protected static function loginPost()
{
$email = type::post('email', 'string');
$password = type::post('password', 'string');
$remember = type::post('remember', 'int');
if (is_null($email) || is_null($password) || $email == '' || $password == '') {
echo message::info(lang::get('fill_out_both'));
return;
}
$sql = new sql();
$sql->query('SELECT password, salt, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"');
if (!$sql->num()) {
echo message::danger(sprintf(lang::get('email_not_found'), htmlspecialchars($email)), true);
$shake = 1;
return;
}
$sql->result();
if (!self::checkPassword($password, $sql->get('salt'), $sql->get('password'))) {
echo message::danger(lang::get('wrong_pw'));
$shake = 1;
return;
}
self::loginSession();
self::$userID = $sql->get('id');
$_SESSION['login'] = $sql->get('id');
if ($remember) {
setcookie("remember", $sql->get('id'), time() + 3600 * 24 * 7);
}
}
/**
* Installiert ein Template
* @param $file Dateiname des Templates
* @param $template_name Name mit dem das Template installiert werden soll
* @param [$debug=false] Debugflag
*/
function rex_installTemplate($file, $template_name, $debug = false)
{
global $REX, $REX_USER;
$content = sql::escape(file_get_contents($file . '.tpl'));
$sql = new rex_sql();
$sql->debugsql = $debug;
$qry = 'INSERT INTO ' . $REX['TABLE_PREFIX'] . 'template SET `name` = ' . sql::escape($template_name) . ', `content` = ' . $content . ', `createdate` = ' . sql::escape(time()) . ', `createuser` = ' . sql::escape($REX_USER->getValue('login'));
$sql->setQuery(_prepare_query($qry));
return $sql->getError();
}
/**
* @access protected
*/
function _getSQLSetString()
{
$set = ' SET' . ' re_id = "' . sql::escape($this->getParentId()) . '"' . ', name = "' . sql::escape($this->getName()) . '"' . ', path = "' . sql::escape($this->getPath()) . '"' . ', hide = "' . sql::escape($this->isHidden()) . '"' . ', updatedate = "' . sql::escape($this->getUpdateDate()) . '"' . ', createdate = "' . sql::escape($this->getCreateDate()) . '"' . ', updateuser = "******"' . ', createuser = "******"';
return $set;
}
static function __combine_where($keys, $revelance = FALSE)
{
self::$revelance = FALSE;
$implode = ' AND ';
if (!is_array($keys) or empty($keys)) {
return '';
}
if (self::$SAFE_MODE_WHERE) {
foreach ($keys as $key => $value) {
if (is_null($value)) {
$a[] = self::__combine_keyn($key) . ' IS NULL';
} else {
$a[] = self::__combine_keyn($key) . '=' . sql::escape($value);
}
}
} else {
$a = array();
foreach ($keys as $key => $v) {
if (!is_array($v)) {
$v = array($v);
}
foreach ($v as $value) {
if ($key === 'OR') {
$implode = ' OR ';
} elseif (substr($key, -1) == '!' and is_null($value) or $value === '') {
$a[] = self::__combine_keyn(substr($key, 0, -1)) . ' IS NOT NULL';
} elseif (is_null($value) or $value === '') {
$a[] = self::__combine_keyn($key) . ' IS NULL';
} elseif (substr($key, -1) == '!') {
$a[] = self::__combine_keyn(substr($key, 0, -1)) . '!=' . sql::escape($value);
} elseif ($key == '^') {
$a[] = 'MAX(' . self::__combine_keyn($value) . ')';
} elseif (substr($key, -2) == '~~') {
$temp = 'MATCH (' . self::__combine_keyn(substr($key, 0, -2)) . ') AGAINST (' . sql::escape($value) . ')';
if ($revelance) {
self::$revelance = $temp . ' AS `revelance`';
}
$a[] = $temp;
} elseif (substr($key, -1) == '~') {
$a[] = self::__combine_keyn(substr($key, 0, -1)) . ' LIKE ' . sql::escape($value);
} elseif (substr($key, -2) == '>=') {
$a[] = self::__combine_keyn(substr($key, 0, -2)) . '>=' . sql::escape($value);
} elseif (substr($key, -2) == '<=') {
$a[] = self::__combine_keyn(substr($key, 0, -2)) . '<=' . sql::escape($value);
} elseif (substr($key, -1) == '>') {
$a[] = self::__combine_keyn(substr($key, 0, -1)) . '>' . sql::escape($value);
} elseif (substr($key, -1) == '<') {
$a[] = self::__combine_keyn(substr($key, 0, -1)) . '<' . sql::escape($value);
} else {
$a[] = self::__combine_keyn($key) . '=' . sql::escape($value);
}
}
}
}
return ' WHERE ' . implode($implode, $a) . $addon;
}
.css" rel="stylesheet" type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>
</head>
<body>
<?php
include 'inserts/navbar.php';
?>
<div id="mainDiv">
<?php
//$mysqli->query("SET NAMES 'UTF8'");
//TODO: Limiting on graph
$perPage = 40;
$query = "SELECT rsn, clanRank, skill1 FROM rsAcc";
if (isset($_GET['search']) && !empty($_GET['search'])) {
if (preg_match('([A-Za-z0-9\\-\\_]+)', $_GET['search'])) {
$query = $query . " WHERE rsn LIKE '%" . $sql->escape($_GET['search']) . "%'";
}
} else {
$query = $query . " ORDER BY " . $sortType . " " . $sortDir;
}
$query = $query . " LIMIT " . ($page - 1) * $perPage . ", " . $page * $perPage;
$result = $sql->query($query);
if (mysqli_num_rows($result) != 0) {
?>
<div id="membersHeader">
Clan Members
</div>
<table id="membersTable">
<tr>
<!--<th class="memPic">Avatar</th>-->
<th class="memName">Name <a href="?page=<?php
/**
* @access protected
*/
function _getSQLSetString()
{
$set = ' SET' . ' re_file_id = "' . $this->getParentId() . '"' . ', category_id = "' . sql::escape($this->getCategoryId()) . '"' . ', filetype = "' . sql::escape($this->getType()) . '"' . ', filename = "' . sql::escape($this->getFileName()) . '"' . ', originalname = "' . sql::escape($this->getOrgFileName()) . '"' . ', filesize = "' . sql::escape($this->getSize()) . '"' . ', width = "' . sql::escape($this->getWidth()) . '"' . ', height = "' . sql::escape($this->getHeight()) . '"' . ', title = "' . sql::escape($this->getTitle()) . '"' . ', description = "' . sql::escape($this->getDescription()) . '"' . ', copyright = "' . sql::escape($this->getCopyright()) . '"' . ', updatedate = "' . sql::escape($this->getUpdateDate(null)) . '"' . ', createdate = "' . sql::escape($this->getCreateDate(null)) . '"' . ', updateuser = "******"' . ', createuser = "******"';
return $set;
}
</a>
<button type="submit" name="sendNew"><?php
echo lang::get('add');
?>
</button>
</form>
</div>
</div>
<?php
} elseif ($action == 'edit' && $id) {
if (isset($_POST['send'])) {
$sqlUser = new sql();
$sqlUser->result("SELECT * FROM " . sql::table('user') . " WHERE id = '" . $sqlUser->escape($id) . "'");
$perms = json_decode(type::post('rights'));
$rights = [];
foreach ($perms as $key => $val) {
foreach ($val as $var) {
$rights[] = $key . '[' . $var . ']';
}
}
$sql = new sql();
$sql->setTable('user');
$sql->setWhere('id=' . $id);
$admin = isset($_POST['admin']) ? 1 : 0;
$sql->addPost('perms', implode('|', $rights));
$sql->addPost('firstname', type::post('firstname'));
$sql->addPost('name', type::post('name'));
$sql->addPost('email', type::post('email'));
static function cache_update($kod)
{
$dane = db2::escape_data(sql::fetchone(sql::query('SELECT `ksiazki`.*, `pozycz`.`od`, `pozycz`.`kto` FROM `ksiazki` LEFT OUTER JOIN `pozycz` ON `pozycz`.`id`=`ksiazki`.`id` WHERE `ksiazki`.`id`=' . sql::escape($kod))));
self::cache_add($kod, $dane);
}
