function _openMenuGroupList($menuName, $isSelected, $skipIfAlreadyInGroup = false) { global $SHOW_EXPANDED_MENU; if ($skipIfAlreadyInGroup && @$GLOBALS['IN_GROUP']) { return; } $aClass = 'nav-top-item'; $liAttr = ''; $ulAttr = ' style="display: none;"'; if ($isSelected) { $aClass .= ' current'; $liAttr = ' class="current"'; } if ($isSelected || $SHOW_EXPANDED_MENU || $menuName == '') { $ulAttr = ''; } $html = _closeMenuGroupList(); $html .= "\n <li{$liAttr}>"; if ($menuName) { $html .= "<a href='javascript:void(0);' class='{$aClass}'>" . htmlencode($menuName) . "</a>"; } $html .= "\n <ul{$ulAttr}>\n"; $GLOBALS['IN_GROUP'] = true; return $html; }
function editFormHtml($record) { // set field attributes $fieldHeight = @$this->fieldHeight ? $this->fieldHeight : 100; $fieldPrefix = @$this->fieldPrefix; if ($fieldPrefix != '') { $fieldPrefix .= "<br/>\n"; } // get field value if ($record) { $fieldValue = @$record[$this->name]; } else { if (array_key_exists($this->name, $_REQUEST)) { $fieldValue = @$_REQUEST[$this->name]; } else { $fieldValue = getEvalOutput(@$this->defaultContent); } } // if ($this->autoFormat) { $fieldValue = preg_replace("/<br\\/>\n/", "\n", $fieldValue); } // remove autoformat break tags $encodedValue = htmlencode($fieldValue); // display field print <<<__HTML__ <tr> <td style="vertical-align: top">{$this->label}</td> <td> {$fieldPrefix} <textarea name="{$this->name}" style="width: 100%; height: {$fieldHeight}px" rows="5" cols="50">{$encodedValue}</textarea> </td> </tr> __HTML__; }
function editFormHtml($record) { // set field attributes $description = getEvalOutput(@$this->description); $fieldHeight = @$this->fieldHeight ? $this->fieldHeight : 100; $fieldPrefix = @$this->fieldPrefix; if ($fieldPrefix != '') { $fieldPrefix .= "<br/>\n"; } // get field value if ($record) { $fieldValue = @$record[$this->name]; } else { if (array_key_exists($this->name, $_REQUEST)) { $fieldValue = @$_REQUEST[$this->name]; } else { $fieldValue = getEvalOutput(@$this->defaultContent); } } $encodedValue = htmlencode($fieldValue); // display field print <<<__HTML__ <tr> <td style="vertical-align: top">{$this->label}</td> <td> {$fieldPrefix} <textarea name="{$this->name}" id="field_{$this->name}" rows="5" cols="40" style="width: 100%; height: {$fieldHeight}px; visibility: hidden;">{$encodedValue}</textarea> {$description} </td> </tr> __HTML__; }
function editFormHtml($record) { global $isMyAccountMenu; // set field attributes $formRowAttrs = array('inputType' => @$this->isPasswordField ? 'password' : 'text', 'maxLengthAttr' => @$this->maxLength ? "maxlength='{$this->maxLength}'" : '', 'styleWidth' => @$this->fieldWidth ? "{$this->fieldWidth}px" : "250px", 'description' => getEvalOutput(@$this->description), 'prefixText' => @$this->fieldPrefix, 'readOnly' => ''); // get field value if ($record) { $fieldValue = @$record[$this->name]; } else { if (array_key_exists($this->name, $_REQUEST)) { $fieldValue = @$_REQUEST[$this->name]; } else { $fieldValue = getEvalOutput(@$this->defaultValue); } } $encodedValue = htmlencode($fieldValue); // special case for My Account's password field if ($isMyAccountMenu && $this->name == 'password') { $this->_editFormRow($formRowAttrs + array('label' => t('Current Password'), 'fieldname' => 'password:old', 'encodedValue' => '')); $this->_editFormRow($formRowAttrs + array('label' => t('New Password'), 'fieldname' => $this->name, 'encodedValue' => '')); $this->_editFormRow($formRowAttrs + array('label' => t('New Password (again)'), 'fieldname' => 'password:again', 'encodedValue' => '')); } else { $this->_editFormRow($formRowAttrs + array('label' => $this->label, 'fieldname' => $this->name, 'encodedValue' => $encodedValue)); } }
function set_var(&$result, $var, $type, $multibyte = false, $regex = '') { settype($var, $type); $result = $var; if ($type == 'string') { $result = htmlencode($result, $multibyte); } }
function getDisplayValue($record) { // override me in derived classes $value = $this->getDatabaseValue($record); if (is_array($value)) { return 'array'; } // for debugging return htmlencode($value); }
function HtmlEditor($FieldName, $Value, $Width = '100%', $Height = '300px') { global $__CKEDITOR_JS_LOAD_Status__; if (!$__CKEDITOR_JS_LOAD_Status__) { $html_js = '<script type="text/javascript" src="/Plugins/ckeditor/ckeditor.js"></script><script type="text/javascript" src="/Javascripts/editor.functions.js"></script>'; $__CKEDITOR_JS_LOAD_Status__ = true; } $html = '<textarea name="' . $FieldName . '" cols="45" rows="5" style="width:' . $Width . ';height:' . $Height . ';">' . htmlencode($Value) . '</textarea>'; if ($html_js) { $html .= $html_js; } $html .= '<script language="javascript" type="text/javascript">HtmlEditor(\'' . $FieldName . '\');</script>'; return $html; }
function _pel_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array()) { if ($tableName != '_error_log') { return $displayValue; } // skip all by our table // if ($fieldname == 'dateLogged') { if (!$record) { return str_replace(' ', ' ', t("Date / When")); } // header - we detect the header hook by checking if the 4th argument is set $displayValue = "<div title='" . htmlencode($record['dateLogged']) . "'>"; $displayValue .= str_replace(' ', ' ', prettyDate($record['dateLogged'])); // row cell - we detect the row cell by checking if $record is set $displayValue .= "</div>"; } // if ($fieldname == '_error_summary_') { if (!$record) { return t("Error Details"); } // header - we detect the header hook by checking if the 4th argument is set // row cell - we detect the row cell by checking if $record is set // get truncated url $truncatedUrl = $record['url']; $maxLength = 90; if (preg_match("/^(.{0,{$maxLength}})(\\s|\$)/s", $truncatedUrl, $matches)) { $truncatedUrl = $matches[1]; } else { $truncatedUrl = mb_substr($truncatedUrl, 0, $maxLength); } // otherwise force cut at maxlength (for content with no whitespace such as malicious or non-english) if (strlen($truncatedUrl) < strlen($record['url'])) { $truncatedUrl .= " ..."; } // $displayValue = "<div style='line-height:1.5em'>\n"; $displayValue .= nl2br(htmlencode("{$record['error']}\n{$record['filepath']} (line {$record['line_num']})\n{$truncatedUrl}")); $displayValue .= "</div>"; //$displayValue = "<table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n"; // $displayValue .= " <tr><td>" .t('Error'). "</td><td> : </td><td>" .htmlencode($record['error']). "</div></td></tr>\n"; //if ($record['url']) { $displayValue .= " <tr><td>" .t('URL'). "</td><td> : </td><td>" .htmlencode($record['url']). "</div></td></tr>\n"; } //if ($record['filepath']) { $displayValue .= " <tr><td>" .t('Filepath'). "</td><td> : </td><td>" .htmlencode($record['filepath']). "</div></td></tr>\n"; } //$displayValue .= " </table>\n"; } return $displayValue; }
function editFormHtml($record) { global $TABLE_PREFIX, $tableName; $calendarTable = $TABLE_PREFIX . "_datecalendar"; // get dates $dates = array(); $date = getdate(); $monthNum = $date['mon']; $year = $date['year']; $firstMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01'); for ($i = 1; $i <= 12; $i++) { $dates[] = array('year' => $year, 'monthNum' => $monthNum); if (++$monthNum > 12) { $year++; $monthNum = 1; } } $lastMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01'); // load dates from database $selectedDates = array(); $query = "SELECT DATE_FORMAT(date, '%Y%m%d') as date FROM `{$calendarTable}` "; $query .= "WHERE `tablename` = '{$tableName}' "; $query .= " AND `fieldname` = '{$this->name}' "; $query .= " AND `recordNum` = '" . mysql_escape($_REQUEST['num']) . "' "; $query .= " AND '{$firstMonth}' <= `date` AND `date` <= '{$lastMonth}'"; $result = mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); while ($row = mysql_fetch_assoc($result)) { $selectedDates[$row['date']] = 1; } if (is_resource($result)) { mysql_free_result($result); } // get calendar HTML $calendarHtml = ''; foreach ($dates as $date) { $calendarHtml .= _createEditCalendar($date['monthNum'], $date['year'], $selectedDates); } // display field print <<<__HTML__ <tr> <td valign="top">{$this->label}</td> <td>{$calendarHtml}</td> </tr> __HTML__; }
function _ogm_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array()) { if ($tableName != '_outgoing_mail') { return $displayValue; } // skip all by our table if ($fieldname != '_message_summary_') { return $displayValue; } // skip all but pseudo-field // header - we detect the header hook by checking if the 4th argument is set if (!$record) { return t("Messages"); } // row cell - we detect the row cell by checking if $record is set $output = "\n <table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n <tr><td><b>" . t('Date') . "</b></td><td> : </td><td>" . htmlencode($record['createdDate']) . "</td></tr>\n <tr><td><b>" . t('From') . "</b></td><td> : </td><td>" . htmlencode($record['from']) . "</td></tr>\n <tr><td><b>" . t('To') . "</b></td><td> : </td><td>" . htmlencode($record['to']) . "</td></tr>\n <tr><td><b>" . t('Subject') . "</b></td><td> : </td><td>" . htmlencode($record['subject']) . "</td></tr>\n </table>\n"; return $output; }
function showListResultsForHookKey($hookInfo, $key) { uksort($hookInfo[$key], '_sortUnderscoresLast'); $i = 0; foreach (array_keys($hookInfo[$key]) as $callerName) { $i++; if ($i == 2) { echo "\n<a href=\"#\" onclick=\"\$(this).hide(); \$(this).closest('td').find('div').show(); return false;\">(" . count(array_keys(array_keys($hookInfo[$key]))) . " " . t('total') . ")</a><div style=\"display: none;\">\n"; } echo htmlencode($callerName); if ($i != 1) { echo "<br/>\n"; } } if ($i > 1) { echo "</div>\n"; } }
function showCopyOptions() { $includedTypes = array('single', 'multi', 'category'); $skippedTables = array('accounts'); foreach (getSortedSchemas() as $tableName => $schema) { if (preg_match("/^_/", $tableName)) { continue; } // skip private tables if (in_array($tableName, $skippedTables)) { continue; } // skip system tables if (!in_array(@$schema['menuType'], $includedTypes)) { continue; } // skip unknown menu types $encodedValue = htmlencode($tableName); $encodedLabel = htmlencode(coalesce(@$schema['menuName'], $tableName)); print "<option value='{$encodedValue}'>{$encodedLabel}</option>\n"; } }
function saveUploadDetails() { global $TABLE_PREFIX; security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); // update uploads if (is_array(@$_REQUEST['uploadNums'])) { foreach ($_REQUEST['uploadNums'] as $uploadNum) { if (!$uploadNum) { die(__FUNCTION__ . ": No upload num specified!"); } $query = "UPDATE `{$TABLE_PREFIX}uploads`\n"; $query .= " SET info1 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info1"]) . "',\n"; $query .= " info2 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info2"]) . "',\n"; $query .= " info3 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info3"]) . "',\n"; $query .= " info4 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info4"]) . "',\n"; $query .= " info5 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info5"]) . "'\n"; $query .= " WHERE num = '" . mysql_escape($uploadNum) . "' AND "; if ($_REQUEST['num']) { $query .= "recordNum = '" . mysql_escape($_REQUEST['num']) . "'"; } else { if ($_REQUEST['preSaveTempId']) { $query .= "preSaveTempId = '" . mysql_escape($_REQUEST['preSaveTempId']) . "'"; } else { die("No value specified for 'num' or 'preSaveTempId'!"); } } mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); } } // print "<script type='text/javascript'>self.parent.reloadIframe('{$_REQUEST['fieldName']}_iframe')</script>"; // reload uploadlist print "<script type='text/javascript'>self.parent.tb_remove();</script>\n"; // close thickbox exit; }
function editFormHtml($record) { global $escapedTableName, $CURRENT_USER; // set field attributes $fieldValue = $record ? @$record[$this->name] : ''; // load categories $categoriesByNum = array(); $query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder"; $result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n"); while ($row = mysql_fetch_assoc($result)) { $isOwner = @$row['createdByUserNum'] == $CURRENT_USER['num']; if (@$row['createdByUserNum'] && (!$isOwner && !$GLOBALS['hasEditorAccess'])) { continue; } $categoriesByNum[$row['num']] = $row; } if (is_resource($result)) { mysql_free_result($result); } // print " <tr>\n"; print " <td>{$this->label}</td>\n"; print " <td>\n"; print " <select name='{$this->name}'>\n"; print " <option value='0'>None (top level category)</option>\n"; foreach ($categoriesByNum as $num => $category) { $value = $category['num']; $selectedAttr = selectedIf($value, $fieldValue, true); $encodedLabel = htmlencode($category['breadcrumb']); $isUnavailable = preg_match("/:" . @$record['num'] . ":/", $category['lineage']); $extraAttr = $isUnavailable ? "style='color: #AAA' disabled='disabled' " : ''; print "<option value=\"{$value}\" {$extraAttr} {$selectedAttr}>{$encodedLabel}</option>\n"; } print " </select>\n"; // print " </td>\n"; print " </tr>\n"; }
function _emt_cmsList_messageColumn($displayValue, $tableName, $fieldname, $record = array()) { if ($tableName != '_email_templates') { return $displayValue; } // skip all by our table // if ($fieldname == '_template_summary_') { if (!$record) { return t("Template"); } // header - we detect the header hook by checking if the 4th argument is set // row cell - we detect the row cell by checking if $record is set $displayValue = "\n <table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n <tr><td><b>" . str_replace(' ', ' ', t('Template ID')) . "</b></td><td> : </td><td>" . htmlencode($record['template_id']) . "</td></tr>\n <tr><td><b>" . t('Description') . "</b></td><td> : </td><td>" . htmlencode($record['description']) . "</td></tr>\n <tr><td><b>" . t('Subject') . "</b></td><td> : </td><td>" . htmlencode($record['subject']) . "</td></tr>\n </table>\n "; } // if ($fieldname == '_message_summary_') { if (!$record) { return t("Content"); } // header - we detect the header hook by checking if the 4th argument is set // row cell - we detect the row cell by checking if $record is set $displayValue = "<table border='0' cellspacing='0' cellpadding='0' class='spacedTable'>\n"; $displayValue .= " <tr><td><b>" . t('From') . "</b></td><td> : </td><td>" . htmlencode($record['from']) . "</td></tr>\n"; if ($record['reply-to']) { $displayValue .= " <tr><td><b>" . t('Reply-To') . "</b></td><td> : </td><td>" . htmlencode($record['reply-to']) . "</td></tr>\n"; } $displayValue .= " <tr><td><b>" . t('To') . "</b></td><td> : </td><td>" . htmlencode($record['to']) . "</td></tr>\n"; if ($record['cc']) { $displayValue .= " <tr><td><b>" . t('CC') . "</b></td><td> : </td><td>" . htmlencode($record['cc']) . "</td></tr>\n"; } if ($record['bcc']) { $displayValue .= " <tr><td><b>" . t('BCC') . "</b></td><td> : </td><td>" . htmlencode($record['bcc']) . "</td></tr>\n"; } $displayValue .= " </table>\n"; } return $displayValue; }
function _cg2_getGeneratorList($heading, $description, $type) { $html = ''; // list header $html .= "<h3>" . htmlencode(t($heading)) . "</h3>\n"; $html .= "<div style='margin-left: 25px'>\n"; $html .= " " . htmlencode($description) . "\n"; $html .= "<table class='data' style='width: inherit'>\n"; $html .= "<tr><td colspan='2'></td></tr>"; // adds top line to row set // list rows $rows = ''; foreach (getGenerators($type) as $generator) { $trClass = ''; //(@$trClass == "listRowOdd") ? 'listRowEven' : 'listRowOdd'; # rotate bgclass $link = "?menu=" . urlencode(@$_REQUEST['menu']) . "&_generator=" . urlencode($generator['function']); if (@$_REQUEST['tableName']) { $link .= "&tableName=" . urlencode($_REQUEST['tableName']); } $rows .= "<tr class='listRow {$trClass}'>\n"; $rows .= " <td><a href='{$link}'>" . htmlencode(t($generator['name'])) . "</a></td>\n"; $rows .= " <td>" . htmlencode(t($generator['description'])) . "</td>\n"; $rows .= "</tr>\n"; } if (!$rows) { $rows .= "<tr class='listRow'>\n"; $rows .= " <td colspan='2' style='color: #999'>" . t('There are current no generators in this category.') . "</td>\n"; $rows .= "</tr>\n"; } $html .= $rows; // list footer $html .= "</table>\n"; $html .= "</div><br/><br/>\n"; // return $html; }
function _getColumnDisplayValueAndAttributes($fieldname, &$record) { global $schema, $tableName; $fieldValue = @$record[$fieldname]; $fieldSchema = @$schema[$fieldname]; if ($fieldSchema) { $fieldSchema['name'] = $fieldname; } // default display value and attribute if (!is_array($fieldValue)) { $fieldValue = htmlencode($fieldValue); } $displayValue = $fieldValue; $tdAttributes = "style='text-align:left'"; // date fields $isSpecialDatefield = in_array($fieldname, array('createdDate', 'updatedDate')); if (@$fieldSchema['type'] == 'date' || $isSpecialDatefield) { $showSeconds = @$fieldSchema['showSeconds']; $showTime = @$fieldSchema['showTime']; $use24Hour = @$fieldSchema['use24HourFormat']; // settings for createdDate and updatedDate if ($isSpecialDatefield) { $showSeconds = true; $showTime = true; $use24Hour = true; } $secondsFormat = ''; if ($showSeconds) { $secondsFormat = ':s'; } $timeFormat = ''; if ($showTime) { if ($use24Hour) { $timeFormat = " - H:i{$secondsFormat}"; } else { $timeFormat = " - h:i{$secondsFormat} A"; } } $dateFormat = ''; $dayMonthOrder = @$GLOBALS['SETTINGS']['dateFormat']; if ($dayMonthOrder == 'dmy') { $dateFormat = "jS M, Y" . $timeFormat; } elseif ($dayMonthOrder == 'mdy') { $dateFormat = "M jS, Y" . $timeFormat; } else { $dateFormat = "Y-m-d" . $timeFormat; } $displayValue = date($dateFormat, strtotime($fieldValue)); if (!$fieldValue || $fieldValue == '0000-00-00 00:00:00') { $displayValue = ''; } } // dragSortOrder fields if ($fieldname == 'dragSortOrder') { if (!userHasFieldAccess($schema[$fieldname])) { return; } // skip fields that the user has no access to $tdAttributes = "class='dragger'"; $displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />"; $displayValue .= "<img src='lib/images/drag.gif' height='6' width='19' class='dragger' title='" . t('Click and drag to change order.') . "' alt='' /><br/>"; } // Category Section: name fields - pad category names to their depth $isCategorySection = @$schema['menuType'] == 'category' && $fieldname == 'name'; if ($isCategorySection) { $depth = @$record["depth"]; $parentNum = @$record["parentNum"]; //$displayValue = "<input type='hidden' name='_recordNum' value='{$record['num']}' class='_recordNum' />"; //$displayValue .= "<input type='hidden' value='$fieldValue' class='_categoryName' />"; //$displayValue .= "<input type='hidden' value='$depth' class='_categoryDepth' />"; $displayValue = "<input type='hidden' value='{$parentNum}' class='_categoryParent' />"; //$displayValue .= "<img style='float:left' src='lib/images/drag.gif' height='6' width='19' class='dragHandle' title='" . // t('Click and drag to change order.'). // "' alt='' />"; if (@$record['depth']) { $padding = str_repeat(" ", @$record['depth']); $displayValue .= $padding . ' - '; } $displayValue .= $fieldValue; } // display first thumbnail for upload fields if (@$fieldSchema['type'] == 'upload') { $displayValue = ''; $upload = @$record[$fieldname][0]; if ($upload) { ob_start(); showUploadPreview($upload, 50); $displayValue = ob_get_clean(); } } // display labels for list fields #if (@$fieldSchema['type'] == 'list' && $suffix == 'label') { // require ":label" field suffix in future to show labels, just do it automatic for now though. if (@$fieldSchema['type'] == 'list') { $displayValue = _getListOptionLabelByValue($fieldSchema, $record); } // display labels for checkboxes if (@$fieldSchema['type'] == 'checkbox') { if (@$fieldSchema['checkedValue'] || @$fieldSchema['uncheckedValue']) { $displayValue = $fieldValue ? @$fieldSchema['checkedValue'] : @$fieldSchema['uncheckedValue']; } } // v2.50 - display formatted textbox content if (@$fieldSchema['type'] == 'textbox') { if ($fieldSchema['autoFormat']) { $displayValue = @$record[$fieldname]; // overwrite previous htmlencoded value $displayValue = preg_replace("/<br\\s*\\/?>\r?\n/", "\n", $displayValue); // remove autoformat break tags $displayValue = htmlencode($displayValue); // html encode content } $displayValue = nl2br($displayValue); // re-add break tags after nextlines } // return display value return array($displayValue, $tdAttributes); }
function _upgradeToVersion1_10_accessLevels() { global $TABLE_PREFIX; // error checking (check upgrade files were uploaded) $errors = ''; $accessListSchema = loadSchema("_accesslist"); $accountsSchema = loadSchema("accounts"); if (empty($accessListSchema)) { $errors .= "Error: You must upload the latest /data/schema/_accesslist.ini.php before upgrading!<br/>\n"; } if ($errors) { die($errors); } // check if already upraded $result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts` LIMIT 0,1") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); $record = mysql_fetch_assoc($result); if (!$record || !array_key_exists('tableAccessList', $record)) { return; } // create new access table $query = "CREATE TABLE IF NOT EXISTS `{$TABLE_PREFIX}_accesslist` (\n `userNum` int(10) unsigned NOT NULL,\n `tableName` varchar(255) NOT NULL,\n `accessLevel` tinyint(3) unsigned NOT NULL,\n `maxRecords` int(10) unsigned default NULL,\n `randomSaveId` varchar(255) NOT NULL\n ) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; mysql_query($query) || die("Error creating new access table.<br/>\n MySQL error was: " . htmlencode(mysql_error()) . "\n"); // create accessList field if (!@$accountsSchema['accessList']) { $accountsSchema['accessList'] = array('type' => 'accessList', 'label' => "Section Access", 'isSystemField' => '1', 'order' => 20); createMissingSchemaTablesAndFields(); // create missing fields clearAlertsAndNotices(); // don't show "created table/field" alerts } // drop tableAccessList if (@$accountsSchema['tableAccessList']) { unset($accountsSchema['tableAccessList']); saveSchema('accounts', $accountsSchema); } ### upgrade access levels $schemaTables = getSchemaTables(); $schemaTables[] = "all"; $result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts`") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); while ($record = mysql_fetch_assoc($result)) { if (!array_key_exists('tableAccessList', $record)) { die(__FUNCTION__ . ": Couldn't load field 'tableAccessList'!"); } // convert section access to new format $tableNames = array(); $tableNames['all'] = 1; // default all to "By Section" access foreach ($schemaTables as $tableName) { $adminAccess = preg_match("/\\b{$tableName}\\b/i", $record['tableAccessList']); if ($adminAccess) { $tableNames[$tableName] = '9'; } } // foreach table - add to insert query $insertRows = ''; $fieldNames = "userNum, tableName, accessLevel, maxRecords, randomSaveId"; $foundAll = false; foreach ($tableNames as $tableName => $accessLevel) { if ($insertRows) { $insertRows .= ",\n"; } $escapedUserNum = mysql_escape($record['num']); $escapedTableName = mysql_escape($tableName); $maxRecords = "NULL"; $escapedSaveId = mysql_escape(uniqid('', true)); $insertRows .= "('{$escapedUserNum}', '{$escapedTableName}', '{$accessLevel}', {$maxRecords}, '{$escapedSaveId}')"; } // add all $insertQuery = "INSERT INTO `{$TABLE_PREFIX}_accesslist` ({$fieldNames}) VALUES {$insertRows};"; // insert new access rights if ($insertRows) { mysql_query($insertQuery) or die("MySQL Error Inserting New Access Rights: " . htmlencode(mysql_error()) . "\n"); } } // drop tableAccessList $query = "ALTER TABLE `{$TABLE_PREFIX}accounts` DROP COLUMN `tableAccessList`;"; mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); }
header("Content-Type:text/html;charset=UTF-8"); require_once "config.php"; date_default_timezone_set('Asia/Taipei'); session_start(); $new_date = date("Y-m-d H:i:s"); $id = $_GET['id']; $name = $_GET['name']; $email = $_GET['email']; $gender = $_GET['gender']; $sql = "select * from `" . $member . "` where `fb_id` = '" . $id . "'"; $res = mysql_query($sql); $row = mysql_fetch_array($res); $isdel = $row['isdel']; $num = mysql_num_rows($res); if ($isdel == 0) { $_SESSION['id'] = $id; if ($num < 1) { $sql = "INSERT INTO `" . $member . "`(`fb_id`,`user_name`,`user_account`,`user_sex`,`user_birthday`,`user_idcard`,`user_otherName`,`user_email`,`user_phone`,`isdel`,`wdate`,`udate`,`login`,`sort`)VALUES('" . htmlencode($id) . "','" . htmlencode($name) . "','" . htmlencode($email) . "','" . htmlencode($gender) . "','','','','" . htmlencode($email) . "','','0','" . htmlencode($new_date) . "','" . htmlencode($new_date) . "','" . htmlencode($new_date) . "','')"; $query = mysql_query($sql) or die("無法新增" . mysql_error()); } else { $sqlu = "UPDATE `" . $member . "` SET `login` = '" . htmlencode($new_date) . "' where `fb_id` = " . $id . " "; $query = mysql_query($sqlu) or die("無法更新" . mysql_error()); } echo '<script type="text/JavaScript"> alert("登入成功"); window.location="../index.php" </script>'; } else { msgurlbox("您的帳號已停權,請洽管理者", "../index.php"); exit; }
$delpiceb8 = "y"; } } //先刪除圖片===end=== } if ($_POST["selltime1"] != "") { $s1 = $_POST["selltime1"]; } else { $s1 = "0000-00-00"; } if ($_POST["selltime2"] != "") { $s2 = $_POST["selltime2"]; } else { $s2 = "0000-00-00"; } $sql_data = "update product set `pro_num`='" . htmlencode($_POST["pro_num"]) . "',`pro_name`='" . htmlencode($_POST["pro_name"]) . "',`pro_type`='" . htmlencode($_POST["pro_type"]) . "',`word2`='" . htmlencode($_POST["word2"]) . "',`word`='" . str_replace("'", "''", $_POST["FCKeditor1"]) . "',`pro_sell`='" . $_POST["pro_sell"] . "',`selltime1`='" . $s1 . "',`selltime2`='" . $s2 . "',`pro_other`='" . $_POST["pro_other"] . "',`price1`='" . $_POST["price1"] . "',`price2`='" . $_POST["price2"] . "',`ppl`='" . $_POST["ppl"] . "',`room_type`='" . $_POST["room_type"] . "',`range`=" . $_POST["range"] . ",`t1`='" . $_POST["t1"] . "',`t2`='" . $_POST["t2"] . "',`t3`='" . $_POST["t3"] . "',`t4`='" . $_POST["t4"] . "',`t5`='" . $_POST["t5"] . "',`t6`='" . $_POST["t6"] . "',`t7`='" . $_POST["t7"] . "',`t8`='" . $_POST["t8"] . "'"; if ($sf_file3[0] != NULL) { $sql_data = $sql_data . ",`pic1`='{$sf_file3['0']}'"; } else { if ($delpiceb == "y") { $sql_data = $sql_data . ",`pic1`=''"; } } if ($sf_file3[1] != NULL) { $sql_data = $sql_data . ",`pic2`='{$sf_file3['1']}'"; } else { if ($delpiceb2 == "y") { $sql_data = $sql_data . ",`pic2`=''"; } } if ($sf_file3[2] != NULL) {
function htmlencode($svar) { if (is_array($svar)) { foreach ($svar as $_k => $_v) { $svar[$_k] = htmlencode($_v); } } else { $svar = htmlspecialchars($svar, ENT_QUOTES); } return $svar; }
$delpiceb3 = "y"; } } //先刪除圖片===end=== } if ($_POST["selltime1"] != "") { $s1 = $_POST["selltime1"]; } else { $s1 = "0000-00-00"; } if ($_POST["selltime2"] != "") { $s2 = $_POST["selltime2"]; } else { $s2 = "0000-00-00"; } $sql_data = "update product set `pro_num`='" . htmlencode($_POST["pro_num"]) . "',`pro_kind`='" . $_POST["prokind"] . "',`pro_name`='" . htmlencode($_POST["pro_name"]) . "',`pro_type`='" . htmlencode($_POST["pro_type"]) . "',`word5`='" . str_replace("'", "''", $_POST["FCKeditor5"]) . "',`word4`='" . str_replace("'", "''", $_POST["FCKeditor4"]) . "',`word3`='" . str_replace("'", "''", $_POST["FCKeditor3"]) . "',`word2`='" . str_replace("'", "''", $_POST["FCKeditor2"]) . "',`word`='" . str_replace("'", "''", $_POST["FCKeditor1"]) . "',`pro_sell`='" . $_POST["pro_sell"] . "',`selltime1`='" . $s1 . "',`selltime2`='" . $s2 . "',`pro_other`='" . $_POST["pro_other"] . "',`price1`='" . $_POST["price1"] . "',`price2`='" . $_POST["price2"] . "',`ppl`='" . $_POST["ppl"] . "',`room_type`='" . $_POST["room_type"] . "',`price1`='" . $_POST["price1"] . "',`range`=" . $_POST["range"]; if ($sf_file3[0] != NULL) { $sql_data = $sql_data . ",`pic1`='{$sf_file3['0']}'"; } else { if ($delpiceb == "y") { $sql_data = $sql_data . ",`pic1`=''"; } } if ($sf_file3[1] != NULL) { $sql_data = $sql_data . ",`pic2`='{$sf_file3['1']}'"; } else { if ($delpiceb2 == "y") { $sql_data = $sql_data . ",`pic2`=''"; } } if ($sf_file3[2] != NULL) {
function mysql_where($criteriaArray = null, $extraWhere = 'TRUE') { $where = ''; if ($criteriaArray) { foreach ($criteriaArray as $fieldName => $value) { if (!preg_match('/^(\\w+)$/', $fieldName)) { die(__FUNCTION__ . ": Invalid column name '" . htmlencode($fieldName) . "'!"); } // error checking: whitelist column chars to prevent sql injection // if $value is an array, use the IN operator if (is_array($value)) { $where .= "`{$fieldName}` IN (" . mysql_escapeCSV($value) . ") AND "; } else { $where .= mysql_escapef("`{$fieldName}` = ? AND ", $value); } } } $where .= $extraWhere; return $where; }
public function alterTable($table, $alterdefs) { global $debug, $lang; $this->alterError = ""; $errormsg = sprintf($lang['alter_failed'], htmlencode($table)) . ' - '; if ($debug) { echo "ALTER TABLE: table=({$table}), alterdefs=({$alterdefs})<hr>"; } if ($alterdefs != '') { $recreateQueries = array(); $resultArr = $this->selectArray("SELECT sql,name,type FROM sqlite_master WHERE tbl_name = " . $this->quote($table)); if (sizeof($resultArr) < 1) { $this->alterError = $errormsg . sprintf($lang['tbl_inexistent'], htmlencode($table)); if ($debug) { echo "ERROR: unknown table<hr>"; } return false; } for ($i = 0; $i < sizeof($resultArr); $i++) { $row = $resultArr[$i]; if ($row['type'] != 'table') { if ($row['sql'] != '') { // store the CREATE statements of triggers and indexes to recreate them later $recreateQueries[] = $row; if ($debug) { echo "recreate=(" . $row['sql'] . ";)<hr />"; } } } else { // ALTER the table $tmpname = 't' . time(); $origsql = $row['sql']; $preg_remove_create_table = "/^\\s*+CREATE\\s++TABLE\\s++" . $this->sqlite_surroundings_preg($table) . "\\s*+(\\(.*+)\$/is"; $origsql_no_create = preg_replace($preg_remove_create_table, '$1', $origsql, 1); if ($debug) { echo "origsql=({$origsql})<br />preg_remove_create_table=({$preg_remove_create_table})<hr>"; } if ($origsql_no_create == $origsql) { $this->alterError = $errormsg . $lang['alter_tbl_name_not_replacable']; if ($debug) { echo "ERROR: could not get rid of CREATE TABLE<hr />"; } return false; } $createtemptableSQL = "CREATE TEMPORARY TABLE " . $this->quote($tmpname) . " " . $origsql_no_create; if ($debug) { echo "createtemptableSQL=({$createtemptableSQL})<hr>"; } $createindexsql = array(); $preg_alter_part = "/(?:DROP(?! PRIMARY KEY)|ADD(?! PRIMARY KEY)|CHANGE|RENAME TO|ADD PRIMARY KEY|DROP PRIMARY KEY)" . "(?:" . "\\s+\\(" . $this->sqlite_surroundings_preg("+", false, "\"'\\[`)") . "+\\)" . "|" . "\\s+" . $this->sqlite_surroundings_preg("+", false, ",'\"\\[`") . ")*/i"; if ($debug) { echo "preg_alter_part=(" . $preg_alter_part . ")<hr />"; } preg_match_all($preg_alter_part, $alterdefs, $matches); $defs = $matches[0]; $get_oldcols_query = "PRAGMA table_info(" . $this->quote_id($table) . ")"; $result_oldcols = $this->selectArray($get_oldcols_query); $newcols = array(); $coltypes = array(); $primarykey = array(); foreach ($result_oldcols as $column_info) { $newcols[$column_info['name']] = $column_info['name']; $coltypes[$column_info['name']] = $column_info['type']; if ($column_info['pk']) { $primarykey[] = $column_info['name']; } } $newcolumns = ''; $oldcolumns = ''; reset($newcols); while (list($key, $val) = each($newcols)) { $newcolumns .= ($newcolumns ? ', ' : '') . $this->quote_id($val); $oldcolumns .= ($oldcolumns ? ', ' : '') . $this->quote_id($key); } $copytotempsql = 'INSERT INTO ' . $this->quote_id($tmpname) . '(' . $newcolumns . ') SELECT ' . $oldcolumns . ' FROM ' . $this->quote_id($table); $dropoldsql = 'DROP TABLE ' . $this->quote_id($table); $createtesttableSQL = $createtemptableSQL; if (count($defs) < 1) { $this->alterError = $errormsg . $lang['alter_no_def']; if ($debug) { echo "ERROR: defs<1<hr />"; } return false; } foreach ($defs as $def) { if ($debug) { echo "def={$def}<hr />"; } $preg_parse_def = "/^(DROP(?! PRIMARY KEY)|ADD(?! PRIMARY KEY)|CHANGE|RENAME TO|ADD PRIMARY KEY|DROP PRIMARY KEY)" . "(?:" . "(?:\\s+\\((.+)\\)\\s*\$)" . "|" . "(?:\\s+\"((?:[^\"]|\"\")+)\"|\\s+'((?:[^']|'')+)')" . "(" . "(?:\\s+'((?:[^']|'')+)')?" . "\\s+" . "((?:[A-Z]+\\s*)+(?:\\(\\s*[+-]?\\s*[0-9]+(?:\\s*,\\s*[+-]?\\s*[0-9]+)?\\s*\\))?)\\s*" . ".*" . ")" . "?\\s*\$" . ")?\\s*\$/i"; // in case of DROP PRIMARY KEY, there is nothing after the command if ($debug) { echo "preg_parse_def={$preg_parse_def}<hr />"; } $parse_def = preg_match($preg_parse_def, $def, $matches); if ($parse_def === false) { $this->alterError = $errormsg . $lang['alter_parse_failed']; if ($debug) { echo "ERROR: !parse_def<hr />"; } return false; } if (!isset($matches[1])) { $this->alterError = $errormsg . $lang['alter_action_not_recognized']; if ($debug) { echo "ERROR: !isset(matches[1])<hr />"; } return false; } $action = strtolower($matches[1]); if (($action == 'add' || $action == 'rename to') && isset($matches[4]) && $matches[4] != '') { $column = str_replace("''", "'", $matches[4]); } elseif ($action == 'add primary key' && isset($matches[2]) && $matches[2] != '') { $column = $matches[2]; } elseif ($action == 'drop primary key') { $column = ''; } elseif (isset($matches[3]) && $matches[3] != '') { $column = str_replace('""', '"', $matches[3]); } else { $column = ''; } $column_escaped = str_replace("'", "''", $column); if ($debug) { echo "action=({$action}), column=({$column}), column_escaped=({$column_escaped})<hr />"; } /* we build a regex that devides the CREATE TABLE statement parts: Part example Group Explanation 1. CREATE TABLE t... ( $1 2. 'col1' ..., 'col2' ..., 'colN' ..., $3 (with col1-colN being columns that are not changed and listed before the col to change) 3. 'colX' ..., (with colX being the column to change/drop) 4. 'colX+1' ..., ..., 'colK') $5 (with colX+1-colK being columns after the column to change/drop) */ $preg_create_table = "\\s*+(CREATE\\s++TEMPORARY\\s++TABLE\\s++" . preg_quote($this->quote($tmpname), "/") . "\\s*+\\()"; // This is group $1 (keep unchanged) $preg_column_definiton = "\\s*+" . $this->sqlite_surroundings_preg("+", true, " '\"\\[`,", $column) . "(?:\\s*+" . $this->sqlite_surroundings_preg("*", false, "'\",`\\[ ") . ")++"; // catches a complete column definition, even if it is // 'column' TEXT NOT NULL DEFAULT 'we have a comma, here and a double ''quote!' // this definition does NOT match columns with the column name $column if ($debug) { echo "preg_column_definition=(" . $preg_column_definiton . ")<hr />"; } $preg_columns_before = "(?:" . "(" . "(?:" . "{$preg_column_definiton},\\s*+" . ")*" . $preg_column_definiton . ")" . ",\\s*+" . ")?"; // there might be no columns before if ($debug) { echo "preg_columns_before=(" . $preg_columns_before . ")<hr />"; } $preg_columns_after = "(,\\s*(.+))?"; // the columns after the column to drop. This is group $3 (drop) or $4(change) (keep!) // we could remove the comma using $6 instead of $5, but then we might have no comma at all. // Keeping it leaves a problem if we drop the first column, so we fix that case in another regex. $table_new = $table; switch ($action) { case 'add': if ($column == '') { $this->alterError = $errormsg . ' (add) - ' . $lang['alter_no_add_col']; return false; } $new_col_definition = "'{$column_escaped}' " . (isset($matches[5]) ? $matches[5] : ''); $preg_pattern_add = "/^" . $preg_create_table . "((?:(?!,\\s*(?:PRIMARY\\s+KEY\\s*\\(|CONSTRAINT\\s|UNIQUE\\s*\\(|CHECK\\s*\\(|FOREIGN\\s+KEY\\s*\\()).)*)" . "(.*)\\)\\s*\$/si"; // table-constraints like PRIMARY KEY(a,b) ($3) and the closing bracket // append the column definiton in the CREATE TABLE statement $newSQL = preg_replace($preg_pattern_add, '$1$2, ' . strtr($new_col_definition, array('\\' => '\\\\', '$' => '\\$')) . ' $3', $createtesttableSQL) . ')'; $preg_error = $this->getPregError(); if ($debug) { echo $createtesttableSQL . "<hr>"; echo $newSQL . "<hr>"; echo $preg_pattern_add . "<hr>"; } if ($newSQL == $createtesttableSQL) { $this->alterError = $errormsg . ' (add) - ' . $lang['alter_pattern_mismatch'] . '. PREG ERROR: ' . $preg_error; return false; } $createtesttableSQL = $newSQL; break; case 'change': if (!isset($matches[6]) || !isset($matches[7])) { $this->alterError = $errormsg . ' (change) - ' . $lang['alter_col_not_recognized']; return false; } $new_col_name = $matches[6]; $new_col_type = $matches[7]; $new_col_definition = "'{$new_col_name}' {$new_col_type}"; $preg_column_to_change = "\\s*" . $this->sqlite_surroundings_preg($column) . "(?:\\s+" . preg_quote($coltypes[$column]) . ")?(\\s+(?:" . $this->sqlite_surroundings_preg("*", false, ",'\"`\\[") . ")+)?"; // replace this part (we want to change this column) // group $3 contains the column constraints (keep!). the name & data type is replaced. $preg_pattern_change = "/^" . $preg_create_table . $preg_columns_before . $preg_column_to_change . $preg_columns_after . "\\s*\\)\\s*\$/s"; // replace the column definiton in the CREATE TABLE statement $newSQL = preg_replace($preg_pattern_change, '$1$2,' . strtr($new_col_definition, array('\\' => '\\\\', '$' => '\\$')) . '$3$4)', $createtesttableSQL); $preg_error = $this->getPregError(); // remove comma at the beginning if the first column is changed // probably somebody is able to put this into the first regex (using lookahead probably). $newSQL = preg_replace("/^\\s*(CREATE\\s+TEMPORARY\\s+TABLE\\s+" . preg_quote($this->quote($tmpname), "/") . "\\s+\\(),\\s*/", '$1', $newSQL); if ($debug) { echo "preg_column_to_change=(" . $preg_column_to_change . ")<hr />"; echo $createtesttableSQL . "<hr />"; echo $newSQL . "<hr />"; echo $preg_pattern_change . "<hr />"; } if ($newSQL == $createtesttableSQL || $newSQL == "") { $this->alterError = $errormsg . ' (change) - ' . $lang['alter_pattern_mismatch'] . '. PREG ERROR: ' . $preg_error; return false; } $createtesttableSQL = $newSQL; $newcols[$column] = str_replace("''", "'", $new_col_name); break; case 'drop': $preg_column_to_drop = "\\s*" . $this->sqlite_surroundings_preg($column) . "\\s+(?:" . $this->sqlite_surroundings_preg("*", false, ",'\"\\[`") . ")+"; // delete this part (we want to drop this column) $preg_pattern_drop = "/^" . $preg_create_table . $preg_columns_before . $preg_column_to_drop . $preg_columns_after . "\\s*\\)\\s*\$/s"; // remove the column out of the CREATE TABLE statement $newSQL = preg_replace($preg_pattern_drop, '$1$2$3)', $createtesttableSQL); $preg_error = $this->getPregError(); // remove comma at the beginning if the first column is removed // probably somebody is able to put this into the first regex (using lookahead probably). $newSQL = preg_replace("/^\\s*(CREATE\\s+TEMPORARY\\s+TABLE\\s+" . preg_quote($this->quote($tmpname), "/") . "\\s+\\(),\\s*/", '$1', $newSQL); if ($debug) { echo $createtesttableSQL . "<hr>"; echo $newSQL . "<hr>"; echo $preg_pattern_drop . "<hr>"; } if ($newSQL == $createtesttableSQL || $newSQL == "") { $this->alterError = $errormsg . ' (drop) - ' . $lang['alter_pattern_mismatch'] . '. PREG ERROR: ' . $preg_error; return false; } $createtesttableSQL = $newSQL; unset($newcols[$column]); break; case 'rename to': // don't change column definition at all $newSQL = $createtesttableSQL; // only change the name of the table $table_new = $column; break; case 'add primary key': // we want to add a primary key for the column(s) stored in $column $newSQL = preg_replace("/\\)\\s*\$/", ", PRIMARY KEY (" . $column . ") )", $createtesttableSQL); $createtesttableSQL = $newSQL; break; case 'drop primary key': // we want to drop the primary key if ($debug) { echo "DROP"; } if (sizeof($primarykey) == 1) { // if not compound primary key, might be a column constraint -> try removal $column = $primarykey[0]; if ($debug) { echo "<br>Trying to drop column constraint for column {$column} <br>"; } /* TODO: This does not work yet: CREATE TABLE 't12' ('t1' INTEGER CONSTRAINT "bla" NOT NULL CONSTRAINT 'pk' PRIMARY KEY ); ALTER TABLE "t12" DROP PRIMARY KEY This does: ! ! CREATE TABLE 't12' ('t1' INTEGER CONSTRAINT bla NOT NULL CONSTRAINT 'pk' PRIMARY KEY ); ALTER TABLE "t12" DROP PRIMARY KEY */ $preg_column_to_change = "(\\s*" . $this->sqlite_surroundings_preg($column) . ")" . "(?:" . "(\\s+(?:" . $this->sqlite_surroundings_preg("(?:[^PC,'\"`\\[]|P(?!RIMARY\\s+KEY)|" . "C(?!ONSTRAINT\\s+" . $this->sqlite_surroundings_preg("+", false, " ,'\"\\[`") . "\\s+PRIMARY\\s+KEY))", false, ",'\"`\\[") . ")*)" . "(?:CONSTRAINT\\s+" . $this->sqlite_surroundings_preg("+", false, " ,'\"\\[`") . "\\s+)?" . "PRIMARY\\s+KEY" . "(?:\\s+(?:ASC|DESC))?" . "(?:\\s+ON\\s+CONFLICT\\s+(?:ROLLBACK|ABORT|FAIL|IGNORE|REPLACE))?" . "(?:\\s+AUTOINCREMENT)?" . "((?:" . $this->sqlite_surroundings_preg("*", false, ",'\"`\\[") . ")*)" . ")"; // replace this part (we want to change this column) // group $3 (column) $4 (constraints before) and $5 (constraints after) contain the part to keep $preg_pattern_change = "/^" . $preg_create_table . $preg_columns_before . $preg_column_to_change . $preg_columns_after . "\\s*\\)\\s*\$/si"; // replace the column definiton in the CREATE TABLE statement $newSQL = preg_replace($preg_pattern_change, '$1$2,$3$4$5$6)', $createtesttableSQL); // remove comma at the beginning if the first column is changed // probably somebody is able to put this into the first regex (using lookahead probably). $newSQL = preg_replace("/^\\s*(CREATE\\s+TEMPORARY\\s+TABLE\\s+" . preg_quote($this->quote($tmpname), "/") . "\\s+\\(),\\s*/", '$1', $newSQL); if ($debug) { echo "preg_column_to_change=(" . $preg_column_to_change . ")<hr />"; echo $createtesttableSQL . "<hr />"; echo $newSQL . "<hr />"; echo $preg_pattern_change . "<hr />"; } if ($newSQL != $createtesttableSQL && $newSQL != "") { $createtesttableSQL = $newSQL; if ($debug) { echo "<br>SUCCEEDED<br>"; } } else { if ($debug) { echo "NO LUCK"; } // TODO: try removing table constraint return false; } $createtesttableSQL = $newSQL; } else { // TODO: Try removing table constraint return false; } break; default: if ($debug) { echo 'ERROR: unknown alter operation!<hr />'; } $this->alterError = $errormsg . $lang['alter_unknown_operation']; return false; } } $droptempsql = 'DROP TABLE ' . $this->quote_id($tmpname); $createnewtableSQL = "CREATE TABLE " . $this->quote($table_new) . " " . preg_replace("/^\\s*CREATE\\s+TEMPORARY\\s+TABLE\\s+'?" . str_replace("'", "''", preg_quote($tmpname, "/")) . "'?\\s+(.*)\$/is", '$1', $createtesttableSQL, 1); $newcolumns = ''; $oldcolumns = ''; reset($newcols); while (list($key, $val) = each($newcols)) { $newcolumns .= ($newcolumns ? ', ' : '') . $this->quote_id($val); $oldcolumns .= ($oldcolumns ? ', ' : '') . $this->quote_id($key); } $copytonewsql = 'INSERT INTO ' . $this->quote_id($table_new) . '(' . $newcolumns . ') SELECT ' . $oldcolumns . ' FROM ' . $this->quote_id($tmpname); } } $alter_transaction = 'BEGIN; '; $alter_transaction .= $createtemptableSQL . '; '; //create temp table $alter_transaction .= $copytotempsql . '; '; //copy to table $alter_transaction .= $dropoldsql . '; '; //drop old table $alter_transaction .= $createnewtableSQL . '; '; //recreate original table $alter_transaction .= $copytonewsql . '; '; //copy back to original table $alter_transaction .= $droptempsql . '; '; //drop temp table $preg_index = "/^\\s*(CREATE\\s+(?:UNIQUE\\s+)?INDEX\\s+(?:" . $this->sqlite_surroundings_preg("+", false, " '\"\\[`") . "\\s*)*ON\\s+)(" . $this->sqlite_surroundings_preg($table) . ")(\\s*\\((?:" . $this->sqlite_surroundings_preg("+", false, " '\"\\[`") . "\\s*)*\\)\\s*)\\s*\$/i"; foreach ($recreateQueries as $recreate_query) { if ($recreate_query['type'] == 'index') { // this is an index. We need to make sure the index is not on a column that we drop. If it is, we drop the index as well. $indexInfos = $this->selectArray('PRAGMA index_info(' . $this->quote_id($recreate_query['name']) . ')'); foreach ($indexInfos as $indexInfo) { if (!isset($newcols[$indexInfo['name']])) { if ($debug) { echo 'Not recreating the following index: <hr />' . htmlencode($recreate_query['sql']) . '<hr />'; } // Index on a column that was dropped. Skip recreation. continue 2; } } } // TODO: In case we renamed a column on which there is an index, we need to recreate the index with the column name adjusted. // recreate triggers / indexes if ($table == $table_new) { // we had no RENAME TO, so we can recreate indexes/triggers just like the original ones $alter_transaction .= $recreate_query['sql'] . ';'; } else { // we had a RENAME TO, so we need to exchange the table-name in the CREATE-SQL of triggers & indexes switch ($recreate_query['type']) { case 'index': $recreate_queryIndex = preg_replace($preg_index, '$1' . $this->quote_id(strtr($table_new, array('\\' => '\\\\', '$' => '\\$'))) . '$3 ', $recreate_query['sql']); if ($recreate_queryIndex != $recreate_query['sql'] && $recreate_queryIndex != NULL) { $alter_transaction .= $recreate_queryIndex . ';'; } else { // the CREATE INDEX regex did not match. this normally should not happen if ($debug) { echo 'ERROR: CREATE INDEX regex did not match!?<hr />'; } // just try to recreate the index originally (will fail most likely) $alter_transaction .= $recreate_query['sql'] . ';'; } break; case 'trigger': // TODO: IMPLEMENT $alter_transaction .= $recreate_query['sql'] . ';'; break; default: if ($debug) { echo 'ERROR: Unknown type ' . htmlencode($recreate_query['type']) . '<hr />'; } $alter_transaction .= $recreate_query['sql'] . ';'; } } } $alter_transaction .= 'COMMIT;'; if ($debug) { echo $alter_transaction; } return $this->multiQuery($alter_transaction); } }
function editFormHtml($record) { // set field attributes $listOptions = getListOptionsFromSchema($this, $record); $valignTop = $this->listType != 'pulldown' ? 'style="vertical-align: top;"' : ''; $prefixText = @$this->fieldPrefix; $description = getEvalOutput(@$this->description); // get field value if ($record) { $fieldValue = @$record[$this->name]; } else { if (array_key_exists($this->name, $_REQUEST)) { $fieldValue = join("\t", (array) @$_REQUEST[$this->name]); } else { $fieldValue = ''; } } $fieldValues = preg_split("/\t/", $fieldValue, -1, PREG_SPLIT_NO_EMPTY); // for multi value fields $encodedValue = htmlencode($fieldValue); // get list of values in database that aren't in list options (happens when list values are removed or field // ... was a textfield than switched to a pulldown that doesn't offer all the previously entered values as options $fieldValuesNotInList = array(); $listOptionValues = array(); foreach ($listOptions as $optionArray) { list($value, $label) = $optionArray; $listOptionValues[] = $value; } $fieldValuesNotInList = array_diff($fieldValues, $listOptionValues); $noLongerInListText = count($fieldValuesNotInList) > 1 ? t('Previous selections (no longer in list)') : t('Previous selection (no longer in list)'); // print " <tr>\n"; print " <td {$valignTop}>{$this->label}</td>\n"; print " <td>\n"; // pulldown if ($this->listType == 'pulldown') { print "{$prefixText}\n"; print " <select name='{$this->name}'>\n"; print " <option value=''><select></option>\n"; foreach ($listOptions as $optionArray) { list($value, $label) = $optionArray; $encodedValue = htmlencode($value); $selectedAttr = selectedIf($value, $fieldValue, true); $encodedLabel = htmlencode($label); print "<option value=\"{$encodedValue}\" {$selectedAttr}>{$encodedLabel}</option>\n"; } // show database values not in current list options if ($fieldValuesNotInList) { print " <optgroup label='{$noLongerInListText}'>\n"; foreach ($fieldValuesNotInList as $value) { print " <option value=\"" . htmlencode($value) . "\" selected='selected'>" . htmlencode($value) . "</option>\n"; } print " </optgroup>\n"; } print " </select>\n"; print "{$description}\n"; } else { if ($this->listType == 'pulldownMulti') { if ($prefixText) { print "{$prefixText}<br/>\n"; } print " <select name='{$this->name}[]' multiple='multiple' size='5'>\n"; foreach ($listOptions as $optionArray) { list($value, $label) = $optionArray; $encodedValue = htmlencode($value); $selectedAttr = in_array($value, $fieldValues) ? 'selected="selected"' : ''; $encodedLabel = htmlencode($label); print "<option value=\"{$encodedValue}\" {$selectedAttr}>{$encodedLabel}</option>\n"; } // show database values not in current list options if ($fieldValuesNotInList) { print " <optgroup label='{$noLongerInListText}'>\n"; foreach ($fieldValuesNotInList as $value) { print " <option value=\"" . htmlencode($value) . "\" selected='selected'>" . htmlencode($value) . "</option>\n"; } print " </optgroup>\n"; } print " </select>\n"; if ($description) { print "<br/>{$description}\n"; } } else { if ($this->listType == 'radios') { if ($prefixText) { print "{$prefixText}<br/>\n"; } foreach ($listOptions as $optionArray) { list($value, $label) = $optionArray; $encodedValue = htmlencode($value); $encodedLabel = htmlencode($label); $checkedAttr = $value == $fieldValue ? 'checked="checked"' : ''; $idAttr = "{$this->name}.{$encodedValue}"; print "<input type='radio' name='{$this->name}' value='{$encodedValue}' id='{$idAttr}' {$checkedAttr}/>\n"; print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n\n"; } // show database values not in current list options if ($fieldValuesNotInList) { print "{$noLongerInListText}<br />\n"; foreach ($fieldValuesNotInList as $value) { $encodedValue = htmlencode($value); $encodedLabel = htmlencode($value); $idAttr = "{$this->name}.{$encodedValue}"; print "<input type='radio' name='{$this->name}' value='{$encodedValue}' id='{$idAttr}' checked='checked'/>\n"; print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n\n"; } } if ($description) { print "{$description}\n"; } } else { if ($this->listType == 'checkboxes') { if ($prefixText) { print "{$prefixText}<br/>\n"; } foreach ($listOptions as $optionArray) { list($value, $label) = $optionArray; $encodedValue = htmlencode($value); $encodedLabel = htmlencode($label); $checkedAttr = in_array($value, $fieldValues) ? 'checked="checked"' : ''; $idAttr = "{$this->name}.{$encodedValue}"; print "<input type='checkbox' name='{$this->name}[]' value='{$encodedValue}' id='{$idAttr}' {$checkedAttr}/>\n"; print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n"; } // show database values not in current list options if ($fieldValuesNotInList) { print "{$noLongerInListText}<br />\n"; foreach ($fieldValuesNotInList as $value) { $encodedValue = htmlencode($value); $encodedLabel = htmlencode($value); $idAttr = "{$this->name}.{$encodedValue}"; print "<input type='checkbox' name='{$this->name}[]' value='{$encodedValue}' id='{$idAttr}' checked='checked' />\n"; print "<label for='{$idAttr}'>{$encodedLabel}</label><br />\n\n"; } } if ($description) { print "{$description}\n"; } } else { die("Unknown listType '{$this->listType}'!"); } } } } // list fields w/ advanced filters - add onchange event handler to local filter field if (@$this->filterField) { ?> <script type="text/javascript"><!-- $("[name='<?php echo $this->filterField; ?> ']").change(function () { var targetListField = '<?php echo $this->name; ?> '; var newFilterValue = this.value; updateListFieldOptions(targetListField, newFilterValue); }); // --></script> <?php } // print " </td>\n"; print " </tr>\n"; }
function resetPassword() { global $CURRENT_USER, $SETTINGS; $GLOBALS['sentEmail'] = false; // error checking if (!@$_REQUEST['userNum']) { die("No 'userNum' value specified!"); } if (!@$_REQUEST['resetCode']) { die("No 'resetCode' value specified!"); } if (!_isValidPasswordResetCode(@$_REQUEST['userNum'], @$_REQUEST['resetCode'])) { alert(t("Password reset code has expired or is not valid. Try resetting your password again.")); showInterface('forgotPassword.php', false); } // load user global $user; $user = mysql_get(accountsTable(), (int) @$_REQUEST['userNum']); // Lookup username or email if (@$_REQUEST['submitForm']) { security_dieUnlessPostForm(); security_dieOnInvalidCsrfToken(); disableInDemoMode('', 'resetPassword.php'); // error checking $textErrors = getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $user['username']); // v2.52 if ($textErrors) { alert(nl2br(htmlencode($textErrors))); showInterface('resetPassword.php'); exit; } // update password $newPassword = getPasswordDigest($_REQUEST['password']); mysql_update(accountsTable(), $user['num'], null, array('password' => $newPassword)); // show login alert(t('Password updated!')); $_REQUEST = array(); showInterface('login.php', false); exit; } // showInterface('resetPassword.php'); exit; }
?> "> <?php echo $lEmail; ?> : </font></td> <td <?php echo bgcolor($table_body_color_1); ?> ><font color="<?php echo $table_body_font_color_1; ?> "><a href="<?php echo htmlencode("mailto:" . $rec['email']); ?> "><?php echo htmlencode($rec['email']); ?> </a></font></td> </tr> <?php } if ($rec['webpage']) { ?> <tr> <td <?php echo bgcolor($table_body_color_1); ?> nowrap><font color="<?php echo $table_body_font_color_1; ?> "> <?php
function htmlencode_params($params) { $result = array(); foreach ($params as $key => $val) { $result[$key] = htmlencode($val); } return $result; }
echo "<div class='confirm'>"; printf($lang['db_renamed'], htmlencode($oldpath)); echo " '" . htmlencode($newpath) . "'."; echo "</div><br/>"; } echo "<form action='?view=rename&database_rename=1' method='post'>"; echo "<input type='hidden' name='oldname' value='" . htmlencode($db->getPath()) . "'/>"; echo $lang['db_rename'] . " '" . htmlencode($db->getPath()) . "' " . $lang['to'] . " <input type='text' name='newname' style='width:200px;' value='" . htmlencode($db->getPath()) . "'/> <input type='submit' value='" . $lang['rename'] . "' name='rename' class='btn'/>"; echo "</form>"; } else { if ($view == "delete") { //- Delete database confirmation (=delete) echo "<form action='?database_delete=1' method='post'>"; echo "<div class='confirm'>"; echo sprintf($lang['ques_del_db'], htmlencode($db->getPath())) . "<br/><br/>"; echo "<input name='database_delete' value='" . htmlencode($db->getPath()) . "' type='hidden'/>"; echo "<input type='submit' value='" . $lang['confirm'] . "' class='btn'/> "; echo "<a href='" . PAGE . "'>" . $lang['cancel'] . "</a>"; echo "</div>"; echo "</form>"; } } } } } } } echo "</div>"; } //- HTML: page footer echo "<br/>";
$delpiceb3 = "y"; } } //先刪除圖片===end=== } if ($_POST["selltime1"] != "") { $s1 = $_POST["selltime1"]; } else { $s1 = "0000-00-00"; } if ($_POST["selltime2"] != "") { $s2 = $_POST["selltime2"]; } else { $s2 = "0000-00-00"; } $sql_data = "update product set `pro_num`='" . htmlencode($_POST["pro_num"]) . "',`word`='" . str_replace("'", "''", $_POST["FCKeditor1"]) . "',`range`=" . $_POST["range"]; if ($sf_file3[0] != NULL) { $sql_data = $sql_data . ",`pic1`='{$sf_file3['0']}'"; } else { if ($delpiceb == "y") { $sql_data = $sql_data . ",`pic1`=''"; } } if ($sf_file3[1] != NULL) { $sql_data = $sql_data . ",`pic2`='{$sf_file3['1']}'"; } else { if ($delpiceb2 == "y") { $sql_data = $sql_data . ",`pic2`=''"; } } if ($sf_file3[2] != NULL) {