コード例 #1
0
    if (!$_SESSION['do_check'] || md5(getIp() . strtolower($string)) == $user_check) {
        $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver`";
        $sql .= " WHERE Login = '******' AND Contact ='" . $contact . "'";
        $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
        if ($data['Count'] > 0) {
            if ($data[0]['Activated'] == 'YES') {
                $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver`";
                $sql .= " SET Password ='******'";
                $sql .= " WHERE Id = " . $data[0]['Id'];
                $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
                if (!defined('NO_PHPBB_INSTALLED')) {
                    chgPwdphpBBuser($login, $password);
                }
                sendNewPwdMail($data[0], $password);
                //echo $password;
                trackAction("pwd_user", $data[0]['Id'], "T_caver");
                $_SESSION['user_pwd_sent'] = true;
            } else {
                $activated = false;
                $_SESSION['user_pwd_sent'] = false;
            }
        } else {
            $_SESSION['user_pwd_sent'] = false;
            $_SESSION['send_retry'] += 1;
        }
    } else {
        $_SESSION['user_pwd_sent'] = false;
        $_SESSION['send_retry'] += 1;
    }
} else {
    $_SESSION['send_retry'] = 1;
コード例 #2
0
    }
}
if (allowAccess(caver_delete_himself)) {
    //Delete an account :
    if (isset($_POST['delete_user'])) {
        $password = isset($_POST['d_caver_password']) ? $_POST['d_caver_password'] : '';
        $key = isset($_POST['d_key']) ? $_POST['d_key'] : '';
        $password = crypt_xor(stripslashes($password), $key);
        $login = isset($_POST['d_caver_login']) ? $_POST['d_caver_login'] : '';
        $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver` ";
        $sql .= "WHERE `Id` = " . $_SESSION['user_id'] . " ";
        $sql .= "AND `Password` = '" . getCryptedPwd($login, $password) . "' ";
        $sql .= "AND `Login` = '" . $login . "'";
        $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
        if ($data['Count'] > 0) {
            trackAction("delete_user", $_SESSION['user_id'], "T_caver");
            $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`T_caver` ";
            $sql .= "WHERE `Id` = " . $_SESSION['user_id'];
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_entry_caver` ";
            $sql .= "WHERE `Id_caver` = " . $_SESSION['user_id'];
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_grotto_caver` ";
            $sql .= "WHERE `Id_caver` = " . $_SESSION['user_id'];
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_caver_group` ";
            $sql .= "WHERE `Id_caver` = " . $_SESSION['user_id'];
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            $delete_failed = false;
        } else {
            $delete_failed = true;
コード例 #3
0
ファイル: massif.php プロジェクト: GrottoCenter/GrottoCenter 
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $nid = $req['mysql_insert_id'];
     trackAction("insert_massif", $nid, "T_massif");
 } else {
     $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_massif` ";
     $sql .= " SET ";
     $sql .= "Locked = 'NO', ";
     $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", ";
     $sql .= "Name = " . returnDefault($name, 'text') . ", ";
     $sql .= "Date_reviewed = Now() ";
     $sql .= "WHERE Id = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` ";
     $sql .= "WHERE `Id_massif` = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     trackAction("edit_massif", $id, "T_massif");
 }
 if ($list != "") {
     if ($isNew == "True") {
         $onid = $nid;
     } else {
         $onid = $id;
     }
     $arrList = explode("|", $list);
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_massif_cave` (`Id_massif`, `Id_cave`, `Id_entry`) VALUES ";
     foreach ($arrList as $value) {
         $linked_id = explode($regForCat, $value);
         $sql .= "(" . $onid . ", " . $linked_id[0] . ", " . $linked_id[1] . "), ";
     }
     $sql = substr($sql, 0, strlen($sql) - 2);
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
コード例 #4
0
ファイル: grotto.php プロジェクト: GrottoCenter/GrottoCenter 
     $sql .= "Id_president = " . returnDefault($president, 'id') . ", ";
     $sql .= "Id_vice_president = " . returnDefault($vice_pres, 'id') . ", ";
     $sql .= "Id_treasurer = " . returnDefault($treasurer, 'id') . ", ";
     $sql .= "Id_secretary = " . returnDefault($secretary, 'id') . ", ";
     $sql .= "Latitude = " . returnDefault($latitude, 'latlng') . ", ";
     $sql .= "Longitude = " . returnDefault($longitude, 'latlng') . ", ";
     $sql .= "Custom_message = " . returnDefault($custom_message, 'text') . " ";
     $sql .= "WHERE Id = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_grotto_entry` ";
     $sql .= "WHERE `Id_grotto` = " . $id;
     $status = "edit_grotto";
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $nid = $id;
 }
 trackAction($status, $nid, "T_grotto");
 if ($list != "") {
     if ($isNew == "True") {
         $onid = $nid;
     } else {
         $onid = $id;
     }
     $arrList = split('[|]+', $list);
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_grotto_entry` (`Id_grotto`, `Id_entry`) VALUES ";
     foreach ($arrList as $value) {
         $sql .= "(" . $onid . ", " . $value . "), ";
     }
     $sql = substr($sql, 0, strlen($sql) - 2);
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
 }
 $save_failed = false;
コード例 #5
0
ファイル: entry.php プロジェクト: GrottoCenter/GrottoCenter 
     $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` WHERE Id_entry = " . $onid;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
 }
 $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` WHERE Id_massif = '" . $old_massif_id . "' AND Id_entry = " . $onid;
 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
 if ($isMassifed == "YES" && !($isNetworked == "YES" && $isNewNetwork != "YES")) {
     if ($isNewMassif == "YES") {
         $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_massif` ";
         $sql .= "(`Id_author`, `Name`, `Date_inscription`)";
         $sql .= " VALUES (";
         $sql .= $_SESSION['user_id'] . ", ";
         $sql .= returnDefault($massif_name, 'text') . ", ";
         $sql .= "Now()) ";
         $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
         $massif_id = $req['mysql_insert_id'];
         trackAction("insert_massif", $massif_id, "T_massif");
     }
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_massif_cave` (`Id_massif`, `Id_cave`, `Id_entry`) VALUES (";
     $sql .= returnDefault($massif_id, 'text') . ", ";
     if ($isNetworked == "YES" && $isNewNetwork == "YES") {
         $sql .= returnDefault($cave_id, 'text') . ", ";
         $sql .= "0) ";
     } else {
         $sql .= "0, ";
         $sql .= returnDefault($onid, 'text') . ") ";
     }
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
 }
 if ($isNew == "True") {
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_single_entry` ";
     //$sql .= "(`Id`, `Min_depth`, `Max_depth`, `Length`, `Is_diving`, `Temperature`)";
コード例 #6
0
ファイル: file.php プロジェクト: GrottoCenter/GrottoCenter 
     $sql .= returnDefault($caving, 'float') . ", ";
     $sql .= returnDefault($approach, 'float') . ", ";
     $sql .= returnDefault($id_answered, 'id') . ", ";
     $sql .= returnDefault($alert_me, 'checkbox') . ", ";
 }
 if ($ncat == "comment" || $ncat == "location" || $ncat == "bibliography" || $ncat == "history") {
     $sql .= returnDefault($id, 'id') . ", ";
 }
 $sql .= "'NO', ";
 $sql .= $_SESSION['user_id'] . ", ";
 $sql .= "Now() ";
 $sql .= ") ";
 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
 $nid = $req['mysql_insert_id'];
 //Tracker
 trackAction("insert_" . $ncat, $nid, "T_" . $ncat);
 //Update the entry contribution flag
 $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_entry` ";
 $sql .= "SET Has_contributions = 'YES' ";
 $sql .= "WHERE Id = " . $id;
 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
 //Send an e-mail to the answered person
 if ($id_answered != "" && $ncat == "comment") {
     $get_answered_sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_comment` WHERE Id = " . $id_answered;
     $answered_array = getDataFromSQL($get_answered_sql, __FILE__, $frame, __FUNCTION__);
     if ($answered_array[0]["Alert"] == "YES") {
         alertForCommentReply($id_answered, $nid, $category, $id);
     }
 }
 if ($ncat == "rigging" || $ncat == "description") {
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_entry_" . $ncat . "` (Id_entry, Id_" . $ncat . ") VALUES ( ";
コード例 #7
0
ファイル: request.php プロジェクト: GrottoCenter/GrottoCenter 
                 $sql .= returnDefault($_SESSION['Application_url'] . '/upload/attachments/' . $attachment_file, 'text') . ") ";
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
                 $file_id = $req['mysql_insert_id'];
                 trackAction("insert_file", $file_id, "T_file");
                 $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_author_file` ";
                 $sql .= "(Id_author, Id_file) VALUES (";
                 $sql .= returnDefault($uploaded_author_id, 'id') . ", ";
                 $sql .= returnDefault($file_id, 'id') . ") ";
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
             }
         } elseif (isset($_GET['deleted']) && $_GET['deleted'] == "true") {
             $file_id = isset($_GET['file_id']) ? $_GET['file_id'] : '';
             if ($file_id != "") {
                 $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_author_file` WHERE Id_file = " . $file_id;
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
                 trackAction("delete_file", $file_id, "T_file");
                 $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`T_file` WHERE Id = " . $file_id;
                 $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
             }
         }
     }
 }
 $sql = "SELECT DISTINCT T_file.Id AS File_id, T_file.Path, T_author.Id, T_author.Validated, T_topography.Id_author, T_status.Name AS Status_name ";
 $sql .= "FROM `" . $_SESSION['Application_host'] . "`.`T_request` ";
 $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_topography` ON T_request.Id = T_topography.Id_request ";
 $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_status` ON T_status.Id = T_request.Id_status ";
 $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_topo_author` ON J_topo_author.Id_topography = T_topography.Id ";
 $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_author` ON T_author.Id = J_topo_author.Id_author ";
 $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_author_file` ON J_author_file.Id_author = T_author.Id ";
 $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_file` ON T_file.Id = J_author_file.Id_file ";
 $sql .= "WHERE T_topography.Id = " . $topo_id;
コード例 #8
0
function sendRequestMail($request_id)
{
    if ($request_id != "") {
        $request_sql = "SELECT T_label." . $_SESSION['language'] . " AS Status, T_status.Name AS Status_name, T_request.Name, ";
        $request_sql .= "T_caver_a.Contact AS Aut_contact, T_caver_a.Nickname AS Aut_nick,  ";
        $request_sql .= "T_caver_b.Contact AS Rec_contact, T_caver_b.Nickname AS Rec_nick  ";
        $request_sql .= "FROM `" . $_SESSION['Application_host'] . "`.`T_topography` ";
        $request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_request` ON T_request.Id = T_topography.Id_request ";
        $request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_status` ON T_status.Id = T_request.Id_status ";
        $request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_label` ON T_label.Id = T_status.Id_label ";
        $request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_caver` T_caver_a ON T_caver_a.Id = T_request.Id_author ";
        $request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_caver` T_caver_b ON T_caver_b.Id = T_request.Id_recipient ";
        $request_sql .= "WHERE T_request.Id = '" . $request_id . "' ";
        $request_data = getDataFromSQL($request_sql, __FILE__, "function", __FUNCTION__);
        $status_lbl = $request_data[0]['Status'];
        $request_name = $request_data[0]['Name'];
        $status_name = $request_data[0]['Status_name'];
        $rec_contact = $request_data[0]['Rec_contact'];
        $rec_name = $request_data[0]['Rec_nick'];
        $aut_contact = $request_data[0]['Aut_contact'];
        $aut_name = $request_data[0]['Aut_nick'];
        $copy = false;
        switch ($status_name) {
            case "submitted":
                $mail_dest = $rec_contact;
                $name_dest = $rec_name;
                $mail_from = $aut_contact;
                $name_from = $aut_name;
                $subject = "<convert>#label=847<convert> '" . $request_name . "' <convert>#label=849<convert>.";
                //La demande : //vous a été envoyée
                $temp_body = "<convert>#label=851<convert>";
                //Veuillez vérifier les droits d'auteurs et appliquer les modifications nécessaires à la topographie. Ensuite vous pourez choisir de valider ou refuser la demande.
                break;
            case "rejected":
                $mail_dest = $aut_contact;
                $name_dest = $aut_name;
                $mail_from = $rec_contact;
                $name_from = $rec_name;
                $subject = "<convert>#label=846<convert> '" . $request_name . "' <convert>#label=848<convert> '" . $status_lbl . "'.";
                //Votre demande : //est passée à l'état :
                $temp_body = "<convert>#label=852<convert>";
                //Votre demande a été rejetée, la cause du rejet peut être indiquée dans le champ commentaire de la demande. Veuillez modifier votre demande avant de la soumettre à nouveau.
                break;
            case "approved":
                trackAction("approve_request", $request_id, "T_request");
                $mail_dest = $aut_contact;
                $name_dest = $aut_name;
                $mail_from = $rec_contact;
                $name_from = $rec_name;
                $subject = "<convert>#label=846<convert> '" . $request_name . "' <convert>#label=848<convert> '" . $status_lbl . "'.";
                //Votre demande : //est passée à l'état :
                $temp_body = "<convert>#label=853<convert>";
                //Votre demande a été accepté et est dès à présent en ligne, vous pouvez consulter les topographies sur GrottoCenter.org.
                break;
            case "canceled":
                trackAction("cancel_request", $request_id, "T_request");
                $mail_dest = $rec_contact;
                $name_dest = $rec_name;
                $mail_from = $aut_contact;
                $name_from = $aut_name;
                $subject = "<convert>#label=847<convert> '" . $request_name . "' <convert>#label=850<convert>.";
                //La demande : //a été signalée comme illicite
                $temp_body = "<convert>#label=851<convert>";
                //Veuillez vérifier les droits d'auteurs et appliquer les modifications nécessaires à la topographie. Ensuite vous pourez choisir de valider ou refuser la demande.
                break;
        }
        $mail_body = "<p><convert>#label=470<convert> " . $name_dest . ",<br />";
        //Bonjour
        $mail_body .= $subject . "<br/>";
        $mail_body .= $temp_body . "</p>";
        $mail_body .= "<ul><li><convert>#label=854<convert> " . $name_dest . " " . $mail_dest . "</li>";
        //Vous :
        $mail_body .= "<li><convert>#label=855<convert> " . $name_from . " " . $mail_from . "</li>";
        //Votre contact (Leader) :
        $mail_body .= "<li><convert>#label=861<convert>: " . $request_id . "</li></ul>";
        //Numéro de la demande :
        $mail_body .= getSignature();
        return sendMail($mail_dest, $subject, $mail_body, "", "", $copy);
    } else {
        return false;
    }
}
コード例 #9
0
ファイル: url.php プロジェクト: GrottoCenter/GrottoCenter 
     trackAction("insert_url", $nid, "T_url");
 } else {
     $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_url` ";
     $sql .= " SET ";
     $sql .= "Locked = 'NO', ";
     $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", ";
     $sql .= "Name = " . returnDefault($name, 'text') . ", ";
     $sql .= "Url = " . returnDefault($link, 'url') . ", ";
     $sql .= "Comments = " . returnDefault($comments, 'text') . ", ";
     $sql .= "Date_reviewed = Now() ";
     $sql .= "WHERE Id = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_entry_url` ";
     $sql .= "WHERE `Id_url` = " . $id;
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
     trackAction("edit_url", $id, "T_url");
 }
 if ($isNew == "True") {
     $onid = $nid;
 } else {
     $onid = $id;
 }
 if ($list != "") {
     $arrList = split('[|]+', $list);
     //Establish the relationship between entries and this url
     $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_entry_url` (`Id_url`, `Id_entry`) VALUES ";
     foreach ($arrList as $value) {
         $sql .= "(" . $onid . ", " . $value . "), ";
     }
     $sql = substr($sql, 0, strlen($sql) - 2);
     $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
コード例 #10
0
ファイル: contact.php プロジェクト: GrottoCenter/GrottoCenter 
            $subject .= "; Category: " . $category;
        }
        if ($bad_name != "") {
            $subject .= "; Id: " . $bad_name;
        }
        sendMessageToWM($admin_id, $contact, $real_mail, $name, $subject, nl2br($body));
        if ($category == 'topography' && $bad_name != '') {
            $sql = "SELECT Id FROM T_status WHERE Name = 'canceled'";
            $status_id = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
            $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_topography` SET Enabled = 'NO' WHERE Id_request = " . $bad_name;
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            $user_login = $_SESSION['user_login'] == '' ? "guest" : $_SESSION['user_login'];
            $date_stamp = '---- <convert>#label=230<convert>: ' . $user_login . ' ' . date("Y-m-d H:i:s") . ' ----';
            $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_request` SET Id_status = " . returnDefault($status_id[0]['Id'], 'id') . ", Comments = " . returnDefault($date_stamp . "\n" . $body, 'text') . " WHERE Id = " . $bad_name;
            $req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
            trackAction("edit_request", $bad_name, "T_request");
            sendRequestMail($bad_name);
        }
        $send_failed = false;
    }
}
function formIsValid()
{
    $string = isset($_POST['m_check']) ? $_POST['m_check'] : '';
    $check = True;
    $check = $check && (md5(getIp() . strtolower($string)) == $_SESSION['userCheck'] || USER_IS_CONNECTED);
    return $check;
}
if (!USER_IS_CONNECTED) {
    deleteImage();
}