result_oldcols = $this->selectArray($get_oldcols_query);
$newcols = array();
$coltypes = array();
$primarykey = array();
foreach ($result_oldcols as $column_info) {
$newcols[$column_info['name']] = $column_info['name'];
$coltypes[$column_info['name']] = $column_info['type'];
if ($column_info['pk']) {
$primarykey[] = $column_info['name'];
}
}
$newcolumns = '';
$oldcolumns = '';
reset($newcols);
while (list($key, $val) = each($newcols)) {
$newcolumns .= ($newcolumns ? ', ' : '') . $this->quote_id($val);
$oldcolumns .= ($oldcolumns ? ', ' : '') . $this->quote_id($key);
}
$copytotempsql = 'INSERT INTO ' . $this->quote_id($tmpname) . '(' . $newcolumns . ') SELECT ' . $oldcolumns . ' FROM ' . $this->quote_id($table);
$dropoldsql = 'DROP TABLE ' . $this->quote_id($table);
$createtesttableSQL = $createtemptableSQL;
if (count($defs) < 1) {
$this->alterError = $errormsg . $lang['alter_no_def'];
if ($debug) {
echo "ERROR: defs<1<hr />";
}
return false;
}
foreach ($defs as $def) {
if ($debug) {
echo "def={$def}<hr />";
}
$preg_parse_def = "/^(DROP(?! PRIMARY KEY)|ADD(?! PRIMARY KEY)|CHANGE|RENAME TO|ADD PRIMARY KEY|DROP PRIMARY KEY)" . "(?:" . "(?:\\s+\\((.+)\\)\\s*\$)" . "|" . "(?:\\s+\"((?:[^\"]|\"\")+)\"|\\s+'((?:[^']|'')+)')" . "(" . "(?:\\s+'((?:[^']|'')+)')?" . "\\s+" . "((?:[A-Z]+\\s*)+(?:\\(\\s*[+-]?\\s*[0-9]+(?:\\s*,\\s*[+-]?\\s*[0-9]+)?\\s*\\))?)\\s*" . ".*" . ")" . "?\\s*\$" . ")?\\s*\$/i";
// in case of DROP PRIMARY KEY, there is nothing after the command
if ($debug) {
echo "preg_parse_def={$preg_parse_def}<hr />";
}
$parse_def = preg_match($preg_parse_def, $def, $matches);
if ($parse_def === false) {
$this->alterError = $errormsg . $lang['alter_parse_failed'];
if ($debug) {
echo "ERROR: !parse_def<hr />";
}
return false;
}
if (!isset($matches[1])) {
$this->alterError = $errormsg . $lang['alter_action_not_recognized'];
if ($debug) {
echo "ERROR: !isset(matches[1])<hr />";
}
return false;
}
$action = strtolower($matches[1]);
if (($action == 'add' || $action == 'rename to') && isset($matches[4]) && $matches[4] != '') {
$column = str_replace("''", "'", $matches[4]);
} elseif ($action == 'add primary key' && isset($matches[2]) && $matches[2] != '') {
$column = $matches[2];
} elseif ($action == 'drop primary key') {
$column = '';
} elseif (isset($matches[3]) && $matches[3] != '') {
$column = str_replace('""', '"', $matches[3]);
} else {
$column = '';
}
$column_escaped = str_replace("'", "''", $column);
if ($debug) {
echo "action=({$action}), column=({$column}), column_escaped=({$column_escaped})<hr />";
}
/* we build a regex that devides the CREATE TABLE statement parts:
Part example Group Explanation
1. CREATE TABLE t... ( $1
2. 'col1' ..., 'col2' ..., 'colN' ..., $3 (with col1-colN being columns that are not changed and listed before the col to change)
3. 'colX' ..., (with colX being the column to change/drop)
4. 'colX+1' ..., ..., 'colK') $5 (with colX+1-colK being columns after the column to change/drop)
*/
$preg_create_table = "\\s*+(CREATE\\s++TEMPORARY\\s++TABLE\\s++" . preg_quote($this->quote($tmpname), "/") . "\\s*+\\()";
// This is group $1 (keep unchanged)
$preg_column_definiton = "\\s*+" . $this->sqlite_surroundings_preg("+", true, " '\"\\[`,", $column) . "(?:\\s*+" . $this->sqlite_surroundings_preg("*", false, "'\",`\\[ ") . ")++";
// catches a complete column definition, even if it is
// 'column' TEXT NOT NULL DEFAULT 'we have a comma, here and a double ''quote!'
// this definition does NOT match columns with the column name $column
if ($debug) {
echo "preg_column_definition=(" . $preg_column_definiton . ")<hr />";
}
$preg_columns_before = "(?:" . "(" . "(?:" . "{$preg_column_definiton},\\s*+" . ")*" . $preg_column_definiton . ")" . ",\\s*+" . ")?";
// there might be no columns before
if ($debug) {
echo "preg_columns_before=(" . $preg_columns_before . ")<hr />";
}
$preg_columns_after = "(,\\s*(.+))?";
// the columns after the column to drop. This is group $3 (drop) or $4(change) (keep!)
// we could remove the comma using $6 instead of $5, but then we might have no comma at all.
// Keeping it leaves a problem if we drop the first column, so we fix that case in another regex.
$table_new = $table;
switch ($action) {
case 'add':
if ($column == '') {
$this->alterError = $errormsg . ' (add) - ' . $lang['alter_no_add_col'];
return false;
}
$new_col_definition = "'{$column_escaped}' " . (isset($matches[5]) ? $matches[5] : '');
$preg_pattern_add = "/^" . $preg_create_table . "((?:(?!,\\s*(?:PRIMARY\\s+KEY\\s*\\(|CONSTRAINT\\s|UNIQUE\\s*\\(|CHECK\\s*\\(|FOREIGN\\s+KEY\\s*\\()).)*)" . "(.*)\\)\\s*\$/si";
// table-constraints like PRIMARY KEY(a,b) ($3) and the closing bracket
// append the column definiton in the CREATE TABLE statement
$newSQL = preg_replace($preg_pattern_add, '$1$2, ' . strtr($new_col_definition, array('\\' => '\\\\', '$' => '\\$')) . ' $3', $createtesttableSQL) . ')';
$preg_error = $this->getPregError();
if ($debug) {
echo $createtesttableSQL . "<hr>";
echo $newSQL . "<hr>";
echo $preg_pattern_add . "<hr>";
}
if ($newSQL == $createtesttableSQL) {
$this->alterError = $errormsg . ' (add) - ' . $lang['alter_pattern_mismatch'] . '. PREG ERROR: ' . $preg_error;
return false;
}
$createtesttableSQL = $newSQL;
break;
case 'change':
if (!isset($matches[6]) || !isset($matches[7])) {
$this->alterError = $errormsg . ' (change) - ' . $lang['alter_col_not_recognized'];
return false;
}
$new_col_name = $matches[6];
$new_col_type = $matches[7];
$new_col_definition = "'{$new_col_name}' {$new_col_type}";
$preg_column_to_change = "\\s*" . $this->sqlite_surroundings_preg($column) . "(?:\\s+" . preg_quote($coltypes[$column]) . ")?(\\s+(?:" . $this->sqlite_surroundings_preg("*", false, ",'\"`\\[") . ")+)?";
// replace this part (we want to change this column)
// group $3 contains the column constraints (keep!). the name & data type is replaced.
$preg_pattern_change = "/^" . $preg_create_table . $preg_columns_before . $preg_column_to_change . $preg_columns_after . "\\s*\\)\\s*\$/s";
// replace the column definiton in the CREATE TABLE statement
$newSQL = preg_replace($preg_pattern_change, '$1$2,' . strtr($new_col_definition, array('\\' => '\\\\', '$' => '\\$')) . '$3$4)', $createtesttableSQL);
$preg_error = $this->getPregError();
// remove comma at the beginning if the first column is changed
// probably somebody is able to put this into the first regex (using lookahead probably).
$newSQL = preg_replace("/^\\s*(CREATE\\s+TEMPORARY\\s+TABLE\\s+" . preg_quote($this->quote($tmpname), "/") . "\\s+\\(),\\s*/", '$1', $newSQL);
if ($debug) {
echo "preg_column_to_change=(" . $preg_column_to_change . ")<hr />";
echo $createtesttableSQL . "<hr />";
echo $newSQL . "<hr />";
echo $preg_pattern_change . "<hr />";
}
if ($newSQL == $createtesttableSQL || $newSQL == "") {
$this->alterError = $errormsg . ' (change) - ' . $lang['alter_pattern_mismatch'] . '. PREG ERROR: ' . $preg_error;
return false;
}
$createtesttableSQL = $newSQL;
$newcols[$column] = str_replace("''", "'", $new_col_name);
break;
case 'drop':
$preg_column_to_drop = "\\s*" . $this->sqlite_surroundings_preg($column) . "\\s+(?:" . $this->sqlite_surroundings_preg("*", false, ",'\"\\[`") . ")+";
// delete this part (we want to drop this column)
$preg_pattern_drop = "/^" . $preg_create_table . $preg_columns_before . $preg_column_to_drop . $preg_columns_after . "\\s*\\)\\s*\$/s";
// remove the column out of the CREATE TABLE statement
$newSQL = preg_replace($preg_pattern_drop, '$1$2$3)', $createtesttableSQL);
$preg_error = $this->getPregError();
// remove comma at the beginning if the first column is removed
// probably somebody is able to put this into the first regex (using lookahead probably).
$newSQL = preg_replace("/^\\s*(CREATE\\s+TEMPORARY\\s+TABLE\\s+" . preg_quote($this->quote($tmpname), "/") . "\\s+\\(),\\s*/", '$1', $newSQL);
if ($debug) {
echo $createtesttableSQL . "<hr>";
echo $newSQL . "<hr>";
echo $preg_pattern_drop . "<hr>";
}
if ($newSQL == $createtesttableSQL || $newSQL == "") {
$this->alterError = $errormsg . ' (drop) - ' . $lang['alter_pattern_mismatch'] . '. PREG ERROR: ' . $preg_error;
return false;
}
$createtesttableSQL = $newSQL;
unset($newcols[$column]);
break;
case 'rename to':
// don't change column definition at all
$newSQL = $createtesttableSQL;
// only change the name of the table
$table_new = $column;
break;
case 'add primary key':
// we want to add a primary key for the column(s) stored in $column
$newSQL = preg_replace("/\\)\\s*\$/", ", PRIMARY KEY (" . $column . ") )", $createtesttableSQL);
$createtesttableSQL = $newSQL;
break;
case 'drop primary key':
// we want to drop the primary key
if ($debug) {
echo "DROP";
}
if (sizeof($primarykey) == 1) {
// if not compound primary key, might be a column constraint -> try removal
$column = $primarykey[0];
if ($debug) {
echo "<br>Trying to drop column constraint for column {$column} <br>";
}
/*
TODO: This does not work yet:
CREATE TABLE 't12' ('t1' INTEGER CONSTRAINT "bla" NOT NULL CONSTRAINT 'pk' PRIMARY KEY ); ALTER TABLE "t12" DROP PRIMARY KEY
This does: ! !
CREATE TABLE 't12' ('t1' INTEGER CONSTRAINT bla NOT NULL CONSTRAINT 'pk' PRIMARY KEY ); ALTER TABLE "t12" DROP PRIMARY KEY
*/
$preg_column_to_change = "(\\s*" . $this->sqlite_surroundings_preg($column) . ")" . "(?:" . "(\\s+(?:" . $this->sqlite_surroundings_preg("(?:[^PC,'\"`\\[]|P(?!RIMARY\\s+KEY)|" . "C(?!ONSTRAINT\\s+" . $this->sqlite_surroundings_preg("+", false, " ,'\"\\[`") . "\\s+PRIMARY\\s+KEY))", false, ",'\"`\\[") . ")*)" . "(?:CONSTRAINT\\s+" . $this->sqlite_surroundings_preg("+", false, " ,'\"\\[`") . "\\s+)?" . "PRIMARY\\s+KEY" . "(?:\\s+(?:ASC|DESC))?" . "(?:\\s+ON\\s+CONFLICT\\s+(?:ROLLBACK|ABORT|FAIL|IGNORE|REPLACE))?" . "(?:\\s+AUTOINCREMENT)?" . "((?:" . $this->sqlite_surroundings_preg("*", false, ",'\"`\\[") . ")*)" . ")";
// replace this part (we want to change this column)
// group $3 (column) $4 (constraints before) and $5 (constraints after) contain the part to keep
$preg_pattern_change = "/^" . $preg_create_table . $preg_columns_before . $preg_column_to_change . $preg_columns_after . "\\s*\\)\\s*\$/si";
// replace the column definiton in the CREATE TABLE statement
$newSQL = preg_replace($preg_pattern_change, '$1$2,$3$4$5$6)', $createtesttableSQL);
// remove comma at the beginning if the first column is changed
// probably somebody is able to put this into the first regex (using lookahead probably).
$newSQL = preg_replace("/^\\s*(CREATE\\s+TEMPORARY\\s+TABLE\\s+" . preg_quote($this->quote($tmpname), "/") . "\\s+\\(),\\s*/", '$1', $newSQL);
if ($debug) {
echo "preg_column_to_change=(" . $preg_column_to_change . ")<hr />";
echo $createtesttableSQL . "<hr />";
echo $newSQL . "<hr />";
echo $preg_pattern_change . "<hr />";
}
if ($newSQL != $createtesttableSQL && $newSQL != "") {
$createtesttableSQL = $newSQL;
if ($debug) {
echo "<br>SUCCEEDED<br>";
}
} else {
if ($debug) {
echo "NO LUCK";
}
// TODO: try removing table constraint
return false;
}
$createtesttableSQL = $newSQL;
} else {
// TODO: Try removing table constraint
return false;
}
break;
default:
if ($debug) {
echo 'ERROR: unknown alter operation!<hr />';
}
$this->alterError = $errormsg . $lang['alter_unknown_operation'];
return false;
}
}
$droptempsql = 'DROP TABLE ' . $this->quote_id($tmpname);
$createnewtableSQL = "CREATE TABLE " . $this->quote($table_new) . " " . preg_replace("/^\\s*CREATE\\s+TEMPORARY\\s+TABLE\\s+'?" . str_replace("'", "''", preg_quote($tmpname, "/")) . "'?\\s+(.*)\$/is", '$1', $createtesttableSQL, 1);
$newcolumns = '';
$oldcolumns = '';
reset($newcols);
while (list($key, $val) = each($newcols)) {
$newcolumns .= ($newcolumns ? ', ' : '') . $this->quote_id($val);
$oldcolumns .= ($oldcolumns ? ', ' : '') . $this->quote_id($key);
}
$copytonewsql = 'INSERT INTO ' . $this->quote_id($table_new) . '(' . $newcolumns . ') SELECT ' . $oldcolumns . ' FROM ' . $this->quote_id($tmpname);
}
}
$alter_transaction = 'BEGIN; ';
$alter_transaction .= $createtemptableSQL . '; ';
//create temp table
$alter_transaction .= $copytotempsql . '; ';
//copy to table
$alter_transaction .= $dropoldsql . '; ';
//drop old table
$alter_transaction .= $createnewtableSQL . '; ';
//recreate original table
$alter_transaction .= $copytonewsql . '; ';
//copy back to original table
$alter_transaction .= $droptempsql . '; ';
//drop temp table
$preg_index = "/^\\s*(CREATE\\s+(?:UNIQUE\\s+)?INDEX\\s+(?:" . $this->sqlite_surroundings_preg("+", false, " '\"\\[`") . "\\s*)*ON\\s+)(" . $this->sqlite_surroundings_preg($table) . ")(\\s*\\((?:" . $this->sqlite_surroundings_preg("+", false, " '\"\\[`") . "\\s*)*\\)\\s*)\\s*\$/i";
foreach ($recreateQueries as $recreate_query) {
if ($recreate_query['type'] == 'index') {
// this is an index. We need to make sure the index is not on a column that we drop. If it is, we drop the index as well.
$indexInfos = $this->selectArray('PRAGMA index_info(' . $this->quote_id($recreate_query['name']) . ')');
foreach ($indexInfos as $indexInfo) {
if (!isset($newcols[$indexInfo['name']])) {
if ($debug) {
echo 'Not recreating the following index: <hr />' . htmlencode($recreate_query['sql']) . '<hr />';
}
// Index on a column that was dropped. Skip recreation.
continue 2;
}
}
}
// TODO: In case we renamed a column on which there is an index, we need to recreate the index with the column name adjusted.
// recreate triggers / indexes
if ($table == $table_new) {
// we had no RENAME TO, so we can recreate indexes/triggers just like the original ones
$alter_transaction .= $recreate_query['sql'] . ';';
} else {
// we had a RENAME TO, so we need to exchange the table-name in the CREATE-SQL of triggers & indexes
switch ($recreate_query['type']) {
case 'index':
$recreate_queryIndex = preg_replace($preg_index, '$1' . $this->quote_id(strtr($table_new, array('\\' => '\\\\', '$' => '\\$'))) . '$3 ', $recreate_query['sql']);
if ($recreate_queryIndex != $recreate_query['sql'] && $recreate_queryIndex != NULL) {
$alter_transaction .= $recreate_queryIndex . ';';
} else {
// the CREATE INDEX regex did not match. this normally should not happen
if ($debug) {
echo 'ERROR: CREATE INDEX regex did not match!?<hr />';
}
// just try to recreate the index originally (will fail most likely)
$alter_transaction .= $recreate_query['sql'] . ';';
}
break;
case 'trigger':
// TODO: IMPLEMENT
$alter_transaction .= $recreate_query['sql'] . ';';
break;
default:
if ($debug) {
echo 'ERROR: Unknown type ' . htmlencode($recreate_query['type']) . '<hr />';
}
$alter_transaction .= $recreate_query['sql'] . ';';
}
}
}
$alter_transaction .= 'COMMIT;';
if ($debug) {
echo $alter_transaction;
}
return $this->multiQuery($alter_transaction);
}
}
function editFormHtml($record)
{
// set field attributes
$listOptions = getListOptionsFromSchema($this, $record);
$valignTop = $this->listType != 'pulldown' ? 'style="vertical-align: top;"' : '';
$prefixText = @$this->fieldPrefix;
$description = getEvalOutput(@$this->description);
// get field value
if ($record) {
$fieldValue = @$record[$this->name];
} else {
if (array_key_exists($this->name, $_REQUEST)) {
$fieldValue = join("\t", (array) @$_REQUEST[$this->name]);
} else {
$fieldValue = '';
}
}
$fieldValues = preg_split("/\t/", $fieldValue, -1, PREG_SPLIT_NO_EMPTY);
// for multi value fields
$encodedValue = htmlencode($fieldValue);
// get list of values in database that aren't in list options (happens when list values are removed or field
// ... was a textfield than switched to a pulldown that doesn't offer all the previously entered values as options
$fieldValuesNotInList = array();
$listOptionValues = array();
foreach ($listOptions as $optionArray) {
list($value, $label) = $optionArray;
$listOptionValues[] = $value;
}
$fieldValuesNotInList = array_diff($fieldValues, $listOptionValues);
$noLongerInListText = count($fieldValuesNotInList) > 1 ? t('Previous selections (no longer in list)') : t('Previous selection (no longer in list)');
//
print " <tr>\n";
print " <td {$valignTop}>{$this->label}</td>\n";
print " <td>\n";
// pulldown
if ($this->listType == 'pulldown') {
print "{$prefixText}\n";
print " <select name='{$this->name}'>\n";
print " <option value=''><select></option>\n";
foreach ($listOptions as $optionArray) {
list($value, $label) = $optionArray;
$encodedValue = htmlencode($value);
$selectedAttr = selectedIf($value, $fieldValue, true);
$encodedLabel = htmlencode($label);
print "<option value=\"{$encodedValue}\" {$selectedAttr}>{$encodedLabel}</option>\n";
}
// show database values not in current list options
if ($fieldValuesNotInList) {
print " <optgroup label='{$noLongerInListText}'>\n";
foreach ($fieldValuesNotInList as $value) {
print " <option value=\"" . htmlencode($value) . "\" selected='selected'>" . htmlencode($value) . "</option>\n";
}
print " </optgroup>\n";
}
print " </select>\n";
print "{$description}\n";
} else {
if ($this->listType == 'pulldownMulti') {
if ($prefixText) {
print "{$prefixText}<br/>\n";
}
print " <select name='{$this->name}[]' multiple='multiple' size='5'>\n";
foreach ($listOptions as $optionArray) {
list($value, $label) = $optionArray;
$encodedValue = htmlencode($value);
$selectedAttr = in_array($value, $fieldValues) ? 'selected="selected"' : '';
$encodedLabel = htmlencode($label);
print "<option value=\"{$encodedValue}\" {$selectedAttr}>{$encodedLabel}</option>\n";
}
// show database values not in current list options
if ($fieldValuesNotInList) {
print " <optgroup label='{$noLongerInListText}'>\n";
foreach ($fieldValuesNotInList as $value) {
print " <option value=\"" . htmlencode($value) . "\" selected='selected'>" . htmlencode($value) . "</option>\n";
}
print " </optgroup>\n";
}
print " </select>\n";
if ($description) {
print "<br/>{$description}\n";
}
} else {
if ($this->listType == 'radios') {
if ($prefixText) {
print "{$prefixText}<br/>\n";
}
foreach ($listOptions as $optionArray) {
list($value, $label) = $optionArray;
$encodedValue = htmlencode($value);
$encodedLabel = htmlencode($label);
$checkedAttr = $value == $fieldValue ? 'checked="checked"' : '';
$idAttr = "{$this->name}.{$encodedValue}";
print "<input type='radio' name='{$this->name}' value='{$encodedValue}' id='{$idAttr}' {$checkedAttr}/>\n";
print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n\n";
}
// show database values not in current list options
if ($fieldValuesNotInList) {
print "{$noLongerInListText}<br />\n";
foreach ($fieldValuesNotInList as $value) {
$encodedValue = htmlencode($value);
$encodedLabel = htmlencode($value);
$idAttr = "{$this->name}.{$encodedValue}";
print "<input type='radio' name='{$this->name}' value='{$encodedValue}' id='{$idAttr}' checked='checked'/>\n";
print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n\n";
}
}
if ($description) {
print "{$description}\n";
}
} else {
if ($this->listType == 'checkboxes') {
if ($prefixText) {
print "{$prefixText}<br/>\n";
}
foreach ($listOptions as $optionArray) {
list($value, $label) = $optionArray;
$encodedValue = htmlencode($value);
$encodedLabel = htmlencode($label);
$checkedAttr = in_array($value, $fieldValues) ? 'checked="checked"' : '';
$idAttr = "{$this->name}.{$encodedValue}";
print "<input type='checkbox' name='{$this->name}[]' value='{$encodedValue}' id='{$idAttr}' {$checkedAttr}/>\n";
print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n";
}
// show database values not in current list options
if ($fieldValuesNotInList) {
print "{$noLongerInListText}<br />\n";
foreach ($fieldValuesNotInList as $value) {
$encodedValue = htmlencode($value);
$encodedLabel = htmlencode($value);
$idAttr = "{$this->name}.{$encodedValue}";
print "<input type='checkbox' name='{$this->name}[]' value='{$encodedValue}' id='{$idAttr}' checked='checked' />\n";
print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n\n";
}
}
if ($description) {
print "{$description}\n";
}
} else {
die("Unknown listType '{$this->listType}'!");
}
}
}
}
// list fields w/ advanced filters - add onchange event handler to local filter field
if (@$this->filterField) {
?>
<script type="text/javascript"><!--
$("[name='<?php
echo $this->filterField;
?>
']").change(function () {
var targetListField = '<?php
echo $this->name;
?>
';
var newFilterValue = this.value;
updateListFieldOptions(targetListField, newFilterValue);
});
// --></script>
<?php
}
//
print " </td>\n";
print " </tr>\n";
}
function resetPassword()
{
global $CURRENT_USER, $SETTINGS;
$GLOBALS['sentEmail'] = false;
// error checking
if (!@$_REQUEST['userNum']) {
die("No 'userNum' value specified!");
}
if (!@$_REQUEST['resetCode']) {
die("No 'resetCode' value specified!");
}
if (!_isValidPasswordResetCode(@$_REQUEST['userNum'], @$_REQUEST['resetCode'])) {
alert(t("Password reset code has expired or is not valid. Try resetting your password again."));
showInterface('forgotPassword.php', false);
}
// load user
global $user;
$user = mysql_get(accountsTable(), (int) @$_REQUEST['userNum']);
// Lookup username or email
if (@$_REQUEST['submitForm']) {
security_dieUnlessPostForm();
security_dieOnInvalidCsrfToken();
disableInDemoMode('', 'resetPassword.php');
// error checking
$textErrors = getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $user['username']);
// v2.52
if ($textErrors) {
alert(nl2br(htmlencode($textErrors)));
showInterface('resetPassword.php');
exit;
}
// update password
$newPassword = getPasswordDigest($_REQUEST['password']);
mysql_update(accountsTable(), $user['num'], null, array('password' => $newPassword));
// show login
alert(t('Password updated!'));
$_REQUEST = array();
showInterface('login.php', false);
exit;
}
//
showInterface('resetPassword.php');
exit;
}
?>
"> <?php
echo $lEmail;
?>
: </font></td>
<td <?php
echo bgcolor($table_body_color_1);
?>
><font color="<?php
echo $table_body_font_color_1;
?>
"><a href="<?php
echo htmlencode("mailto:" . $rec['email']);
?>
"><?php
echo htmlencode($rec['email']);
?>
</a></font></td>
</tr>
<?php
}
if ($rec['webpage']) {
?>
<tr>
<td <?php
echo bgcolor($table_body_color_1);
?>
nowrap><font color="<?php
echo $table_body_font_color_1;
?>
"> <?php
function htmlencode_params($params)
{
$result = array();
foreach ($params as $key => $val) {
$result[$key] = htmlencode($val);
}
return $result;
}
echo "<div class='confirm'>";
printf($lang['db_renamed'], htmlencode($oldpath));
echo " '" . htmlencode($newpath) . "'.";
echo "</div><br/>";
}
echo "<form action='?view=rename&database_rename=1' method='post'>";
echo "<input type='hidden' name='oldname' value='" . htmlencode($db->getPath()) . "'/>";
echo $lang['db_rename'] . " '" . htmlencode($db->getPath()) . "' " . $lang['to'] . " <input type='text' name='newname' style='width:200px;' value='" . htmlencode($db->getPath()) . "'/> <input type='submit' value='" . $lang['rename'] . "' name='rename' class='btn'/>";
echo "</form>";
} else {
if ($view == "delete") {
//- Delete database confirmation (=delete)
echo "<form action='?database_delete=1' method='post'>";
echo "<div class='confirm'>";
echo sprintf($lang['ques_del_db'], htmlencode($db->getPath())) . "<br/><br/>";
echo "<input name='database_delete' value='" . htmlencode($db->getPath()) . "' type='hidden'/>";
echo "<input type='submit' value='" . $lang['confirm'] . "' class='btn'/> ";
echo "<a href='" . PAGE . "'>" . $lang['cancel'] . "</a>";
echo "</div>";
echo "</form>";
}
}
}
}
}
}
}
echo "</div>";
}
//- HTML: page footer
echo "<br/>";
$delpiceb3 = "y";
}
}
//先刪除圖片===end===
}
if ($_POST["selltime1"] != "") {
$s1 = $_POST["selltime1"];
} else {
$s1 = "0000-00-00";
}
if ($_POST["selltime2"] != "") {
$s2 = $_POST["selltime2"];
} else {
$s2 = "0000-00-00";
}
$sql_data = "update product set `pro_num`='" . htmlencode($_POST["pro_num"]) . "',`word`='" . str_replace("'", "''", $_POST["FCKeditor1"]) . "',`range`=" . $_POST["range"];
if ($sf_file3[0] != NULL) {
$sql_data = $sql_data . ",`pic1`='{$sf_file3['0']}'";
} else {
if ($delpiceb == "y") {
$sql_data = $sql_data . ",`pic1`=''";
}
}
if ($sf_file3[1] != NULL) {
$sql_data = $sql_data . ",`pic2`='{$sf_file3['1']}'";
} else {
if ($delpiceb2 == "y") {
$sql_data = $sql_data . ",`pic2`=''";
}
}
if ($sf_file3[2] != NULL) {
