コード例 #1
ファイル: mysql_security.php プロジェクト: GotaloveCode/sms
function mysql_fix_string($string)
    if (get_magic_quotes_gpc()) {
        $string = stipslashes($string);
    return mysql_real_escape_string($string);
function serialisededitor_run()
    page_header('Editing Serialised Array');
    $op = httpget('op');
    if ($op == 'source') {
        if (httpget('subop') == 'save') {
            $code = httppost('code');
            // Don't serialise the array as it already is.
            set_module_setting('array', $code, 'serialisededitor');
            output('`#Array has been serialised and saved.`0`n`n');
        } else {
            // Don't unserialise, leave as is.
            $code = get_module_setting('array', 'serialisededitor');
        $size = translate_inline(array('Width', 'Height'));
        $submit = translate_inline('Submit');
        rawoutput('<script language="JavaScript" type="text/javascript">function increase_row(target, value){target.rows = target.rows + value;}function increase_col(target, value){target.cols = target.cols + value;}</script>');
        rawoutput('<form action="runmodule.php?module=serialisededitor&op=source&subop=save" method="POST">');
        addnav('', 'runmodule.php?module=serialisededitor&op=source&subop=save');
        rawoutput('<table border="0" cellpadding="0" cellspacing="0">');
        rawoutput('<tr><td><textarea name="code" cols="40" rows="10" id="textarea">' . stripslashes($code) . '</textarea></td><td rowspan="2" valign="top"><input type="submit" onClick="increase_row(textarea,1);" value="+" />&nbsp;<input type="submit" onClick="increase_row(textarea,-1);" value="-" /><br /><span class="colLtWhite">' . $size[1] . '</span></td></tr>');
        rawoutput('<tr><td colspan="2"><input type="submit" onClick="increase_col(textarea,1);" value="+" />&nbsp;<input type="submit" onClick="increase_col(textarea,-1);" value="-" /><br /><span class="colLtWhite">' . $size[0] . '</span></td></tr>');
        rawoutput('<tr><td colspan="2"><input type="submit" class="button" value="' . $submit . '" /></td></tr>');
    } elseif ($op == 'find') {
        $subop = httpget('subop');
        $name = httppost('name') ? httppost('name') : '';
        $search = translate_inline('Search by name: ');
        $search2 = translate_inline('Search');
        rawoutput('<form action="runmodule.php?module=serialisededitor&op=find&subop=search" method="POST">' . $search . '<input type="text" size="30" name="name" value="' . $name . '" />&nbsp;<input type="submit" value="' . $search2 . '" class="button" /></form><br /><br />');
        addnav('', 'runmodule.php?module=serialisededitor&op=find&subop=search');
        if ($subop == 'search') {
            $search = "%";
            for ($i = 0; $i < strlen($name); $i++) {
                $search .= substr($name, $i, 1) . "%";
            $sql = "SELECT acctid, name, level, login\r\n\t\t\t\t\tFROM " . db_prefix('accounts') . "\r\n\t\t\t\t\tWHERE (locked = 0 AND name LIKE '{$search}')\r\n\t\t\t\t\tORDER BY level DESC";
            $result = db_query($sql);
            if (($max = db_num_rows($result)) > 0) {
                if ($max > 100) {
                    output('`#Listing first 100:`n`n');
                    $max = 100;
                $ops = translate_inline('Op');
                $pname = translate_inline('Name');
                $login = translate_inline('Login');
                $acctid = translate_inline('AcctID');
                $level = translate_inline('Level');
                $submit = translate_inline('Submit');
                $i = 0;
                rawoutput('<form action="runmodule.php?module=serialisededitor&op=find&subop=list" method="POST">');
                addnav('', 'runmodule.php?module=serialisededitor&op=find&subop=list');
                rawoutput('<table border="0" celpadding="0" cellspacing="1" align="center">');
                rawoutput('<tr class="trhead"><td>' . $ops . '</td><td>' . $pname . '</td><td>' . $login . '</td><td>' . $acctid . '</td><td>' . $level . '</td></tr>');
                while ($row = db_fetch_assoc($result)) {
                    rawoutput('<tr class="' . ($i % 2 ? 'trdark' : 'trlight') . '"><td align="center"><input type="radio" name="userid" value="' . $row['acctid'] . '" /></td><td>');
                    output_notl('`&%s', $row['name']);
                    output_notl('%s', $row['login']);
                    rawoutput('</td><td align="center">');
                    output_notl('%s', $row['acctid']);
                    rawoutput('</td><td align="center">');
                    output_notl('`^%s', $row['level']);
                    if ($i >= $max) {
                $sql = "SELECT modulename\r\n\t\t\t\t\t\tFROM " . db_prefix('modules') . "\r\n\t\t\t\t\t\r\n\t\t\t\t\t\tORDER BY modulename ASC";
                $result = db_query($sql);
                $select = '';
                while ($row = db_fetch_assoc($result)) {
                    $select .= '<option>' . $row['modulename'] . '</option>';
                rawoutput('<tr class="trlight"><td colspan="5">');
                output('`#Please select a module: ');
                rawoutput('<select name="modulename">' . $select . '</select></td></tr>');
                rawoutput('<tr class="trdark"><td align="center" colspan="5"><input type="hidden" name="name" value="' . $name . '" /><input type="submit" class="button" value="' . $submit . '" /></td></tr></table></form><br /><br />');
            } else {
                output('`#Sorry, but there were no matches. Please try again.`0`n');
        } elseif ($subop == 'list') {
            $userid = httppost('userid');
            $module = httppost('modulename');
            $sql = "SELECT a.name, b.setting, b.value\r\n\t\t\t\t\tFROM " . db_prefix('accounts') . " a, " . db_prefix('module_userprefs') . " b\r\n\t\t\t\t\tWHERE b.modulename = '" . $module . "'\r\n\t\t\t\t\t\tAND a.acctid = b.userid\r\n\t\t\t\t\t\tAND a.acctid = '" . $userid . "'";
            $result = db_query($sql);
            if (db_num_rows($result) > 0) {
                output('`#The data in the boxes should still be serialised, if it is not, then it isn\'t a serialised array.`0`n`n');
                $edit = translate_inline('Edit This Array');
                $i = 0;
                while ($row = db_fetch_assoc($result)) {
                    $array = unserialize($row['value']);
                    if (is_array($array)) {
                        rawoutput('<form action="runmodule.php?module=serialisededitor&op=find&subop=push" method="POST">');
                        addnav('', 'runmodule.php?module=serialisededitor&op=find&subop=push');
                        rawoutput('<textarea name="array" cols="40" rows="6">' . $row['value'] . '</textarea><br />');
                        rawoutput('<input type="hidden" name="data" value="' . $module . '|' . $row['setting'] . '|' . $userid . '" /><input type="submit" class="button" value="' . $edit . '" /></form><br /><br />');
                if ($i == 0) {
                    output('`#This module has no serialised arrays. Please try another.`0`n');
            } else {
                output('`#This user does not have any prefs with this module. Please try another.`0`n');
        } elseif ($subop == 'push') {
            $data = httppost('data');
            $array = httppost('array');
            if (!empty($data) && !empty($array)) {
                set_module_setting('data', $data, 'serialisededitor');
                set_module_setting('array', stripslashes($array), 'serialisededitor');
                output('`#The array data has been saved and is ready for editing. Click the Editor link to the side to begin.`0`n');
            } else {
                output('`$Error: `4No array data could be found. Please try again.`0`n');
        } elseif ($subop == 'pop') {
            if (httpget('subop2') == 'return') {
                $array = get_module_setting('array', 'serialisededitor');
                $data = get_module_setting('data', 'serialisededitor');
                if (!empty($data)) {
                    list($modulename, $setting, $userid) = explode('|', $data);
                    db_query("UPDATE " . db_prefix('module_userprefs') . " SET value = '" . $array . "' WHERE modulename = '" . $modulename . "' AND setting = '" . $setting . "' AND userid = '" . $userid . "'");
                    output("`#The array data has been saved back to its original location.`0`n`n");
                    set_module_setting('data', '', 'serialisededitor');
                    set_module_setting('array', '', 'serialisededitor');
                } else {
                    output('`$Error: `4The data was missing, could not put the array back.`0`n');
            } else {
                output('`#If you have finished editing the array then you can return the data back to its original location.`n`n');
                output('Click the link to the side to put it back.');
                addnav('Put Back');
                addnav('Continue', 'runmodule.php?module=serialisededitor&op=find&subop=push&subop2=return');
    } else {
        $sarray = unserialize(get_module_setting('array', 'serialisededitor'));
        // The unserialised array gets added to a new array with the key '0'.
        $names[] = !is_array($sarray) ? array('population' => 'you') : $sarray;
        $keyid = httpget('key') ? httpget('key') : httppost('key');
        if (!empty($keyid)) {
            $urls = '';
            $parts = '';
            $i = 1;
            $keyids = explode('|', $keyid);
            foreach ($keyids as $key => $value) {
                // Take a specific array from the multi-dimensional array and add it back with its own key.
                // Only with a specific branch of the tree.
                $names[] = $names[$i - 1][$value];
                // This makes the links for under the form.
                $parts .= $i == 1 ? $value : '|' . $value;
                $urls .= '[<a href="runmodule.php?module=serialisededitor&key=' . $parts . '">' . $value . '</a>]';
                addnav('', 'runmodule.php?module=serialisededitor&key=' . $parts);
            // Reverse the array because we want the last to be first and have the key '0'.
            $names = array_reverse($names);
        if (httpget('subop') == 'save') {
            // These are arrays!
            $keyname = httppost('keyname');
            $keyvalue = httppost('keyvalue');
            $keynameorig = httppost('keynameorig');
            $keyvalueorig = httppost('keyvalueorig');
            // Chars to strip out.
            $find = array('"', "'");
            $messages = '`#';
            foreach ($keyname as $key => $value) {
                if (!empty($value)) {
                    // Strip out quotes from key name.
                    $value = str_replace($find, '', $value);
                    if (isset($keynameorig[$key]) && $value != $keynameorig[$key]) {
                        // Key name changed, do this first.
                        if (!isset($names[0][$value])) {
                            // Easiest way to rename is to create a new key with the same value and delete the old key.
                            // This is the reason why renamed keys get put last, they're new. :)
                            $names[0][$value] = $names[0][$keynameorig[$key]];
                            $messages .= 'The key name `b' . $keynameorig[$key] . '`b has been renamed to `b' . $value . '`b.`n';
                        } else {
                            $messages .= '`$The key name `b' . $value . '`b already exists in this array branch. Please use another.`#`n';
                    if (!empty($keyvalue[$key])) {
                        if ($keyvalue[$key] == 'ARRAY') {
                            // Add a new array.
                            if (!empty($keynameorig[$key])) {
                                $messages .= 'Existing key name `b' . $value . '`b has been turned into an array.`n';
                            } else {
                                $messages .= 'The key name `b' . $value . '`b has been added and made an array.`n';
                            $names[0][$value] = array('populate' => 'me');
                        } else {
                            // Only did this part for the messages.
                            if (!empty($keyvalueorig[$key])) {
                                // Old value exists, check to see if it matches the new.
                                if ($keyvalueorig[$key] != $keyvalue[$key]) {
                                    $names[0][$value] = $keyvalue[$key];
                                    $messages .= 'The value of key `b' . $value . '`b has been changed from `b' . $keyvalueorig[$key] . '`b to `b' . stripslashes($keyvalue[$key]) . '`b.`n';
                            } else {
                                // Again for the messages.
                                if (isset($names[0][$value]) && isset($keynameorig[$key])) {
                                    // Existing key has had it's value changed from nothing to something.
                                    $messages .= 'The value of key name `b' . $value . '`b has been changed from nothing to `b' . stripslashes($keyvalue[$key]) . '`b.`n';
                                } else {
                                    // New key has been added with a value.
                                    $messages .= 'The key name `b' . $value . '`b has been added with a value of `b' . stipslashes($keyvalue[$key]) . '`b.`n';
                                $names[0][$value] = $keyvalue[$key];
                    } else {
                        // Array keynames don't have any values so check before making null.
                        if (!is_array($names[0][$value])) {
                            if (empty($keyvalue[$key]) && !empty($keyvalueorig[$key])) {
                                // key had a value, but no it doesn't.
                                $messages .= 'The value of key name `b' . $value . '`b has been changed from `b' . $keyvalueorig[$key] . '`b to nothing.`n';
                            } elseif (empty($keynameorig[$key]) && empty($keyvalue[$key]) && empty($keyvalueorig[$key])) {
                                // New key has been added, but with no value.
                                $messages .= 'The key name `b' . $value . '`b has been created and saved with no value.`n';
                            $names[0][$value] = '';
                } else {
                    // Delete.
                    if (isset($names[0][$keynameorig[$key]])) {
                        $messages .= 'The key name `b' . $keynameorig[$key] . '`b and its value have been deleted.`n';
            // $names is used further down to build the display so make a copy and alter it instead.
            $pass_over = $names[0];
            if (!empty($keyids)) {
                $keyids = array_reverse($keyids);
                $count = count($names);
                for ($i = 0; $i < $count; $i++) {
                    if (isset($names[1])) {
                        $shift = array_shift($names);
                        $names[0][$keyids[$i]] = $shift;
            set_module_setting('array', serialize($names[0]), 'serialisededitor');
            $message .= 'Array has been serialized and saved.`0';
            $names[0] = $pass_over;
        output('%s`0`n`n', translate_inline($messages));
        output('`n`c`#Do not use numbers to name the keys, use words only.`0`c`n`n');
        $trans = translate_inline(array('Key Name', 'Value', 'This value is an array.', 'Extra Boxes', 'Submit', 'Click to Edit', 'Array Tree Branch Links'));
        rawoutput('<form action="runmodule.php?module=serialisededitor&subop=save" method="POST">');
        addnav('', 'runmodule.php?module=serialisededitor&subop=save');
        rawoutput('<table border="0" width="450" cellpadding="1" cellspacing="1" align="center">');
        rawoutput('<tr class="trhead"><td>' . $trans[0] . '</td><td>' . $trans[1] . '</td></tr>');
        rawoutput('<tr class="' . (0 % 2 ? 'trlight' : 'trdark') . '"><td colspan="2">');
        output('`3To delete any of the following, simply delete the key name before submitting. Renaming a key will force it to the bottom.`0');
        // Build the form for the current array tree branch.
        if (!empty($names[0])) {
            $i = 1;
            foreach ($names[0] as $key => $value) {
                rawoutput('<tr class="' . ($i % 2 ? 'trlight' : 'trdark') . '"><td><input type="text" name="keyname[]" value="' . $key . '" /><input type="hidden" name="keynameorig[]" value="' . $key . '" /></td>');
                if (is_array($value)) {
                    // Don't over write $keyid as it's used below!
                    $keyid2 = empty($keyid) ? '' : $keyid . '|';
                    rawoutput('<td>' . $trans[2] . ' <a href="runmodule.php?module=serialisededitor&key=' . $keyid2 . $key . '">' . $trans[5] . '</a><input type="hidden" name="keyvalue[]" value="" /><input type="hidden" name="keyvalueorig[]" value="" /></td></tr>');
                    addnav('', 'runmodule.php?module=serialisededitor&key=' . $keyid2 . $key);
                } else {
                    rawoutput('<td><textarea name="keyvalue[]" col="20" row="5">' . stripslashes($value) . '</textarea><input type="hidden" name="keyvalueorig[]" value="' . stripslashes($value) . '" /></td></tr>');
        } else {
            rawoutput('<tr class="trlight"><td><input type="text" name="keyname[]" value="" /></td><td><textarea name="keyvalue[]" col="20" row="5"></textarea></td></tr>');
        rawoutput('<tr class="trhead"><td colspan="2">' . $trans[3] . '</td></tr>');
        rawoutput('<tr class="trdark"><td colspan="2">');
        output('`3To add another array, simply type `#`bARRAY`b `3into the box and submit. You can do this with existing values, but there\'s no way to convert back once this is done.`0');
        rawoutput('</td></tr><tr class="trlight"><td><input type="text" name="keyname[]" value="" /></td><td><textarea name="keyvalue[]" col="20" row="5"></textarea></td></tr>');
        rawoutput('<tr class="trdark"><td><input type="text" name="keyname[]" value="" /></td><td><textarea name="keyvalue[]" col="20" row="5"></textarea></td></tr>');
        rawoutput('<tr class="trhead"><td colspan="2">' . $trans[6] . '</td></tr>');
        rawoutput('<tr class="trlight"><td colspan="2"><a href="runmodule.php?module=serialisededitor">$array</a>' . $urls . '</td></tr>');
        addnav('', 'runmodule.php?module=serialisededitor');
        rawoutput('<tr class="trdark"><td align="center" colspan="2"><input type="hidden" name="key" value="' . $keyid . '" /><input type="submit" class="button" value="' . $trans[4] . '" /></td></tr></table></form><br /><br />');
        rawoutput('<table border="0" cellpadding="2" cellspacing="1" align="center">');
        $text = display_array($names[0]);
    addnav('Array Editor', 'runmodule.php?module=serialisededitor');
    addnav('Find Array To Edit', 'runmodule.php?module=serialisededitor&op=find');
    addnav('View Array Source', 'runmodule.php?module=serialisededitor&op=source');
    addnav('Put Array Back', 'runmodule.php?module=serialisededitor&op=find&subop=pop');
    addnav('Back to the Grotto', 'superuser.php');