function delete_form($f3)
{
if (!$this->check_empty($f3)) {
throw new \Exception('Not Empty');
}
show_page($f3, $this->template_name() . '.delete');
}
function route_request()
{
$cmd = grab_request_var("cmd", "");
switch ($cmd) {
case "Update Configuration":
update_worker_cfg();
break;
case "Start Worker":
control_worker("start");
break;
case "Restart Worker":
control_worker("restart");
break;
case "Attempt to Start Worker":
control_worker("start");
break;
case "Stop Worker":
control_worker("stop");
break;
case "top":
show_gearman_top();
break;
default:
break;
}
// always show page
show_page();
}
function process_form()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
show_page('Huh? ERROR: big kablooie');
return;
}
$query = 'SELECT id, name FROM users WHERE id="' . mysqli_real_escape_string(DB::get(), $_POST['account_id']) . '"';
$result = DB::queryRaw($query);
if (mysqli_num_rows($result) != 1) {
show_page('Nonexistent ID');
return;
}
$row = mysqli_fetch_assoc($result);
$id = $row['id'];
$name = $row['name'];
// ** FORM VALIDATED AT THIS POINT **
// perform elevation
$query = 'UPDATE users SET permissions="A", approved="1" WHERE id="' . $id . '" LIMIT 1';
DB::queryRaw($query);
// show confirmation page
page_header('Super-Admin');
echo <<<HEREDOC
<h1>Super-Admin</h1>
<span class="b">{$name}</span> was approved and elevated. Now clear the Super-Admin password.
HEREDOC;
//$names[0] = 'Super-Admin';
//$pages[0] = '';
//page_footer($names, $pages);
}
public function index()
{
$this->Purview_model->checkPurview($this->tablefunc);
$post = $this->input->post(NULL, TRUE);
$getwhere = array();
$search['type'] = trim($post['type']);
$search['keyword'] = trim($post['keyword']);
$search['searchtype'] = trim($post['searchtype']);
if ($search['type'] != '') {
$getwhere['type'] = $search['type'];
}
if ($search['searchtype'] == 'id') {
if ($search['keyword'] != '') {
$getwhere[$search['searchtype']] = $search['keyword'];
}
} else {
if ($search['keyword'] != '') {
$getwhere[$search['searchtype'] . ' like'] = '%' . $search['keyword'] . '%';
}
}
$pagearr = array('currentpage' => isset($post['currentpage']) && $post['currentpage'] > 0 ? $post['currentpage'] : 1, 'totalnum' => $this->Data_model->getDataNum($getwhere), 'pagenum' => 20);
$data = $this->Data_model->getData($getwhere, 'type,listorder,id desc', $pagearr['pagenum'], ($pagearr['currentpage'] - 1) * $pagearr['pagenum']);
$res = array('tpl' => 'list', 'tablefunc' => $this->tablefunc, 'search' => $search, 'typearr' => $this->typearr, 'liststr' => $this->_setlist($data, true), 'pagestr' => show_page($pagearr, $search), 'funcstr' => $this->Purview_model->getFunc($this->tablefunc, $this->funcarr));
$this->load->view($this->tablefunc, $res);
}
function index($f3)
{
$D = \R::findAll('toolgroups', 'ORDER BY sort_priority DESC, displayname ASC');
foreach ($D as $key => $element) {
$D[$key]->with("ORDER BY displayname ASC")->ownTools;
}
$f3->set('data', \R::exportAll($D));
show_page($f3, 'tools.index');
}
public function index()
{
$this->Purview_model->checkPurview($this->tablefunc);
$post = $this->input->post(NULL, TRUE);
$pagearr = array('currentpage' => isset($post['currentpage']) && $post['currentpage'] > 0 ? $post['currentpage'] : 1, 'totalnum' => $this->Data_model->getDataNum(), 'pagenum' => 20);
$data = $this->Data_model->getData('', 'listorder', $pagearr['pagenum'], ($pagearr['currentpage'] - 1) * $pagearr['pagenum']);
$res = array('tpl' => 'list', 'tablefunc' => $this->tablefunc, 'liststr' => $this->_setlist($data, true), 'pagestr' => show_page($pagearr, ''), 'funcstr' => $this->Purview_model->getFunc($this->tablefunc, $this->funcarr));
$this->load->view($this->tablefunc, $res);
}
function index($f3)
{
$D = \R::findOne('tools', 'name=?', array($f3->get('PARAMS.name')));
$D->with('ORDER BY id')->ownImages;
if ($D) {
$exportTmp = \R::exportAll($D);
$f3->set('data', $exportTmp[0]);
} else {
$f3->set('data', '');
}
show_page($f3, $this->template_name() . '.index');
}
function show_page($post_id = 0, $post_level = 0) { // 取得層數方便下標題
echo '<article class="article-content"><h' . ($post_level + 2) . ' class="article-title"><a href="' . get_permalink($post_id) . '">' . get_the_title($post_id) . '</a></h' . ($post_level + 2) . '><div class="thumbnail-img">';
the_post_thumbnail('large');
echo '</div>';
the_content();
if (is_page()) { //取得子網頁
$args = array(
'post_status' => 'publish',
'post_type' => 'page',
'post_parent' => $post_id,
'orderby' => 'menu_order',
'order' => 'ASC',
'nopaging' => true,
);
tcc_attachments($post_id);
$pages = get_posts($args);
foreach ($pages as $post) {
setup_postdata($post);
show_page($post->ID, $post_level + 1);
}
}
echo '<div class="clearfix"></div></article>';
}
function delete($f3)
{
if (!($user = \R::findOne('users', 'username=?', array(strtolower($f3->get('POST.username')))))) {
throw new \Exception('Could not find user');
}
if (!($tool = \R::findOne('tools', 'name=?', array(strtolower($f3->get('POST.tool')))))) {
throw new \Exception('Could not find tool');
}
if (!($records = \R::find('trainings', 'users_id=? AND tools_id=? AND level=?', array($user->id, $tool->id, strtoupper($f3->get('POST.level')))))) {
throw new \Exception('Could not any training records for this user on this tool at this level.');
}
\R::trashAll($records);
$f3->set('messages', array('All Records of User ' . $user->username . ' on Tool ' . $tool->name . ' at Level ' . strtoupper($f3->get('POST.level')) . ' deleted.'));
show_page($f3, 'messages');
}
<!--
Quick links page
By Kulvinder Lotay and Artur Barbosa
-->
<!DOCTYPE html>
<html>
<?php
# Connect to MySQL server and the database
require 'includes/connect_db.php';
# Includes these helper functions
require 'includes/helpers.php';
# Store current page in variable, call show_links and show_records functions using cur_page variable
$cur_page = $_SERVER['PHP_SELF'];
show_links($dbc, $cur_page);
# Show the records
show_page($cur_page, $dbc);
# If user requests item (clicks quick link) make the appropriate GET request from quick links
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if (isset($_GET['id']) && isset($_GET['p'])) {
if ($_GET['p'] == 3) {
show_record_admin($dbc, $_GET['id'], $_GET['p']);
} else {
show_record($dbc, $_GET['id'], $_GET['p']);
}
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['dialog'] == 'contact') {
$errors = array();
$from = trim($_POST['email']);
$message = trim($_POST['msg']);
} else {
show_form('passreset', translate('Please enter your own email address.', sz_config('language')));
}
} else {
show_form('passreset', translate('You have entered an invalid email address. Please try again.', sz_config('language')));
}
} else {
show_form('passreset', '');
}
}
break;
default:
if ($nrgic == 'showregmsg') {
show_msg(translate('Your request has been forwarded. We will notify you as soon as you can register again.', sz_config('language')));
}
show_page('index');
break;
}
//BEGIN FUNCTIONS
function blankRegForm($msg)
{
$newuser = array();
$newuser['username'] = '';
$newuser['fullnames'] = '';
$newuser['group'] = '';
$newuser['phone'] = '';
$newuser['user_website'] = '';
$newuser['email'] = '';
$newuser['referred_by'] = $_SESSION['ref'];
registerForm($msg, $newuser);
}
DB::setDbName($config["db_name"]);
}
if (isset($config["db_user"])) {
DB::setDbUser($config["db_user"]);
}
if (isset($config["db_pass"])) {
DB::setDbPass($config["db_pass"]);
}
// pridáme si ďalšie súbory s funkciami, ktoré budeme používať
require_once APP_PATH . "/functions/general.php";
require_once APP_PATH . "/functions/message.php";
require_once APP_PATH . "/functions/auth.php";
require_once APP_PATH . "/functions/tasks.php";
// naštartujeme session potrebné pre prihlásenie a správičky
if (!session_id()) {
@session_start();
}
// podstránky ktoré sú dostupné
if (!file_exists(APP_PATH . "/routes.php")) {
exit("Application error: Routes not found.");
}
$routes = (include APP_PATH . "/routes.php");
// v prvom segmente url máme podstránku
$page = segment(1);
// ak taká podstránka neexistuje v našom poli dostupných podstránok, tak zobrazíme 404 stránku
if (!isset($routes[$page])) {
show_404();
}
// inak ju zobrazíme
show_page($routes[$page]);
function process_form()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
if (isset($_POST['guts_full_update_a']) || isset($_POST['guts_full_update_b']) || isset($_POST['guts_full_update_c'])) {
process_special_form();
}
// and don't come back
$set = null;
for ($n = 1; $n < 12; $n++) {
if (isset($_POST['guts_full_update_' . $n])) {
$set = $n;
}
}
if (is_null($set)) {
trigger_error('No button clicked', E_USER_ERROR);
}
if ($_POST[$set] == 'None') {
$score = NULL;
} else {
$score = (int) htmlentities($_POST[$set]);
if ($score < 0 || $score > 3) {
trigger_error('Invalid score?!', E_USER_ERROR);
}
}
if ($_POST['previous_value_' . $set] == 'None') {
$row = DB::queryFirstRow('SELECT COUNT(*) FROM guts WHERE problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '" AND team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
if ($row['COUNT(*)'] != '0') {
show_page('The value of that field has changed. Make sure no ' . 'one else is currently entering scores for this team, and ' . 'try again.');
}
if (!is_null($score)) {
DB::queryRaw('INSERT INTO guts (team, problem_set, score) VALUES ("' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '", "' . mysqli_real_escape_string(DB::get(), $set) . '", "' . mysqli_real_escape_string(DB::get(), $score) . '")');
}
} else {
$result = DB::queryRaw('SELECT score FROM guts WHERE problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '" AND team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
if (mysqli_num_rows($result) == 0) {
show_page('The value of that field has changed. Make sure no ' . 'one else is currently entering scores for this team, and ' . 'try again.');
}
if (is_null($score)) {
DB::queryRaw('DELETE FROM guts WHERE team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '" LIMIT 1');
} else {
DB::queryRaw('UPDATE guts SET score="' . mysqli_real_escape_string(DB::get(), $score) . '" WHERE team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '"');
}
}
alert('The score for set ' . $set . ' has been updated', 1);
header('Location: ' . $_SERVER['REQUEST_URI']);
die;
}
function PrintUnread()
{
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="29"><img alt="" src="http://<?php
echo img_domain;
?>
/forum/menu/2.gif"><img alt="" src="http://<?php
echo img_domain;
?>
/forum/menu/1.gif"></td>
<td background="http://<?php
echo img_domain;
?>
/forum/menu/2.gif"><span style="color:white;font-size:11px;">Все непрочитанные тобой темы</span></td>
<td width="40" background="http://<?php
echo img_domain;
?>
/forum/menu/2.gif"><img src="http://<?php
echo img_domain;
?>
/forum/menu/3.gif"></td>
</tr>
</table>
<?php
$str_where = $this->MakePermissionForTopic();
$str_query_select = "SELECT\n\t\tforum_topics.view AS view,\n\t\tforum_topics.id AS topic_id,\n\t\tforum_topics.otv AS otv, \n\t\tforum_topics.top AS topic_top,\n\t\tforum_topics.text AS text,\n\t\tforum_topics.last_user AS last_user, \n\t\tforum_topics.last_date AS last_date,\n\t\tforum_topics.stat AS stat,\n\t\tforum_topics.user_id AS user_id,\n\t\tforum_name.name AS last_name,\n\t\tforum_kat.name AS kat_name,\n\t\tforum_main.name AS main_name";
$str_query_count = "SELECT COUNT(*)";
$str_query_from = " FROM forum_kat,forum_topics,forum_otv,forum_name,forum_main\n\t\tWHERE\n\t\t\t(\n\t\t\tforum_kat.id = forum_topics.kat_id AND\n\t\t\tforum_main.id = forum_kat.main_id AND\n\t\t\tforum_name.user_id=forum_topics.last_user AND\n\t\t\tforum_topics.id = forum_otv.topics_id AND\n\t\t\tforum_topics.id NOT IN (SELECT topic_id FROM forum_read WHERE user_id=" . $this->char['user_id'] . ")\n\t\t\t{$str_where}\n\t\t\t)\n\t\tGROUP BY forum_topics.id";
$sel = myquery($str_query_select . $str_query_from);
if (mysql_num_rows($sel) > 0) {
if (!isset($_GET['page'])) {
$page = 1;
} else {
$page = (int) $_GET['page'];
}
$line = 25;
$allpage = ceil(mysql_result($sel, 0, 0) / $line);
if ($page > $allpage) {
$page = $allpage;
}
if ($page < 1) {
$page = 1;
}
$selpage = myquery($str_query_select . $str_query_from . " order by forum_topics.last_date DESC limit " . ($page - 1) * $line . ", {$line}");
$this->PrintListTopic($selpage);
?>
<table style="width:100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="25" style="background-image:url(http://<?php
echo img_domain;
?>
/forum/menu/bg2.gif)" align="center">
<?php
$href = "?act=show_unread&";
echo 'Страница: ';
show_page($page, $allpage, $href);
?>
</td>
</tr>
</table>
<?php
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="29"><img alt="" src="http://<?php
echo img_domain;
?>
/forum/menu/2.gif"><img alt="" src="http://<?php
echo img_domain;
?>
/forum/menu/1.gif"></td>
<td background="http://<?php
echo img_domain;
?>
/forum/menu/2.gif"> </td>
<td width="40" background="http://<?php
echo img_domain;
?>
/forum/menu/2.gif"><img src="http://<?php
echo img_domain;
?>
/forum/menu/3.gif"></td>
</tr>
</table>
<?php
}
// *********************************************
// show_page
//
// @brief Show poet page.
//
// @param $id Poet user ID.
//
// *********************************************
function show_page($id)
{
echo '<div class="poems">';
echo '<p class="poet_name">';
// Show poet username as a link.
echo '<a href="rss.php?poet_id=' . $id . '">';
echo '<img src="graphics/rss.gif" class="rss"></a> ';
echo '<a href="show_poet_info.php?id=' . $id . '">';
echo get_poet_username($id);
echo '</a>';
echo '</p>';
// Show poet poems.
show_poems($id);
echo '</div>';
}
session_start();
require 'general_functions.php';
create_site_top();
create_top_menu();
// Get user ID.
$id = get_id($db, $_GET);
show_page($id);
create_site_bottom();
<?php session_start(); require_once 'controller/init.php'; require_once 'controller/page.php'; require_once 'model/db.php'; $page = isset($_GET['p']) ? $_GET['p'] : '0'; show_page($page);
function process_form()
{
// Check XSRF token
if ($_SESSION['xsrf_token'] != $_POST['xsrf_token']) {
trigger_error('XSRF token invalid', E_USER_ERROR);
}
$query = 'SELECT name, email, mailings, approved, email_verification FROM users WHERE id="' . mysqli_real_escape_string(DB::get(), $_POST['id']) . '"';
$result = DB::queryRaw($query);
if (mysqli_num_rows($result) != 1) {
show_page('User not found.', '');
return;
}
$row = mysqli_fetch_assoc($result);
if ($row['approved'] == '1') {
show_page('User already approved.', '');
return;
}
if ($row['email_verification'] != '1') {
show_page('User\'s email not yet verified.', '');
return;
}
$email_warning = "";
if ($row["mailings"] == '0') {
$email_warning = " <b>Warning:</b> This user has mailings turned off.";
}
// ** OK To Proceed **
$user_string = $row['name'] . ' (#' . htmlentities($_POST['id']) . ') <' . $row['email'] . '>';
$query = 'UPDATE users SET approved="1" WHERE id="' . mysqli_real_escape_string(DB::get(), $_POST['id']) . '" LIMIT 1';
DB::queryRaw($query);
if (!isset($_SESSION['approved_list'])) {
$_SESSION['approved_list_size'] = 1;
$_SESSION['approved_list'][1] = htmlentities($row['email']);
} else {
$_SESSION['approved_list_size']++;
$_SESSION['approved_list'][$_SESSION['approved_list_size']] = htmlentities($row['email']);
}
show_page('', 'Approved: ' . $user_string . $email_warning);
}
echo '<td>';
if ($mas[$i]['out_gp'] > 0) {
echo $mas[$i]['out_gp'] . ' монет<br>';
}
while (isset($mas[$i]['out'][$k_out])) {
echo $mas[$i]['out'][$k_out]['name'] . ' - ' . $mas[$i]['out'][$k_out]['kol'] . ' шт.<br>';
$k_out++;
}
echo '</td>';
echo '<td align="center"><a href="town.php?option=' . $option . '&exchange=' . $mas[$i]['id'] . '">Обменять</a></td>';
echo '</tr>';
$i++;
}
echo '</table>';
if ($page_max > 1) {
echo '<br>Страница: ';
show_page($page, $page_max, $page_href);
}
} else {
echo '<b>В Обменном пункте нет предложений, удовлетворяющих заданным условиям!</b>';
}
} else {
echo '<b>К сожалению, в Обменном пункте ещё нет предложений!</b>';
}
echo '</div>';
echo '</center>';
echo '</td><td background="' . $img . '_rm.gif"></td></tr><tr><td width="1" height="1"><img src="' . $img . '_lb.gif"></td><td background="' . $img . '_mb.gif"></td><td width="1" height="1"><img src="' . $img . '_rb.gif"></td></tr></table>';
}
if (function_exists("save_debug")) {
save_debug();
}
echo '<td colspan=2></td>';
}
}
echo '</tr>';
}
}
echo '
<tr>
<td width="16%" height=24 background="' . $img . '/img/comm.jpg"> </td>
<td width="84%" background="' . $img . '/img/comm.jpg"></td>
</tr>
</table>';
if ($allpage > 1) {
$href = '?option=comment&comm=' . $comm . '&user='******'user_id'] . '';
echo 'Страница: ';
show_page($page, $allpage, $href);
}
if ($user_id > 0) {
if (isset($_POST['text'])) {
$text = trim($_POST['text']);
if ($text != '') {
$text = mysql_real_escape_string(htmlspecialchars($text));
$ins = myquery("insert into blog_comm (post_id, user_id, post, comm_time)\n\t\t\t\tvalues\n\t\t\t\t('" . $comm . "','" . $char['user_id'] . "','{$text}','" . time() . "')");
$up = myquery("update blog_post set comments=comments+1 where post_id='{$comm}'");
$sel = myquery("select user_id from blog_post where post_id='{$comm}'");
list($userr) = mysql_fetch_array($sel);
myquery("update blog_users set comments=comments+1, lastcomm='" . date("d.m.y H:i") . "' where user_id='{$userr}'");
setLocation("?option=comment&comm=" . $comm . "");
}
} else {
echo '<center>';
if (($error_msg = lmt_send_individuals_email($_POST['subject'], $_POST['body'])) !== true) {
show_page($error_msg);
} else {
alert('Your message has been sent', 1);
header('Location: Individuals');
//Reloads the page
}
} else {
if (isset($_POST['lmti_do_reedit_message'])) {
if (($error_msg = val_email_msg($subject, $body)) !== true) {
show_page($error_msg);
} else {
show_page('');
}
} else {
show_page('');
}
}
}
function show_page($err)
{
// Put the cursor in the first field
global $body_onload, $use_rel_external_script;
$body_onload = 'document.forms[\'lmtIndividualComposeMessage\'].subject.focus();externalLinks();';
$use_rel_external_script = true;
lmt_page_header('Email Individuals');
$message_sent_msg = fetch_alert('msgIndiv');
// If an error message is given, put it inside this div
if ($err != '') {
$err = "\n <div class=\"error\">{$err}</div><br />\n";
}
$data2[$i]['NAME'] = $item->NAME;
$data2[$i]['IP_ADDR'] = $item->IPADDR;
$data2[$i]['DESCRIPTION'] = $item->DESCRIPTION;
$data2[$i]['URL'] = "http://" . $item->URL;
$data2[$i]['REP_STORE'] = $item->ADD_REP;
$data2[$i]['SUP'] = "<img src=image/delete-small.png OnClick='confirme(\"" . $item->NAME . "\",\"" . $item->ID . "\",\"" . $form_name . "\",\"supp\",\"" . $l->g(640) . " " . $l->g(644) . " \");'>";
if ($data2[$i]['IP_ADDR'] != "") {
$data2[$i]['MODIF'] = "<img src=image/modif_tab.png OnClick='pag(\"" . $i . "\",\"modif\",\"" . $form_name . "\")'>";
} else {
$data2[$i]['MODIF'] = "";
}
$i++;
}
$total = "<font color=red> (<b>" . $valCount['nb'] . " " . $l->g(652) . "</b>)</font>";
tab_entete_fixe($entete, $data2, $l->g(645) . $total, "95", "300");
show_page($valCount['nb'], $form_name);
echo "<input type='hidden' id='supp' name='supp' value=''>";
echo "<input type='hidden' id='modif' name='modif' value=''>";
echo "<input type='hidden' id='tri2' name='tri2' value='" . $_POST['tri2'] . "'>";
echo "<input type='hidden' id='sens' name='sens' value='" . $_POST['sens'] . "'>";
echo "</table>";
echo close_form();
//detail of group's machin
if ($_POST['modif'] != "" and !isset($_POST['Valid_modif']) and !isset($_POST['Reset_modif'])) {
$tab_name[1] = $l->g(646) . ": ";
$tab_name[2] = $l->g(648) . ": ";
$tab_typ_champ[1]['DEFAULT_VALUE'] = substr($data2[$_POST['modif']]['URL'], 7);
$tab_typ_champ[1]['COMMENT_BEFORE'] = "<b>http://</b>";
$tab_typ_champ[1]['COMMENT_AFTER'] = "<small>" . $l->g(691) . "</small>";
$tab_typ_champ[1]['INPUT_NAME'] = "URL";
$tab_typ_champ[1]['INPUT_TYPE'] = 0;
function admin_page($f3)
{
$admins = array();
foreach (\R::find('users', 'admin=1 ORDER BY username') as $user) {
array_push($admins, $user->username);
}
$f3->set('admins', implode("\n", $admins));
show_page($f3, 'admin');
}
$contents = "<div class='relyingparty_results'>\n";
$contents .= "<pre>" . $e->getMessage() . "</pre>\n";
$contents .= "</div class='relyingparty_results'>";
show_page($contents);
exit;
}
$url = $authRequest->getAuthorizeURL();
header("Location: {$url}");
exit;
} else {
/* Grab query string */
if (!count($_POST)) {
list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
} else {
// I hate php sometimes
$queryString = file_get_contents('php://input');
}
/* Check reply */
$message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
$id = $message->get('openid.claimed_id');
if (!empty($id) && isset($AUTH_MAP[$id])) {
$_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user'];
$_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password'];
session_write_close();
/* Redirect to phpMyAdmin (should use absolute URL here!) */
header('Location: ../index.php');
} else {
show_page('<p>User not allowed!</p>');
exit;
}
}
break;
}
}
}
}
return $result_nb_sessions;
}
if (isset($_GET['img']) && isset($_GET['file'])) {
show_img($_GET['file']);
}
clean_cache();
if (!isset($_GET['mode'])) {
$_GET['mode'] = '';
}
switch ($_GET['mode']) {
case 'minute':
$mode = new ReportMode_minute();
break;
case 'hour':
$mode = new ReportMode_hour();
break;
case 'day':
default:
$mode = new ReportMode_day();
break;
}
if (isset($_GET['img']) && $_GET['img'] == 'nb_sessions') {
show_img_nb_session($mode);
}
show_page($mode);
function do_enter_clarified_score()
{
if (!validate_theme_score($_GET['Score'])) {
trigger_error('Score isn\'t valid this time?!', E_USER_ERROR);
}
$row = DB::queryFirstRow('SELECT name, score_theme FROM individuals WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
if (!is_null($row['score_theme']) && !isset($_GET['Overwrite'])) {
if (isset($_GET['xsrf_token'])) {
header('Location: Theme?ID=' . $_GET['ID'] . '&Score=' . $_GET['Score']);
die;
} else {
$msg = 'A score of ' . htmlentities($row['score_theme']) . ' has already been entered for ' . htmlentities($row['name']);
if ($row['score_theme'] != $_GET['Score']) {
$msg .= ' (<a href="Theme?Overwrite&ID=' . htmlentities($_GET['ID']) . '&Score=' . htmlentities($_GET['Score']) . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_GET['Score']) . '</a>)';
}
show_page($msg, '');
}
}
// we check this later so we can go here without a token, too - so we can show an override message
// if the individual already has a score entered
if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
DB::queryRaw('UPDATE individuals SET score_theme="' . mysqli_real_escape_string(DB::get(), $_GET['Score']) . '" WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1');
$msg = 'A score of ' . htmlentities($_GET['Score']) . ' was entered for ' . htmlentities($row['name']);
show_page($msg, '');
}
function process_form()
{
// Check XSRF token
if ($_SESSION['xsrf_token'] != $_REQUEST['xsrf_token']) {
trigger_error('Invalid XSRF token', E_USER_ERROR);
}
//Check Test ID
$row = DB::queryFirstRow('SELECT test_id, name, total_points FROM tests WHERE test_id=%s LIMIT 1', $_REQUEST['ID']);
if (!$row) {
trigger_error('Process_Form: Invalid Test ID', E_USER_ERROR);
}
//Get some data
$test_name = $row['name'];
$test_id = intval($row['test_id']);
$total_points = intval($row['total_points']);
$score = $_REQUEST['score'];
//No intval() because intval('') is 0.
$user = sanitize_username($_REQUEST['user']);
if ($user === false) {
//Validate username
alert('Name must have only letters, hyphens, apostrophes, and spaces, and be between 3 and 30 characters long', -1);
} elseif (!val('i0+', $score) || ($score = intval($score)) > $total_points) {
//Validate Score
alert('Score must be a nonnegative integer not more than the total points', -1);
} elseif (count($userdata = autocomplete_users_php($user)) == 0) {
// Check for username - No such users found.
if (@isset($_GET['Temporary'])) {
if (DB::queryFirstField('SELECT COUNT(*) FROM users WHERE name=%s', $user) > 0) {
alert('User already exists!', -1);
}
DB::insert('users', array('name' => $user, 'permissions' => 'T', 'approved' => 1));
DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => DB::insertId(), 'score' => $score));
alert('Created new temporary user <b>' . $user . '</b>, and entered a score of ' . $score . '.', 1);
} else {
alert('Could not find <b>' . $user . '</b>. <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User</a>?', -1);
}
} elseif (count($userdata) > 1) {
alert('<b>' . $user . '</b> matches multiple people.' . ' <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User?</a>', -1);
} else {
//We've got exactly one match for the user name.
$user = $userdata[0]['name'];
$user_id = (int) $userdata[0]['id'];
// Check for previously-entered scores
$row = DB::queryFirstRow('SELECT score_id, score FROM test_scores WHERE test_id=%i AND user_id=%i LIMIT 1', $test_id, $user_id);
$prev_score = $row['score'];
$score_id = $row['score_id'];
if (!is_null($prev_score)) {
//Already entered.
$prev_score = intval($prev_score);
if ($prev_score == $score) {
alert('<b>' . $user . '</b>\'s score has already been entered as ' . $prev_score, -1);
} else {
if (@isset($_REQUEST['Override'])) {
DB::update('test_scores', array('score' => $score), 'score_id=%i LIMIT 1', $score_id);
alert('Changed score from ' . $prev_score . ' to ' . $score . ' for <b>' . $user . '</b>', 1);
} else {
alert("<b>{$user}</b>'s score has already been entered as {$prev_score}. <a href='?Override&ID={$test_id}&user={$user}&score={$score}&xsrf_token={$_SESSION['xsrf_token']}'>Change to {$score}?</a>", -1);
}
}
} else {
//Non-duplicate, valid. Let's enter it.
DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => $user_id, 'score' => $score));
alert('Entered a score of ' . $score . ' for ' . $user, 1);
}
}
show_page();
}
function insert_archive_page($yrfrom, $yrto)
{
//Get the page data
$dropbox_link = 'https://www.dropbox.com/sh/6wo6f5i8il42m1c/q8Vv_FHnxM/LMT';
$nth = intval(map_value('year')) - 2009 . 'th';
//This will last until the 21st LMT. Wow.
$date = map_value('date');
$num_participants = DB::queryFirstField("SELECT COUNT(*) FROM `individuals` WHERE (score_theme IS NOT NULL OR score_individual IS NOT NULL) AND deleted=0");
$num_teams = DB::queryFirstField("SELECT COUNT(*) FROM `teams` WHERE (score_team_short IS NOT NULL OR score_team_long IS NOT NULL) AND deleted=0");
$num_schools = DB::queryFirstField("SELECT COUNT(DISTINCT school_id) FROM `schools` RIGHT JOIN teams ON schools.school_id=teams.school WHERE (teams.score_team_short IS NOT NULL OR teams.score_team_long IS NOT NULL) AND teams.deleted=0 AND schools.deleted=0");
$content = <<<HEREDOC
<h1>{$yrfrom} Archive</h1>
<h3>{$nth} Annual LMT</h3>
<strong>Date: </strong>{$date}<br>
<strong>Number of participants: </strong>{$num_participants}<br>
<strong>Number of teams: </strong>{$num_teams}<br>
<strong>Number of schools represented: </strong>{$num_schools}<br>
<br>
<!--Fill in the questionmarks and un-comment the Flickr link below!-->
<!--<p><strong>View photos of the event </strong><a href="?????????" rel="external">on Flickr</a>.</p><br/>-->
<h3>Problems and Solutions</h3>All archived problems and solutions can be found at <a href="{$dropbox_link}" rel="external">this Dropbox folder</a>.<br/>
HEREDOC;
//Get the exported results
global $EXPORT_STR;
$EXPORT_STR = true;
require_once 'Export.php';
//Supposedly also in Backstage dir
$content .= show_page();
//Insert it
$order_num = 3000 - $yrfrom;
//specially determined formula for ordering in reverse, yet never overflowing. Not for 900 years. As long as stuff stays consistent, orderings should be able to stay the same.
//--todo-- check to make sure the order number doesn't already exist, because that vastly messes things up
DB::insert('pages', array('name' => "{$yrfrom} Archive", 'content' => $content, 'order_num' => $order_num));
}
function do_update_reg_close()
{
if (strlen($_POST['reg_close']) > 2000) {
show_page('Please limit all fields to 2000 characters');
}
map_set('reg_close', $_POST['reg_close']);
alert('Registration closing date has been changed. Be sure to update the homepage.', 1);
}
<?php
/*
* LMT/Backstage/Guts/Display/Display.php
* LHS Math Club Website
*
* New display thing :)
*/
$path_to_lmt_root = '../../../';
require_once $path_to_lmt_root . '../.lib/lmt-functions.php';
show_page();
function show_page()
{
score_guts();
cancel_templateify();
header('X-LMT-Guts-Data: 42');
//:)
?>
<meta http-equiv="refresh" content="7">
<script src="https://code.jquery.com/jquery-2.1.3.min.js"></script>
<style type="text/css">
body{
font-family:"Georgia";
}
.box{
vertical-align:top;
border: solid 2px #000;
border-radius: 10px;
height: 50px;
width: 270px;
<!DOCTYPE html>
<html>
<head>
<title>Example</title>
</head>
<body>
<?php
$data = array('webgl' => array('title' => 'Computer graphics with WebGL', 'description' => '...', 'lecturer' => 'Boychev'), 'go' => array('title' => 'Programming with Go', 'description' => '...', 'lecturer' => 'Bachiiski'));
function show_page($pageId, $data)
{
$output = "<h1>";
$output = $output . $data[$pageId]['title'];
$output = $output . "</h1>";
$output = $output . "<h2>";
$output = $output . $data[$pageId]['lecturer'];
$output = $output . "</h2>";
$output = $output . "<p>";
$output = $output . $data[$pageId]['description'];
$output = $output . "</p>";
echo $output;
// $output = "<h1>";
// $output .= $data[$pageId]
// <h1>Компютърна графика с WebGL</h1>
// <h2>доц. П. Бойчев</h2>
// <p>...</p>
}
show_page('webgl', $data);
?>
</body>
</html>
