function check_time($string) { $time = array('0', '1', '2', '3'); if (!in_array($string, $time)) { exit('出错'); } return mysql_escape($string); }
/** * TestGuestVersion1.0 * ================================================ * Copy 2010-2012yc60 * Web: http://www.yc60.com * ================================================ * Author: Lee * Date: 2012-9-17 */ function check_content($string) { $string = htmlspecialchars(mysql_escape(trim($string))); if (mb_strlen($string, 'utf-8') < 10 || mb_strlen($string, 'utf-8') > 200) { //判断输入的用户名长度是否合格 alert('信心内容不得少于10个字符,请重新输入'); } return $string; }
function check_post_contenr($string, $min) { $string = trim($string); if (mb_strlen($string, 'utf-8') < $min) { //判断输入的用户名长度是否合格 alert('发帖内容长度不得小于' . $min . '位'); exit; } return mysql_escape($string); }
function editFormHtml($record) { global $TABLE_PREFIX, $tableName; $calendarTable = $TABLE_PREFIX . "_datecalendar"; // get dates $dates = array(); $date = getdate(); $monthNum = $date['mon']; $year = $date['year']; $firstMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01'); for ($i = 1; $i <= 12; $i++) { $dates[] = array('year' => $year, 'monthNum' => $monthNum); if (++$monthNum > 12) { $year++; $monthNum = 1; } } $lastMonth = sprintf("%04d%02d%02d", $year, $monthNum, '01'); // load dates from database $selectedDates = array(); $query = "SELECT DATE_FORMAT(date, '%Y%m%d') as date FROM `{$calendarTable}` "; $query .= "WHERE `tablename` = '{$tableName}' "; $query .= " AND `fieldname` = '{$this->name}' "; $query .= " AND `recordNum` = '" . mysql_escape($_REQUEST['num']) . "' "; $query .= " AND '{$firstMonth}' <= `date` AND `date` <= '{$lastMonth}'"; $result = mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); while ($row = mysql_fetch_assoc($result)) { $selectedDates[$row['date']] = 1; } if (is_resource($result)) { mysql_free_result($result); } // get calendar HTML $calendarHtml = ''; foreach ($dates as $date) { $calendarHtml .= _createEditCalendar($date['monthNum'], $date['year'], $selectedDates); } // display field print <<<__HTML__ <tr> <td valign="top">{$this->label}</td> <td>{$calendarHtml}</td> </tr> __HTML__; }
function saveUploadDetails() { global $TABLE_PREFIX; security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); // update uploads if (is_array(@$_REQUEST['uploadNums'])) { foreach ($_REQUEST['uploadNums'] as $uploadNum) { if (!$uploadNum) { die(__FUNCTION__ . ": No upload num specified!"); } $query = "UPDATE `{$TABLE_PREFIX}uploads`\n"; $query .= " SET info1 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info1"]) . "',\n"; $query .= " info2 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info2"]) . "',\n"; $query .= " info3 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info3"]) . "',\n"; $query .= " info4 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info4"]) . "',\n"; $query .= " info5 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info5"]) . "'\n"; $query .= " WHERE num = '" . mysql_escape($uploadNum) . "' AND "; if ($_REQUEST['num']) { $query .= "recordNum = '" . mysql_escape($_REQUEST['num']) . "'"; } else { if ($_REQUEST['preSaveTempId']) { $query .= "preSaveTempId = '" . mysql_escape($_REQUEST['preSaveTempId']) . "'"; } else { die("No value specified for 'num' or 'preSaveTempId'!"); } } mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); } } // print "<script type='text/javascript'>self.parent.reloadIframe('{$_REQUEST['fieldName']}_iframe')</script>"; // reload uploadlist print "<script type='text/javascript'>self.parent.tb_remove();</script>\n"; // close thickbox exit; }
public function activation() { if (!empty($_GET['activation']) && isset($_GET['activation'])) { $code = mysql_escape($_GET['activation']); $user_count = User::where('activation', $code)->count(); $User = User::where('activation', '=', $code)->firstOrFail(); if ($user_count > 0) { $count = DB::table('users')->where('activation', $code)->where('status', '0')->count(); if ($count == 1) { $db_res = DB::table('users')->where('activation', $code)->update(array('status' => 1)); if ($db_res == 1) { Auth::login($User); return View::make('register/activation_to_resumes'); //return Redirect::to('/')->with('message','您的账号已经激活'); } } else { return Redirect::to('ow_login')->with('message', '您的账号已经激活无需再次激活!'); } } else { return Redirect::to('ow_register')->with('message', '您的账号存在'); } } }
<?php require "globals.php"; $search = mysql_escape($_POST['search']); $page = mysql_escape($_POST['page']); if ($search == "") { echo "<h1>Search Games</h1><center>Please type in the most accurate game title description to find your favourite games.<br>\n<form action=flashsearchdos.php?page=search method=post>Game Title: <input type=text name=search> <input type=submit value='Search'></form></center>"; } else { // Strip HTML tags $search = strip_tags($search); // Find games $sql = "SELECT game FROM flash2 WHERE game LIKE '%{$search}%' ORDER BY game DESC LIMIT 10"; $countmatches = mysql_num_rows(mysql_query("{$sql}")); $findgames = mysql_query("SELECT imagename,game,id FROM flash2 WHERE game LIKE '%{$search}%' ORDER BY game DESC LIMIT 10"); echo "<center><h1>Search Results</h1>\nWe have found {$countmatches} matches for your search results. The more specific the search phrase, the better your results will be.<br><br>\n\n<table border=0 cellspacing=10 cellpadding=0 border=0><tr>"; $counter = 0; while ($game = mysql_fetch_array($findgames)) { // Next row if ($counter == 3) { echo "</tr><tr>"; // Reset counter $counter = 0; } echo "<td><table>\n<tr>\n<td>\n<font size=1><a href=game.php?id={$game['id']} title=\"{$game['game']}\"><center>\n<img src=/arcadefiles/{$game['imagename']} height=60 width=60></a><br />\n<li><a href=game.php?id={$game['id']} title=\"{$game['game']}\">{$game['game']}</center></a>\n<li><a href=highscores.php?id={$game['id']}>View High Scores</a></center>\n</font></td>\n</tr>\t\t\t\t\t\t\n</table></td>"; $counter++; } echo "</tr></table>"; } print "<br /><br />"; $h->endpage();
<link rel="shortcut icon" href="images/favicon.ico" /> </head> <body> <?php define('IN_TG', true); require dirname(__FILE__) . '/includes/global.fun.php'; //引进数据库连接文件 require dirname(__FILE__) . '/includes/conn.inc.php'; require dirname(__FILE__) . '/includes/common.inc.php'; require dirname(__FILE__) . '/includes/header.inc.php'; if (!isset($_GET['active'])) { //防止直接调用“active页面” location('非法操作', 'index.php'); } if (isset($_GET['action']) && isset($_GET['active']) && $_GET['action'] == 'ok') { $active = mysql_escape($_GET['active']); //首先进行转义 mysql_query("UPDATE user SET active=NULL WHERE active='{$active}' LIMIT 1"); //将active字段设置为空 if (mysql_affected_rows() == 1) { location('激活成功', 'index.php'); } else { location('激活失败', 'register.php'); } } ?> <div id="active"> <h2>激活页面</h2> <p>点击一下链接进行激活</p> <p><a href="active.php?action=ok&active=<?php echo $_GET['active'];
if (!isset($_POST['url'])) { if ($bgfixed == 1) { $bgfixedcheck = "checked"; } else { $bgfixedcheck = ""; } if ($bgcenter == "center") { $bgcentercheck = "checked"; } else { $bgcentercheck = ""; } if ($bgcover == 1) { $bgcovercheck = "checked"; } else { $bgcovercheck = ""; } echo "<h2 class=\"text-left\">Site Background</h2><hr/>\n\t\t<p>Many sites have a background to make the website more personalized. There is not a default image size, but you may want to play around with some sizes to see what you like.</p>\n\t\t<p>To upload an image, please go to <a href=\"http://www.imgur.com\">imgur.com</a>, and then enter in the image url below. The URL will look like this: i.imgur.com/abcdefghi.jpg. Of course, you may use any other website to host your image.</p><hr/>\n\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Background URL</label>\n\t\t\t\t<input type=\"text\" class=\"form-control\" name=\"url\" id=\"inputURL\" placeholder=\"Enter image URL\" value=\"" . $background . "\">\n\t\t\t</div>\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Background Color (Hex)</label>\n\t\t\t\t<input type=\"text\" class=\"form-control color\" name=\"bgcolor\" id=\"inputURL\" placeholder=\"Enter Background Color\" value=\"" . $bgcolor . "\">\n\t\t\t\t<span class=\"help-block\">Your background color must look like this: 000000<br/>To look up hex colors, click the input box above.</span>\n\t\t\t</div>\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"repeatStyle\">Background Repeat</label>\n\t\t\t\t<select class=\"form-control\" name=\"bgrepeat\" id=\"repeatStyle\">\n\t\t\t\t\t<option value=\"no-repeat\">No Repeat</option>\n\t\t\t\t\t<option value=\"repeat\">Repeat Both Directions</option>\n\t\t\t\t\t<option value=\"repeat-x\">Repeat Horizontally</option>\n\t\t\t\t\t<option value=\"repeat-y\">Repeat Vertically</option>\n\t\t\t\t</select>\n\t\t\t\t<span class=\"help-block\">Background images can repeat horizontally, vertically, both, or none.</span>\n\t\t\t</div>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgcenter\" value=\"1\" {$bgcentercheck}>Center Background (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\n\t\t\t<span class=\"help-block\">Background images can be centered.</span>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgfixed\" value=\"1\" {$bgfixedcheck}>Fixed Background (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\t\t\t\t\n\t\t\t<span class=\"help-block\">Background images can be fixed (won't scroll).</span>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgcover\" value=\"1\" {$bgcovercheck}>Fit Background to Screen (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\t\t\t\t\n\t\t\t<span class=\"help-block\">Background images can be resized to fit the browser window.</span>\n\t\t\t<hr/>\n\t\t\t<button type=\"submit\" class=\"btn btn-primary\" required>Submit »</button>\n\t\t</form>\n\t\t"; } else { $url = mysql_escape($_POST["url"]); $bgcolor = mysql_escape($_POST["bgcolor"]); $bgrepeat = mysql_escape($_POST["bgrepeat"]); $bgcenter = mysql_escape(isset($_POST["bgcenter"])); $bgfixed = mysql_escape(isset($_POST["bgfixed"])); $bgcover = mysql_escape(isset($_POST["bgcover"])); $mysqli->query("UPDATE " . $prefix . "properties SET background = '{$url}', bgcolor = '{$bgcolor}', bgrepeat = '{$bgrepeat}', bgcenter = '{$bgcenter}', bgfixed = '{$bgfixed}', bgcover = '{$bgcover}'"); echo "<div class=\"alert alert-success\">Successfully updated background.</div>"; redirect_wait5("?base=admin&page=background"); } } else { redirect("?base"); }
function incrementCounterField($tablename, $fieldname, $recordNumber) { global $VIEWER_NAME; // error checking if (!$tablename) { die(__FUNCTION__ . ": No 'tablename' value specified!"); } if (!$fieldname) { die(__FUNCTION__ . ": No 'fieldname' value specified!"); } if (!$recordNumber) { die(__FUNCTION__ . ": No 'recordNumber' value specified!"); } // update counter $escapedTableName = mysql_escape(getTableNameWithPrefix($tablename)); $query = "UPDATE `{$escapedTableName}` SET `{$fieldname}` = IFNULL(`{$fieldname}`,0) + 1"; $query .= " WHERE `num` = '" . mysql_escape($recordNumber) . "'"; $result = @mysql_query($query); if (!$result) { die(__FUNCTION__ . " MySQL Error: " . htmlencode(mysql_error()) . "\n"); } if (!mysql_affected_rows()) { die(__FUNCTION__ . ": Couldn't find record '" . htmlencode($recordNumber) . "'!"); } }
die("403 - Access Forbidden"); } if ($_SESSION['id']) { echo "\n\t\t<h2 class=\"text-left\">Account Settings</h2><hr/>"; if (!isset($_POST['modify'])) { $query = $mysqli->query("SELECT * FROM `accounts` WHERE `id`='" . $_SESSION['id'] . "'") or die(mysql_error()); $row = $query->fetch_assoc(); echo "\n\t\t<div class=\"alert alert-warning\">If you want to keep your current password, leave the password fields blank! <a class=\"close\" data-dismiss=\"alert\" href=\"#\" aria-hidden=\"true\">×</a></div>\n\t\t<form method=\"post\" role=\"form\">\n\t\t\t<b><abbr title=\"You can't change this!\">Username</abbr></b>\n\t\t\t\t" . $row['name'] . "\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"cPassword\">Current Password</label>\n\t\t\t<input type=\"password\" class=\"form-control\" id=\"cPassword\" placeholder=\"Current Password\" name=\"current\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"nPassword\">New Password</label>\n\t\t\t<input type=\"password\" class=\"form-control\" id=\"nPassword\" placeholder=\"New Password\" name=\"password\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"coPassword\">Confirm Password</label>\n\t\t\t<input type=\"password\" class=\"form-control\" id=\"coPassword\" placeholder=\"Confirm Password\" name=\"copassword\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"Email\">Email</label>\n\t\t\t<input type=\"email\" class=\"form-control\" id=\"Email\" placeholder=\"email@dot.com\" maxlength=\"50\" name=\"email\" value=\"" . $row['email'] . "\" />\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"Birthday\">Birthday</label>\n\t\t\t<input type=\"text\" class=\"form-control\" id=\"Birthday\" placeholder=\"1990-01-01\" name=\"birth\" value=\"" . $row['birthday'] . "\" />\n\t\t</div>\n\t\t\t<input type=\"submit\" name=\"modify\" class=\"btn btn-primary\" value=\"Modify »\" />\n\t\t</form><br/>"; } else { $u = $mysqli->query("SELECT * FROM `accounts` WHERE `id`='" . $_SESSION['id'] . "'") or die; $userz = $u->fetch_assoc(); $current = mysql_escape($_POST['current']); $pass = mysql_escape($_POST['password']); $cpass = mysql_escape($_POST['copassword']); $email = mysql_escape($_POST['email']); $birth = mysql_escape($_POST['birth']); if ($current) { if ($userz['password'] == hash('sha512', $current . $userz['salt']) || sha1($current) == $userz['password']) { if ($pass != $cpass) { echo "<div class=\"alert alert-danger\">Passwords do not match.</div>"; } else { if (strlen($pass) < 6) { echo "<div class=\"alert alert-danger\">Your password must be between 6 and 12 characters.</div>"; } elseif (strlen($pass) > 12) { echo "<div class=\"alert alert-danger\">Your password must be between 6 and 12 characters.</div>"; } else { $u = $mysqli->query("UPDATE `accounts` SET `password`='" . sha1($pass) . "',`salt`=NULL WHERE `name`='" . $userz['name'] . "'") or die; echo "<div class=\"alert alert-success\">Your changes have successfully been saved.</div>"; } } } else {
function recache_forum($forum) { global $ir, $c, $userid, $h, $db; global $db; $q = $db->query("SELECT p.*,t.* FROM forum_posts p LEFT JOIN forum_topics t ON p.fp_topic_id=t.ft_id WHERE p.fp_forum_id={$forum} ORDER BY p.fp_time DESC LIMIT 1"); if (!$db->num_rows($q)) { $db->query("update forum_forums set ff_lp_time=0, ff_lp_poster_id=0, ff_lp_poster_name='N/A', ff_lp_t_id=0, ff_lp_t_name='N/A',ff_posts=0, ff_topics=0 where ff_id={$forum}"); } else { $r = $db->fetch_row($q); $tn = mysql_escape($r['ft_name']); $pn = mysql_escape($r['fp_poster_name']); $posts = $db->num_rows($db->query("SELECT fp_id FROM forum_posts WHERE fp_forum_id={$forum}")); $topics = $db->num_rows($db->query("SELECT ft_id FROM forum_topics WHERE ft_forum_id={$forum}")); $db->query("update forum_forums set ff_lp_time={$r['fp_time']}, ff_lp_poster_id={$r['fp_poster_id']}, ff_lp_poster_name='{$pn}', ff_lp_t_id={$r['ft_id']}, ff_lp_t_name='{$tn}',ff_posts={$posts}, ff_topics={$topics} where ff_id={$forum}"); } }
function categoryMoveDrag() { global $tableName, $escapedTableName, $isMyAccountMenu; if ($isMyAccountMenu) { die("Access not permitted for My Account menu!"); } if (!isset($_REQUEST['sourceNum'])) { die('sourceNum not set.'); } if (!isset($_REQUEST['targetNum'])) { die('targetNum not set.'); } if (!isset($_REQUEST['position'])) { die('position not set.'); } $sourceNum = $_REQUEST['sourceNum']; $targetNum = $_REQUEST['targetNum']; $position = $_REQUEST['position']; if (!is_numeric($sourceNum) || !is_numeric($targetNum)) { redirectBrowserToURL("?menu={$tableName}", true); exit; } security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); // load categoriesByNum $categoriesByNum = array(); $query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder"; $result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n"); while ($row = mysql_fetch_assoc($result)) { $categoriesByNum[$row['num']] = $row; $categoriesByNum[$row['num']]['oldSiblingOrder'] = $row['siblingOrder']; } if (is_resource($result)) { mysql_free_result($result); } // update order $parentNum = $position == 'child' ? $targetNum : $categoriesByNum[$targetNum]['parentNum']; // Source cannot be made a child of its decendent. $currParentNum = $categoriesByNum[$targetNum]['parentNum']; while ($currParentNum) { if ($currParentNum == $sourceNum) { redirectBrowserToURL("?menu={$tableName}", true); exit; } $currParentNum = $categoriesByNum[$currParentNum]['parentNum']; } $categoriesByNum[$sourceNum]['parentNum'] = $parentNum; foreach (array_keys($categoriesByNum) as $num) { $category =& $categoriesByNum[$num]; if ($category['parentNum'] != $parentNum) { continue; } // only modify siblings on branch $category['siblingOrder'] = 2 + $category['siblingOrder'] * 2; // double space entries unset($category); } //showme($categoriesByNum[$sourceNum]); //showme($categoriesByNum[$targetNum]); if ($position == 'child') { $categoriesByNum[$sourceNum]['siblingOrder'] = 1; // if adding as child, default to first sibling } else { if ($position == 'above') { $categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] - 1; } else { if ($position == 'below') { $categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] + 1; } } } //showme($categoriesByNum[$sourceNum]); //showme($categoriesByNum[$targetNum]); // save new sibling order foreach ($categoriesByNum as $num => $category) { if ($category['oldSiblingOrder'] == $category['siblingOrder']) { continue; } // skip if order didn't change $query = "UPDATE `{$escapedTableName}` SET "; $query .= "`siblingOrder` = '" . mysql_escape($category['siblingOrder']) . "' "; $query .= "WHERE num = '{$category['num']}'"; //showme($query); mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n"); } //exit; // save new parent $query = "UPDATE `{$escapedTableName}` SET "; $query .= "`parentNum` = '" . mysql_escape($parentNum) . "' "; $query .= "WHERE num = '{$sourceNum}'"; mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n"); // update global order, etc updateCategoryMetadataDrag(); // refresh page redirectBrowserToURL("?menu={$tableName}", true); exit; }
<?php if (basename($_SERVER["PHP_SELF"]) == "banner.php") { die("403 - Access Forbidden"); } if ($_SESSION['admin']) { if (!isset($_POST['url'])) { echo "<h2 class=\"text-left\">Site Banner</h2><hr/>\n\t\t<p>Many sites have a banner at the top of the page to make the website more personalized. There is not a default image size, but you may want to play around with some sizes to see what you like.</p>\n\t\t<p>To upload an image, please go to <a href=\"http://www.imgur.com\">imgur.com</a>, and then enter in the image url below. The URL will look like this: i.imgur.com/abcdefghi.jpg. Of course, you may use any other website to host your image.</p><hr/>\n\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Banner URL</label>\n\t\t\t\t<input type=\"text\" class=\"form-control\" name=\"url\" id=\"inputURL\" placeholder=\"Enter image URL\" value=\"" . $banner . "\">\n\t\t\t</div>\n\t\t\t<hr/>\n\t\t\t<button type=\"submit\" class=\"btn btn-primary\" required>Submit »</button>\n\t\t</form>\n\t\t"; } else { $url = mysql_escape($_POST["url"]); $mysqli->query("UPDATE " . $prefix . "properties SET banner='{$url}'"); echo "<div class=\"alert alert-success\">Successfully updated banner.</div>"; redirect_wait5("?base=admin"); } } else { redirect("?base"); }
if (mysql_affected_rows() == 1) { close('恭喜你,添加成功,请等待对方同意'); } else { location('很遗憾请求发送失败,请重新发送', ''); } session_destroy(); mysql_close(); exit; //必须退出,因为此时的id已经不存在,继续往下执行会会错 } //开始接收数据 if (isset($_GET['id'])) { //如果接收到id,那么开始获取收件人! $row = mysql_fetch_array(mysql_query("select username from user where id='{$_GET['id']}'")) or die(mysql_error()); if (isset($row)) { $clean_username = mysql_escape($row['username']); } else { close('用户名不存在'); } } else { close('非法操作'); } ?> <div id="head"> <h3>添加好友</h3> </div> <div id="message"> <form action="friend.php?action=add" method="post"> <input type="hidden" name="touser" value="<?php echo $clean_username; ?>
function cron_dispatcher() { // runs due or overdue jobs // get last cron.php run time $cronLastRunTime = $GLOBALS['SETTINGS']['bgtasks_lastRun']; $thisCronRunTime = time(); // call log function if cron jobs exit or die register_shutdown_function('cron_logErrorsOnDieOrExit'); // run cron tasks $dispatchedTaskCounter = 0; foreach (getCronList() as $cron) { //print "DEBUG: Checking... " .$cron['function']. " => " .$cron['expression']. "\n"; // get last job run time and oldest time to check $jobLastLogRecord = mysql_get('_cron_log', null, ' function = "' . mysql_escape($cron['function']) . '" ORDER BY num DESC'); $jobLastRunTime = strtotime($jobLastLogRecord['createdDate']); $oldestTimeToCheck = max($cronLastRunTime, $jobLastRunTime); // get most recent valid run time (from now to the last time cron.php ran) $lastScheduleRunTime = cronExpression_getLastScheduledTime($cron['expression'], $oldestTimeToCheck, $cronExprParseErrors); $skipTask = false; if (!$lastScheduleRunTime && !$cronExprParseErrors) { $skipTask = true; } // skip if no scheduled runtime found since last cronrun (and no errors which might have caused that) if ($lastScheduleRunTime && $lastScheduleRunTime <= $cronLastRunTime) { $skipTask = true; } // skip if scheduled to run, but not quite yet (if scheduled time is blank then there was an error) if ($thisCronRunTime - 60 < $jobLastRunTime) { $skipTask = true; } // don't run jobs more than once a minute if ($skipTask) { if (!inCLI()) { print "Skipping {$cron['activity']}, function: {$cron['function']} (not scheduled to run again yet)\n"; } continue; } // Add log entry for job $hasLock = mysql_get_lock($cron['function']); // get a lock for this specific function if ($cronExprParseErrors) { $summary = $cronExprParseErrors; } elseif (!$hasLock) { $summary = t('Aborting, task still running from last time.'); } else { $summary = t('Running...'); } $jobLogNum = mysql_insert('_cron_log', array('createdDate=' => 'NOW()', 'function' => $cron['function'], 'activity' => $cron['activity'], 'summary' => $summary, 'completed' => 0)); // skip if errors parsing cronExpression or getting lock if ($cronExprParseErrors || !$hasLock) { continue; } // execute function $dispatchedTaskCounter++; if (!inCLI()) { print "Running {$cron['activity']}, function: {$cron['function']}\n"; } ob_start(); $startTime = microtime(true); $GLOBALS['CRON_JOB_START'] = $startTime; // store job num in a global so we can update it after die/exit with cron_logErrorsOnDieOrExit $GLOBALS['CRON_JOB_LOG_NUM'] = $jobLogNum; // store job num in a global so we can update it after die/exit with cron_logErrorsOnDieOrExit $summary = call_user_func($cron['function'], array('note' => 'this $info array is for future use')); $GLOBALS['CRON_JOB_LOG_NUM'] = ''; $endTime = microtime(true); $output = ob_get_clean(); // update job log entry mysql_update('_cron_log', $jobLogNum, null, array('completed' => 1, 'summary' => $summary, 'output' => $output, 'runtime' => sprintf("%0.2f", $endTime - $startTime))); mysql_release_lock($cron['function']); } // update lastrun time $GLOBALS['SETTINGS']['bgtasks_lastRun'] = time(); saveSettings(); }
<?php echo "\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"Motto\">Motto:</label>\n\t\t\t<input type=\"text\" class=\"form-control\" name=\"motto\" value=\"" . $p['motto'] . "\" id=\"Motto\"/>\n\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label for=\"favJob\">Favorite Job:</label>\n\t\t\t\t<select name=\"favjob\" class=\"form-control\" id=\"favJob\">"; if (isset($p['favjob'])) { echo "<option value=\"" . $p['favjob'] . "\">" . $p['favjob'] . "</option>"; } echo "\t\n\t\t\t\t\t\t\t\t<optgroup label=\"Beginner\">\n\t\t\t\t\t\t\t\t<option value=\"Beginner\">Beginner</option>\n\t\t\t\t\t\t\t\t<option value=\"PermaNoob\">PermaNoob</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Warrior\">\n\t\t\t\t\t\t\t\t<option value=\"Swordman\">Swordman</option>\n\t\t\t\t\t\t\t\t<option value=\"Fighter\">Fighter</option>\n\t\t\t\t\t\t\t\t<option value=\"Spearman\">Spearman</option>\n\t\t\t\t\t\t\t\t<option value=\"Page\">Page</option>\n\t\t\t\t\t\t\t\t<option value=\"Crusader\">Crusader</option>\n\t\t\t\t\t\t\t\t<option value=\"Dragon Knight\">Dragon Knight</option>\n\t\t\t\t\t\t\t\t<option value=\"White Knight\">White Knight</option>\n\t\t\t\t\t\t\t\t<option value=\"Hero\">Hero</option>\n\t\t\t\t\t\t\t\t<option value=\"Dark Knight\">Dark Knight</option>\n\t\t\t\t\t\t\t\t<option value=\"Paladin\">Paladin</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Bowman\">\n\t\t\t\t\t\t\t\t<option value=\"Archer\">Archer</option>\n\t\t\t\t\t\t\t\t<option value=\"Hunter\">Hunter</option>\n\t\t\t\t\t\t\t\t<option value=\"Crossbowman\">Crossbowman</option>\n\t\t\t\t\t\t\t\t<option value=\"Ranger\">Ranger</option>\n\t\t\t\t\t\t\t\t<option value=\"Sniper\">Sniper</option>\n\t\t\t\t\t\t\t\t<option value=\"Bowmaster\">Bowmaster</option>\n\t\t\t\t\t\t\t\t<option value=\"Marksman\">Marksman</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Magician\">\n\t\t\t\t\t\t\t\t<option value=\"Magician\">Magician</option>\n\t\t\t\t\t\t\t\t<option value=\"I/L Wizard\">I/L Wizard</option>\n\t\t\t\t\t\t\t\t<option value=\"F/P Wizard\">F/P Wizard</option>\n\t\t\t\t\t\t\t\t<option value=\"Cleric\">Cleric</option>\n\t\t\t\t\t\t\t\t<option value=\"I/L Mage\">I/L Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"F/P Mage\">F/P Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"Priest\">Priest</option>\n\t\t\t\t\t\t\t\t<option value=\"I/L Arch Mage\">I/L Arch Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"F/P Arch Mage\">F/P Arch Mage</option>\n\t\t\t\t\t\t\t\t<option value=\"Bishop\">Bishop</option>\n\t\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Theif\">\n\t\t\t\t\t\t\t\t<option value=\"Rogue\">Rogue</option>\n\t\t\t\t\t\t\t\t<option value=\"Assassin\">Assassin</option>\n\t\t\t\t\t\t\t\t<option value=\"Bandit\">Bandit</option>\n\t\t\t\t\t\t\t\t<option value=\"Hermit\">Hermit</option>\n\t\t\t\t\t\t\t\t<option value=\"Chief Bandit\">Chief Bandit</option>\n\t\t\t\t\t\t\t\t<option value=\"Night Lord\">Night Lord</option>\n\t\t\t\t\t\t\t\t<option value=\"Shadower\">Shadower</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t\t<optgroup label=\"Pirate\">\n\t\t\t\t\t\t\t\t<option value=\"Pirate\">Pirate</option>\n\t\t\t\t\t\t\t\t<option value=\"Infighter\">Infighter</option>\n\t\t\t\t\t\t\t\t<option value=\"Gunslinger\">Gunslinger</option>\n\t\t\t\t\t\t\t\t<option value=\"Valkyrie\">Valkyrie</option>\n\t\t\t\t\t\t\t\t<option value=\"Buccaneer\">Buccaneer</option>\n\t\t\t\t\t\t\t\t<option value=\"Viper\">Viper</option>\n\t\t\t\t\t\t\t\t<option value=\"Captain\">Captain</option>\n\t\t\t\t\t\t\t</optgroup>\n\t\t\t\t\t\t</select>\n\t\t\t\t\t</div>\n\t\t<div class=\"form-group\">\n\t\t\t<label>About Me:</label>\n\t\t\t\t<textarea name=\"text\" style=\"height:200px\" maxlength=\"200\" class=\"form-control\" id=\"textCount\">" . stripslashes($p['text']) . "</textarea>\n\t\t</div>\n\t\t\t<p id=\"counter\"></p>\n\t\t\t<div class=\"alert alert-info\">Please keep in mind that all of this information will be public.</div>\n\t\t\t<input type=\"submit\" name=\"edit\" value=\"Update »\" class=\"btn btn-primary\"/>\n\t\t\t</form>\n\t\t\t<script type=\"text/javascript\">\n\t\t\t\$('#textCount').keyup(function () {\n\t\t\tvar left = 200 - \$(this).val().length;\n\t\t\t\tif (left < 0) {\n\t\t\t\t\tleft = 0;\n\t\t\t\t}\n\t\t\t\t\$('#counter').text('Characters left: ' + left);\n\t\t\t});\n\t\t\t</script>"; } else { $pname = mysql_escape(isset($_POST['pname'])); if (isset($_POST['mainchar'])) { $mainchar = mysql_escape($_POST['mainchar']); } else { $mainchar = ""; } $realname = mysql_escape($_POST['realname']); $age = mysql_escape($_POST['age']); $country = mysql_escape($_POST['country']); $motto = mysql_escape($_POST['motto']); $favjob = $_POST['favjob']; $text = mysql_escape($_POST['text']); $u = $mysqli->query("UPDATE `" . $prefix . "profile` SET `mainchar`='" . $mainchar . "',`realname`='" . $realname . "',`age`='" . $age . "',`country`='" . $country . "',`motto`='" . $motto . "',`favjob`='" . $favjob . "',`text`='" . $text . "' WHERE `accountid`='" . $_SESSION['id'] . "'") or die(mysql_error()); echo "<div class=\"alert alert-success\">Your public profile has been updated<br />"; echo "Click <a href=\"?base=main&page=members&name=" . $_SESSION['pname'] . "\" class=\"alert-link\">here</a> to go to your profile.</div>"; } } } else { redirect("?base=main"); } ?> <script> CKEDITOR.replace( 'textCount' ); </script>
<?php if ($_GET['action'] == 'arcade' || $_GET['act'] == 'Arcade' || $_GET['act'] == 'arcade' || $_POST['act'] == 'arcade' || $_POST['act'] == 'acrade' || $_POST['gname']) { include "globals.php"; if ($_POST['game_name']) { $_POST['game'] = $_POST['game_name']; } $_POST['game'] = mysql_escape($_POST['game']); $_POST['score'] = abs($_POST['score'] + 0); if (!$_POST['score']) { $_POST['score'] = 0; } if ($_POST['gname'] && $_POST['gscore']) { $_POST['game'] = mysql_escape($_POST['gname']); $_POST['score'] = abs($_POST['gscore'] + 0); } if ($_POST['game'] && $_POST['score']) { $_POST['score'] = abs($_POST['score']); $q = $db->query("SELECT * FROM flash2 WHERE file='{$_POST['game']}' LIMIT 1"); $r = $db->fetch_row($q); $q2 = $db->query("SELECT id,startTime FROM flashscores WHERE userid='{$userid}' && gameid={$r['id']} && score=0 ORDER BY id DESC LIMIT 1"); $r2 = $db->fetch_row($q2); $rn = $db->num_rows($q2); if (!$rn) { $bad = "<center><font color=red>Game session error. <br />This may be caused by having multiple tabs opened on this game, logging into the site halfway through the game, or refreshing the page after your score was submitted.</font></center><br /><br />"; } if (!$bad) { $db->query("UPDATE flash2 SET plays=plays+1 WHERE id={$r['id']}"); if ($dontsendscore != 1) { $db->query("UPDATE flashscores SET endTime=unix_timestamp(),score={$_POST['score']},scoreStatus=1 WHERE id={$r2['id']}"); //update personal bests
function _updateMySQL() { global $TABLE_PREFIX, $schema; $escapedTableName = mysql_escape($_REQUEST['tableName']); // get current column name and type $oldColumnName = $_REQUEST['fieldname']; $newColumnName = $_REQUEST['newFieldname']; $oldColumnType = getMysqlColumnType($_REQUEST['tableName'], $oldColumnName); $newColumnType = getColumnTypeFor($newColumnName, $_REQUEST['type'], @$_REQUEST['customColumnType']); // create/alter/remove MySQL columns $isOldColumn = $oldColumnType; $isNewColumn = $newColumnType != 'none' && $newColumnType != ''; $doEraseColumn = $isOldColumn && !$isNewColumn; $doCreateColumn = !$oldColumnType && $isNewColumn; $doAlterColumn = $isOldColumn && $isNewColumn; // remove existing index (if any) - always dropping/recreating indexes ensure they match renamed fields, etc list($oldIndexName, $oldIndexColList) = getIndexNameAndColumnListForField($oldColumnName, $oldColumnType); $indexExists = (bool) mysql_get_query("SHOW INDEX FROM `{$escapedTableName}` WHERE Key_name = '{$oldIndexName}'"); if ($indexExists) { mysql_query("DROP INDEX `{$oldIndexName}` ON `{$escapedTableName}`") or die("Error dropping index `{$newIndexName}`:" . htmlencode(mysql_error())); } // update table: create, alter, or erase field if ($doCreateColumn) { // create field $query = "ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n ADD COLUMN `" . mysql_escape($newColumnName) . "` {$newColumnType}"; $result = mysql_query($query) or die("There was an error creating the MySQL Column, the error was:\n\n" . mysql_error()); } else { if ($doAlterColumn) { // change field type $result = mysql_query("ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n CHANGE COLUMN `" . mysql_escape($oldColumnName) . "`\n `" . mysql_escape($newColumnName) . "` {$newColumnType}") or die("There was an error changing the MySQL Column, the error was:\n\n" . mysql_error() . "\n"); } else { if ($doEraseColumn) { // erase mysql field $query = "ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n DROP COLUMN `" . mysql_escape($oldColumnName) . "`"; $result = mysql_query($query) or die("There was an error removing the MySQL Column, the error was:\n\n" . mysql_error() . "\n"); } } } // add/re-create index if required if (@$_REQUEST['indexed']) { list($newIndexName, $newIndexColList) = getIndexNameAndColumnListForField($newColumnName, $newColumnType); $result = mysql_query("CREATE INDEX `{$newIndexName}` ON `{$escapedTableName}` {$newIndexColList}") or die("Error creating index `{$newIndexName}`:" . htmlencode(mysql_error())); } // update uploads table (rename upload field if it was changed) $uploadFieldRenamed = $_REQUEST['type'] == 'upload' && $oldColumnName && $oldColumnName != $newColumnName; if ($uploadFieldRenamed) { $tableNameWithoutPrefix = getTableNameWithoutPrefix($_REQUEST['tableName']); $query = "UPDATE `{$TABLE_PREFIX}uploads`"; $query .= " SET fieldName='" . mysql_escape($newColumnName) . "'"; $query .= " WHERE fieldName='" . mysql_escape($oldColumnName) . "' AND"; $query .= " tableName='" . mysql_escape($tableNameWithoutPrefix) . "'"; mysql_query($query) or die("There was an error updating the uploads database:\n\n" . htmlencode(mysql_error()) . "\n"); } }
function forgotPassword() { global $SETTINGS, $TABLE_PREFIX, $PROGRAM_DIR; $GLOBALS['sentEmail'] = false; // Lookup username or email if (@$_REQUEST['usernameOrEmail']) { security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); disableInDemoMode('', 'forgotPassword.php', false); // send emails $escapedNameOrEmail = mysql_escape($_REQUEST['usernameOrEmail']); $matchingUsers = mysql_select('accounts', "'{$escapedNameOrEmail}' IN(`username`,`email`)"); foreach ($matchingUsers as $user) { // get reset url $resetBaseUrl = array_value(explode('?', thisPageUrl()), 0); $resetCode = _generatePasswordResetCode($user['num']); $resetUrl = "{$resetBaseUrl}?menu=resetPassword&userNum=" . $user['num'] . "&resetCode={$resetCode}"; // send message - v2.50 switched to emailTemplate_loadFromDB() $emailHeaders = emailTemplate_loadFromDB(array('template_id' => 'CMS-PASSWORD-RESET', 'placeholders' => array('user.num' => $user['num'], 'user.email' => $user['email'], 'resetUrl' => $resetUrl))); $errors = sendMessage($emailHeaders); if ($errors) { alert("Mail Error: " . nl2br($errors)); } // $GLOBALS['sentEmail'] = true; } } // display errors if (array_key_exists('usernameOrEmail', $_REQUEST) && @$_REQUEST['usernameOrEmail'] == '') { alert(t("No username or email specified!")); } if (@$_REQUEST['usernameOrEmail'] && !$GLOBALS['sentEmail']) { alert(t("No matching username or email was found!")); } // showInterface('forgotPassword.php', false); exit; }
print "Answer Editted.<br /><br /><a href=questions.php>>Back</a>"; } else { if ($_GET['act'] == 'delete') { $w = $db->query("SELECT * FROM questions WHERE Qid={$_GET['id']} LIMIT 1"); $a = $db->fetch_row($w); $a['Qquest'] = stripslashes($a['Qquest']); print "<form action='' method='post'>\n\t\t<b>Are you sure you want to delete this question?</b><br />{$a['Qquest']}<br /><br />\n\t\t<a href=questions.php?id={$a['Qid']}&act=delete2>Yes</a> | <a href=questions.php>No</a>"; } else { if ($_GET['act'] == 'delete2') { $db->query("DELETE FROM questions WHERE Qid={$_GET['id']}"); print "Question Deleted.<br /><br /><a href=questions.php>>Back</a>"; } else { if ($_GET['act'] == '') { print "<a href=questions.php?t=wait>Waiting for answer</a> | <a href=questions.php?t=redir>Redirected</a> | <a href=questions.php?t=answer>Answered</a><br /><br />"; } $_GET['t'] = mysql_escape($_GET['t']); if ($_GET['t'] == "redir") { print "<b>Questions redirected...</b><br /><table border=1>\n\t\t\t<tr><th>#</th><th>Question</th><th>Redirect #</th><th>Redirect Question</th><th>ACTIONS</th></tr>"; $w = $db->query("SELECT * FROM questions WHERE Qredirect>0 ORDER BY Qid ASC"); while ($a = $db->fetch_row($w)) { $w2 = $db->query("SELECT * FROM questions WHERE Qid={$a['Qredirect']} LIMIT 1"); $a2 = $db->fetch_row($w2); $a['Qquest'] = stripslashes($a['Qquest']); print "<tr><td><center>{$a['Qid']}</center></td><td>{$a['Qquest']}</td><td><center>{$a2['Qid']}</center></td>\n\t\t\t\t<td>{$a2['Qquest']}</td><td>><a href=questions.php?id={$a['Qid']}&act=answer>Answer</a><br />><a href=questions.php?id={$a['Qid']}&act=redirect>Edit Redir</a><br />><a href=questions.php?id={$a['Qid']}&act=edit>Edit Q</a><br />><a href=questions.php?id={$a['Qid']}&act=delete>Delete</a><br /></td></tr>"; } } else { if ($_GET['t'] == "answer") { print "<b>Questions waiting for an answer...</b><br /><table border=1>\n\t\t\t<tr><th>#</th><th>Question</th><th>Answer</th><th>From User</th><th>ACTIONS</th></tr>"; $w = $db->query("SELECT * FROM questions WHERE Qanswer!='' ORDER BY Qid ASC"); while ($a = $db->fetch_row($w)) { if (!$a['Qanswer']) {
function _upgradeToVersion1_10_accessLevels() { global $TABLE_PREFIX; // error checking (check upgrade files were uploaded) $errors = ''; $accessListSchema = loadSchema("_accesslist"); $accountsSchema = loadSchema("accounts"); if (empty($accessListSchema)) { $errors .= "Error: You must upload the latest /data/schema/_accesslist.ini.php before upgrading!<br/>\n"; } if ($errors) { die($errors); } // check if already upraded $result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts` LIMIT 0,1") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); $record = mysql_fetch_assoc($result); if (!$record || !array_key_exists('tableAccessList', $record)) { return; } // create new access table $query = "CREATE TABLE IF NOT EXISTS `{$TABLE_PREFIX}_accesslist` (\n `userNum` int(10) unsigned NOT NULL,\n `tableName` varchar(255) NOT NULL,\n `accessLevel` tinyint(3) unsigned NOT NULL,\n `maxRecords` int(10) unsigned default NULL,\n `randomSaveId` varchar(255) NOT NULL\n ) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; mysql_query($query) || die("Error creating new access table.<br/>\n MySQL error was: " . htmlencode(mysql_error()) . "\n"); // create accessList field if (!@$accountsSchema['accessList']) { $accountsSchema['accessList'] = array('type' => 'accessList', 'label' => "Section Access", 'isSystemField' => '1', 'order' => 20); createMissingSchemaTablesAndFields(); // create missing fields clearAlertsAndNotices(); // don't show "created table/field" alerts } // drop tableAccessList if (@$accountsSchema['tableAccessList']) { unset($accountsSchema['tableAccessList']); saveSchema('accounts', $accountsSchema); } ### upgrade access levels $schemaTables = getSchemaTables(); $schemaTables[] = "all"; $result = mysql_query("SELECT * FROM `{$TABLE_PREFIX}accounts`") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); while ($record = mysql_fetch_assoc($result)) { if (!array_key_exists('tableAccessList', $record)) { die(__FUNCTION__ . ": Couldn't load field 'tableAccessList'!"); } // convert section access to new format $tableNames = array(); $tableNames['all'] = 1; // default all to "By Section" access foreach ($schemaTables as $tableName) { $adminAccess = preg_match("/\\b{$tableName}\\b/i", $record['tableAccessList']); if ($adminAccess) { $tableNames[$tableName] = '9'; } } // foreach table - add to insert query $insertRows = ''; $fieldNames = "userNum, tableName, accessLevel, maxRecords, randomSaveId"; $foundAll = false; foreach ($tableNames as $tableName => $accessLevel) { if ($insertRows) { $insertRows .= ",\n"; } $escapedUserNum = mysql_escape($record['num']); $escapedTableName = mysql_escape($tableName); $maxRecords = "NULL"; $escapedSaveId = mysql_escape(uniqid('', true)); $insertRows .= "('{$escapedUserNum}', '{$escapedTableName}', '{$accessLevel}', {$maxRecords}, '{$escapedSaveId}')"; } // add all $insertQuery = "INSERT INTO `{$TABLE_PREFIX}_accesslist` ({$fieldNames}) VALUES {$insertRows};"; // insert new access rights if ($insertRows) { mysql_query($insertQuery) or die("MySQL Error Inserting New Access Rights: " . htmlencode(mysql_error()) . "\n"); } } // drop tableAccessList $query = "ALTER TABLE `{$TABLE_PREFIX}accounts` DROP COLUMN `tableAccessList`;"; mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); }
<?php // MySQL settings $c['mysql_address'] = 'localhost'; $c['mysql_port'] = '3306'; $c['mysql_username'] = '******'; $c['mysql_password'] = ''; $c['mysql_db'] = 'releases'; $c['mysql_conn'] = mysql_conn($c['mysql_address'], $c['mysql_username'], $c['mysql_password'], $c['mysql_db']); $sql = "SELECT nfo FROM nfos WHERE releaseid = '" . mysql_escape($_GET['id']) . "' AND timeout >= " . time() . ""; $nfo = sql_single($sql); if ($nfo == null) { die; } print_nfo(base64_decode($nfo)); function mysql_conn($host, $user, $pass, $db) { $conn = mysql_connect($host, $user, $pass); if (!$conn) { die('Unable to connect mysql server: ' . mysql_error()); } if (!mysql_select_db($db, $conn)) { die('Unable to select database: ' . mysql_error()); } return $conn; } function sql_single($sql) { $results = mysql_query($sql); $x = 0; while ($row = mysql_fetch_array($results)) {
function _updateDateCalendar($fieldname) { global $TABLE_PREFIX, $tableName; $calendarTable = $TABLE_PREFIX . "_datecalendar"; // call ONCE per field static $calledFor = array(); if (@$calledFor[$fieldname]++) { return; } // check if table exists static $tableExists = false; if (!$tableExists) { $result = mysql_query("SHOW TABLES LIKE '{$calendarTable}'") or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); $tableExists = @mysql_result($result, 0); if (is_resource($result)) { mysql_free_result($result); } } // create table if it doesn't exists if (!$tableExists) { $createSql = "CREATE TABLE `{$calendarTable}` (\n `num` int(10) unsigned NOT NULL auto_increment,\n `tableName` varchar(255) NOT NULL,\n `fieldName` varchar(255) NOT NULL,\n `recordNum` varchar(255) NOT NULL,\n `date` date,\n PRIMARY KEY (`num`)\n ) ENGINE=MyISAM DEFAULT CHARSET=utf8;"; mysql_query($createSql) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); } // build queries $eraseDatesAsCSV = "0"; $insertValues = ''; $recordNum = (int) $_REQUEST['num']; foreach (array_keys($_REQUEST) as $formFieldname) { if (!preg_match("/^{$fieldname}:/", $formFieldname)) { continue; } list(, $dateString) = explode(":", $formFieldname); if (!$dateString) { continue; } if ($_REQUEST[$formFieldname]) { if ($insertValues) { $insertValues .= ",\n"; } $insertValues .= "('{$tableName}','{$fieldname}','{$recordNum}','{$dateString}')"; } else { $eraseDatesAsCSV .= ",'" . (int) $dateString . "'"; } } // remove dates $deleteQuery = "DELETE FROM `{$calendarTable}` "; $deleteQuery .= "WHERE `tablename` = '{$tableName}' "; $deleteQuery .= " AND `fieldname` = '{$fieldname}' "; $deleteQuery .= " AND `recordNum` = '" . mysql_escape($_REQUEST['num']) . "' "; $deleteQuery .= " AND `date` IN ({$eraseDatesAsCSV})"; mysql_query($deleteQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); // add dates if ($insertValues) { $insertQuery = "INSERT INTO `{$calendarTable}` (`tableName`,`fieldName`,`recordNum`,`date`) VALUES {$insertValues}"; mysql_query($insertQuery) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); } }
} } //开始获取system表的数据,如果存在数据 if (!!($row = mysql_fetch_array(mysql_query("select * from system where id=1"), MYSQL_ASSOC))) { $_html = array(); $_html['webname'] = $row['web_name']; $_html['article'] = $row['article_page']; $_html['blog'] = $row['blog_page']; $_html['photo'] = $row['photo_page']; $_html['skin'] = $row['skin']; $_html['string'] = $row['no_string']; $_html['post'] = $row['post_time']; $_html['re'] = $row['re_time']; $_html['code'] = $row['code']; $_html['register'] = $row['register']; $_html = mysql_escape($_html); //文章 if ($_html['article'] == 10) { $_html['article_html'] = '<select name="article"><option value="10" selected="selected">每页10篇</option><option value="12">每页12篇</option></select>'; } elseif ($_html['article'] == 12) { $_html['article_html'] = '<select name="article"><option value="10">每页10篇</option><option value="12" selected="selected">每页12篇</option></select>'; } //博友 if ($_html['blog'] == 15) { $_html['blog_html'] = '<select name="blog"><option value="15" selected="selected">每页15人</option><option value="20">每页20人</option></select>'; } elseif ($_html['blog'] == 20) { $_html['blog_html'] = '<select name="blog"><option value="15">每页15人</option><option value="20" selected="selected">每页20人</option></select>'; } //相册 if ($_html['photo'] == 6) { $_html['photo_html'] = '<select name="photo"><option value="6" selected="selected">每页6张</option><option value="9">每页9张</option></select>';
} } } echo "\n\t\t"; } elseif ($_GET['action'] == "edit") { echo "\n\t\t\t<h2 class=\"text-left\">Edit a News Article</h2><hr/>"; if (isset($_GET['id'])) { $id = $mysqli->real_escape_string($_GET['id']); $gn = $mysqli->query("SELECT * FROM " . $prefix . "news WHERE id='" . $id . "'") or die; $n = $gn->fetch_assoc(); if (!isset($_POST['edit'])) { echo "\n\t\t\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"title\">Title</label>\n\t\t\t\t<input type=\"text\" name=\"title\" class=\"form-control\" id=\"title\" placeholder=\"Title\" value=\"" . $n['title'] . "\" required/>\n\t\t\t</div>\n\t\t\t\t<b>Author:</b> " . $n['author'] . "<br/>\n\t\t\t\t<div class=\"form-group\">\n\t\t\t\t\t<label for=\"category\">Category</label>\n\t\t\t\t\t<select name=\"cat\" class=\"form-control\">\n\t\t\t\t\t\t<option value=\"ct_news_notice_notice\">Notice</option>\n\t\t\t\t\t\t<option value=\"ct_news_gameup\">Game Up</option>\n\t\t\t\t\t</select>\n\t\t\t\t</div>\n\t\t\t\t<textarea name=\"content\" style=\"height:300px;\" class=\"form-control\" id=\"content\">" . stripslashes($n['content']) . "</textarea><br/>\n\t\t\t\t<input type=\"submit\" name=\"edit\" class=\"btn btn-primary\" value=\"Edit News Article »\" />\t\t\n\t\t\t</form>"; } else { $title = mysql_escape($_POST['title']); $cat = mysql_escape($_POST['cat']); $content = mysql_escape($_POST['content']); if ($title == "") { echo "<div class=\"alert alert-danger\">You must enter a title.</div><hr/><button onclick=\"goBack()\" class=\"btn btn-primary\">« Go Back</button>"; } elseif (empty($cat)) { echo "<div class=\"alert alert-danger\">You must select a category.</div><hr/><button onclick=\"goBack()\" class=\"btn btn-primary\">« Go Back</button>"; } elseif (strlen($content) < 10) { echo "<div class=\"alert alert-danger\">You must enter some content.</div><hr/><button onclick=\"goBack()\" class=\"btn btn-primary\">« Go Back</button>"; } else { $u = $mysqli->query("UPDATE " . $prefix . "news SET title='" . $title . "', type='" . $cat . "', content='" . $content . "' WHERE id='" . $id . "'") or die; echo "<div class=\"alert alert-success\"><b>" . stripslashes($n['title']) . "</b> has been updated.</div>"; } } } else { $gn = $mysqli->query("SELECT * FROM " . $prefix . "news ORDER BY id DESC") or die; $cgn = $gn->num_rows; if ($cgn > 0) {
function mysql_getMysqlSetValues($columnsToValues) { $mysqlSet = ''; if (is_array($columnsToValues)) { foreach ($columnsToValues as $column => $value) { list($column, $dontEscapeValue) = extractSuffixChar($column, '='); if (!preg_match('/^([\\w\\-]+)$/i', $column)) { die(__FUNCTION__ . ": Invalid column name '" . htmlencode($column) . "', contains disallowed chars!"); } // error checking: whitelist column chars to prevent sql injection if ($dontEscapeValue) { $mysqlSet .= "`{$column}` = {$value}, "; } else { $mysqlSet .= "`{$column}` = '" . mysql_escape($value) . "', "; } } } // $mysqlSet = chop($mysqlSet, ', '); return $mysqlSet; }
function delepost() { global $ir, $c, $userid, $h, $bbc, $db; global $db; if ($ir['user_level'] < 2) { die(""); } $q3 = $db->query("SELECT * FROM forum_posts WHERE fp_id={$_GET['post']}"); $post = $db->fetch_row($q3); $q = $db->query("SELECT * FROM forum_topics WHERE ft_id={$post['fp_topic_id']}"); $topic = $db->fetch_row($q); $u = mysql_escape($post['fp_poster_name']); $db->query("DELETE FROM forum_posts WHERE fp_id={$post['fp_id']}"); print "Post deleted...<br />"; recache_topic($post['fp_topic_id']); recache_forum($post['fp_forum_id']); stafflog_add("Deleted post ({$post['fp_subject']}) in {$topic['ft_name']}"); }
/** * 活动列表 */ function action_list() { $table = self::$table; $table_alias = 'a'; $join = ' inner join et_user as u on u.id = a.uid '; if (empty($table_alias)) { throw new ErrorException("table is not defined"); } //$request = http_request("rows","page","sidx","sord"); $request = PtLib\http_request("verify", "production_status", "ship_status", "uid", "rows", "page", "sidx", "sord", "activity_id", "activity_name", "username", "mobile", 'startDate', 'endDate', 'pass', 'status', 'success'); $limit = $request['rows']; $page = $request['page']; $sort = $request['sidx']; $sort_type = $request['sord']; $username = $request['username']; //fields $select_fields = " a.production_status,a.ship_status,a.status,a.verify,a.id,a.name,a.uid,a.sale_count,a.sale_target,a.sale_total,a.start_time,a.sale_profit,a.end_time,a.period,a.thumb_svg_url,a.thumb_img_url"; //where $args = array(); if (empty($limit)) { $limit = 20; } if (empty($page)) { $page = 1; } if (empty($sort)) { $sort = "id"; $sort_type = "desc"; } else { if (empty($sort_type)) { $sort_type = "desc"; } } $where = " where 1=1 "; $args = array(); if ($request['uid']) { $where .= 'and a.uid = ? '; $args[] = $request['uid']; } if ($request['verify'] === "0" || $request['verify'] > 0) { $where .= 'and a.verify = ? '; $args[] = $request['verify']; } if ($request['status'] === "0" || $request['status'] > 0) { if ($request['status'] == 1) { //进行中 $where .= 'and a.start_time < now() and now() < a.end_time and a.status = 1'; } if ($request['status'] == 10) { //结束 $where .= 'and now() > a.end_time and a.status > 0'; } if ($request['status'] == 0) { //草稿 $where = 'and a.status = 0 '; } if ($request['status'] == 2) { //失败的 $where = 'and a.status = 2 '; } if ($request['status'] == 3) { //成功的 $where = 'and a.status = 3 '; } } if ($request['activity_id']) { $where .= " and a.id = ? "; $args[] = $request['activity_id']; } if ($request['activity_name']) { $where .= " and a.name like '%" . mysql_escape($request['activity_name']) . "%' "; } //order $order = ""; if ($sort) { $order = "order by a." . addslashes($sort) . " " . $sort_type; } $sql = "select count(a.id) as total from {$table} as a {$join} {$where} "; //$count_res = db()->select_row($sql,$args); $count_res = PtLib\db()->select_row($sql, $args); $records = $count_res['total']; $response = new stdClass(); $response->page = $page; //cur page if ($records > 0) { $total_pages = ceil($records / $limit); } else { $total_pages = 1; } if ($page > $total_pages) { $page = $total_pages; } $response->total = $total_pages; //total pages $response->records = $records; //count $skip = ($page - 1) * $limit; $sql = "select {$select_fields} from {$table} as a {$join} {$where} {$order} limit {$skip},{$limit} "; //$rows = db()->select_rows($sql,$args); $rows = PtLib\db()->select_rows($sql, $args); foreach ($rows as $row) { $response->rows[] = array('id' => $row['id'], "cell" => $row); } return $response; }
//把阅读量增一 mysql_query("update article set read_count =read_count + 1 where id='{$_GET['id']}'"); $clean = array(); $clean['article_id'] = mysql_escape($row['id']); $clean['uername'] = mysql_escape($row['username']); $clean['title'] = mysql_escape($row['title']); $clean['type'] = mysql_escape($row['type']); $clean['content'] = ubb(mysql_escape($row['content'])); $clean['read_count'] = mysql_escape($row['read_count']); $clean['comment_count'] = mysql_escape($row['comment_count']); $clean['date'] = mysql_escape($row['date']); $clean['member_id'] = mysql_escape($menber['id']); $clean['sex'] = mysql_escape($menber['sex']); $clean['face'] = mysql_escape($menber['face']); $clean['url'] = mysql_escape($menber['url']); $clean['email'] = mysql_escape($menber['email']); } else { alert('此短信不存在'); } } else { alert('非法操作'); exit; } //引入header.php头文件 require dirname(__FILE__) . '/includes/header.inc.php'; ?> <div id="article"> <h2>帖子详情</h2> <div id="subject"> <dl>