FUNCTION Query($query) {
$result = MySQL_Query($query, $this->DB) OR Die(VA_Message("MySQL Error #".MySQL_ErrNo()." :\n".MySQL_Error()."\n".$query, "bug"));
$this->affected_rows = MySQL_Affected_Rows($this->DB);
$this->mysql_queries++;
RETURN NEW result($result);
}
function prava($modul,$subint='*',$osoba='*') {
// jako default subintu dat parametr subint z URL
// jako default osoby dat to definici funkce toho, kdo je prihlasenej
//echo "DEBUG: $subint<br>";
if ($subint!=='*') $subint_sql=" AND subint='$subint'";
if ($osoba==='*') $osoba=13740;
//echo "DEBUG: subint=$subint osoba=$osoba<br>";
$tmp=MySQL_Query("SELECT * FROM prava WHERE modul='$modul' AND (osoba=0 OR osoba='$osoba') $subint_sql ORDER BY uroven DESC LIMIT 1");
if ($zaznam=MySQL_Fetch_Assoc($tmp)) return $zaznam[uroven];
else return 0;
}
?>
</ul>
<!-- end of # -->
<?php
} else {
?>
<em>Symbol nebyl přiřazen žádnému případu.</em><br /><?php
}
// konec seznamu přiřazených případů
// generování seznamu přiřazených hlášení
if ($usrinfo['right_power']) {
$sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 ORDER BY " . DB_PREFIX . "reports.label ASC";
} else {
$sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 AND " . DB_PREFIX . "reports.secret=0 ORDER BY " . DB_PREFIX . "reports.label ASC";
}
$pers = MySQL_Query($sql_s);
$i = 0;
while ($perc = MySQL_Fetch_Assoc($pers)) {
$i++;
if ($i == 1) {
?>
<strong>Hlášení:</strong>
<ul id=""><?php
}
?>
<li><a href="readactrep.php?rid=<?php
echo $perc['id'];
?>
"><?php
echo $perc['label'];
?>
MySQL_Free_Result($res);
echo date("H:i:s")." nalezeno $count zaznamu<br>\n";
break;
case "kraje":
$res=MySQL_Query("SELECT * FROM kraje");
while ($record=MySQL_Fetch_Assoc($res))
$kraj[$record[oznaceni]]=$record[id];
MySQL_Free_Result($res);
echo date("H:i:s")." načteny kraje<br>\n";
$count=0;
$res=MySQL_Query("SELECT * FROM oddily");
while ($record=MySQL_Fetch_Assoc($res)):
$count++;
$up=$kraj[substr($record[fox_id],0,1)];
MySQL_Query("UPDATE oddily SET kraj=$up WHERE id='$record[id]'");
endwhile;
MySQL_Free_Result($res);
echo date("H:i:s")." nastaveno $count krajů<br>\n";
break;
case "rc":
$osoba[jmeno]='jm';
$osoba[prijmeni]='pr';
$osoba[narozeni]='1967-11-19';
$osoba[pohlavi]='Z';
$osoba[cizinec]='N';
$osoba[rc]='6711191553';
kontrola_osoby($osoba);
echo '<pre>';
var_dump($osoba);
function page_counter($id, $table, $sort, $view_number, $sess, $link, $i, $page)
{
$count = MySQL_Query("SELECT {$id} FROM {$table} WHERE {$sort} AND ul_group = '{$sess['4']}'") or die($query_error);
//vybíráme zprávy
$page_count = Ceil(MySQL_Num_Rows($count) / $view_number);
//poèet stran, na kterých se zprávy zobrazí
for ($i = 0; $i < $page_count; $i++) {
echo " | ";
if ($page != $i) {
echo "<a href=\"{$link}{$i}\">";
}
echo $i + 1;
if ($page != $i) {
echo '</a> ';
}
}
}
<?php
require_once './inc/func_main.php';
MySQL_Query("CREATE TABLE nw_unread (id int NOT NULL PRIMARY KEY AUTO_INCREMENT, idtable int, idrecord int, iduser int)");
$sql = "SELECT id as 'id' FROM " . DB_PREFIX . "users";
$res = MySQL_Query($sql);
while ($rec_utc = MySQL_Fetch_Assoc($res)) {
MySQL_Query("INSERT INTO nw_unread (idtable,idrecord) SELECT idtable,idrecord FROM nw_unread_" . $rec_utc['id']);
MySQL_Query("UPDATE nw_unread SET iduser = "******" WHERE iduser IS NULL;");
MySQL_Query("DROP TABLE nw_unread" . $rec_utc['id']);
echo 'vysledek=' . $rec_utc;
print_r($rec_utc);
debug_zval_dump($rec_utc);
echo '<br />';
}
function filter()
{
global $f_cat, $f_sort, $f_user, $f_type, $usrinfo, $f_org, $f_my, $f_glob, $f_count;
echo '<div id="filter-wrapper"><form action="audit.php" method="post" id="filter">
<fieldset>
<legend>Filtr</legend>
<p>Vypsat <select name="kategorie">
<option value="0"' . ($f_cat == 0 ? ' selected="selected"' : '') . '>všechny auditní záznamy</option>
<option value="1"' . ($f_cat == 1 ? ' selected="selected"' : '') . '>i s aktualitami</option>
<option value="2"' . ($f_cat == 2 ? ' selected="selected"' : '') . '>prohlížení auditních záznamů</option>
<option value="3"' . ($f_cat == 3 ? ' selected="selected"' : '') . '>manipulaci s osobami</option>
<option value="4"' . ($f_cat == 4 ? ' selected="selected"' : '') . '>manipulaci se skupinami</option>
<option value="5"' . ($f_cat == 5 ? ' selected="selected"' : '') . '>manipulaci s případy</option>
<option value="6"' . ($f_cat == 6 ? ' selected="selected"' : '') . '>manipulaci s hlášeními</option>
</select>
<select name="typ">
<option value="0"' . ($f_type == 0 ? ' selected="selected"' : '') . '>všech typů</option>
<option value="1"' . ($f_type == 1 ? ' selected="selected"' : '') . '>jen zásahy</option>
<option value="2"' . ($f_type == 2 ? ' selected="selected"' : '') . '>bez souborů a poznámek</option>
</select>
provedené uživatelem
<select name="user" id="user">
<option value=0 ' . ($f_user == 0 ? ' selected="selected"' : '') . '>všemi</option>';
$sql_u = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC";
$res_u = MySQL_Query($sql_u);
while ($rec_u = MySQL_Fetch_Assoc($res_u)) {
echo '<option value="' . $rec_u['id'] . '"' . ($rec_u['id'] == $f_user ? ' selected="selected"' : '') . '>' . $rec_u['login'] . '</option>';
}
echo '</select>';
echo 'a seřadit je podle <select name="sort">
<option value="1"' . ($f_sort == 1 ? ' selected="selected"' : '') . '>času vzestupně</option>
<option value="2"' . ($f_sort == 2 ? ' selected="selected"' : '') . '>času sestupně</option>
</select>.</p>';
if ($usrinfo['right_org'] == 1) {
echo '
<label for="org">Zobrazit i zásahy organizátorů</label>
<input type="checkbox" name="org" ' . ($f_org == 1 ? ' checked="checked"' : '') . '/><br/>
<div class="clear"> </div>';
}
echo '<label for="my">Zobrazit i moje zásahy</label>
<input type="checkbox" name="my" ' . ($f_my == 1 ? ' checked="checked"' : '') . '/><br/>
<div class="clear"> </div>
<label for="my">Zobrazit i globální operace</label>
<input type="checkbox" name="glob" ' . ($f_glob == 1 ? ' checked="checked"' : '') . '/><br/>
<div class="clear"> </div>
Zobrazit <input type="text" name="count" size=5 value="' . $f_count . '"> posledních záznamů. (Pro všechny záznamy ponechte pole prázdné).<br/>
<div id="filtersubmit"><input type="submit" name="filter" value="Filtrovat" /></div>
</fieldset>
</form></div><!-- end of #filter-wrapper -->';
}
function DB_insert ($SQL, &$id)
{ //echo "<P>SQL = ".$SQL."<P>";
$funguje = false;
if (!(DB_spojeni(c_Databaze, $chyba, $spojeni))):
echo "<FONT COLOR=red><B><P>Do�lo k chyb� p�i spojen� s datab�z�.
($chyba)<P></B></FONT><BR>\n";
return false;
endif;
MySQL_Query($SQL);
$id = MySQL_Insert_Id();
DB_odpojeni($spojeni);
return $funguje;
}
<?php
include "mysql.connect.php";
mysql_query("SET NAMES cp1251");
$valueSearch = $_POST['valueSearch'];
if (isset($_GET['addAppeals'])) {
if ($_GET['addAppeals'] != null) {
$result = mysql_query("SELECT * FROM books WHERE ID=" . $_GET['addAppeals'] . "");
$data = mysql_fetch_array($result);
$updateAppeals = $data['Appeals'] + 1;
$updateLastAppeals = date("d.m.Y");
MySQL_Query("UPDATE `{$database}`.`books` SET `Appeals` = '{$updateAppeals}' WHERE ID=" . $_GET['addAppeals'] . "");
MySQL_Query("UPDATE `{$database}`.`books` SET `LastAppeals` = '{$updateLastAppeals}' WHERE ID=" . $_GET['addAppeals'] . "");
header("Location: " . $data['Link'] . "");
} else {
echo "Не возможно перейти на страницу.";
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<title><?php
if ($valueSearch != null) {
echo "" . $valueSearch . " | ";
}
?>
Library Cube - Special for You</title>
</head>
<body>
if (isset($_POST['uploadfile'])) {
pageStart('Přiložení souboru');
mainMenu(5);
sparklets('<a href="./persons.php">osoby</a> » <a href="./editperson.php?rid=' . $_POST['personid'] . '">úprava osoby</a> » <strong>přiložení souboru neúspěšné</strong>');
echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>';
pageEnd();
}
}
if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) {
auditTrail(1, 5, $_POST['personid']);
if ($usrinfo['right_text']) {
$fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
$frec = MySQL_Fetch_Assoc($fres);
UnLink('./files/' . $frec['uniquename']);
MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
}
Header('Location: editperson.php?rid=' . $_GET['personid']);
}
if (isset($_GET['deletesymbol'])) {
auditTrail(1, 2, $_GET['personid']);
if ($usrinfo['right_text']) {
$sps = MySQL_Query("SELECT symbol FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']);
$spc = MySQL_Fetch_Assoc($sps);
$prsn_res = MySQL_Query("SELECT name, surname FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']);
$prsn_rec = MySQL_Fetch_Assoc($prsn_res);
$sdate = "<p>" . Date("j/m/Y H:i:s", Time()) . " Odpojeno od " . $prsn_rec['name'] . " " . $prsn_rec['surname'] . "</p>";
MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET `desc` = concat('" . $sdate . "', `desc`), assigned=0 WHERE id=" . $spc['symbol']);
MySQL_Query("UPDATE " . DB_PREFIX . "persons SET symbol='' WHERE id=" . $_GET['personid']);
}
Header('Location: editperson.php?rid=' . $_GET['personid']);
}
} else {
if (isset($_POST['insertuser'])) {
pageStart('Přidán uživatel');
mainMenu(2);
sparklets('<a href="./users.php">uživatelé</a> » <a href="./newuser.php">nový uživatel</a> » <strong>přidán uživatel</strong>');
echo '<div id="obsah"><p>Chyba při vytváření, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>';
pageEnd();
}
}
if (isset($_POST['userid']) && isset($_POST['edituser']) && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['login']) && is_numeric($_POST['power']) && is_numeric($_POST['texty'])) {
auditTrail(8, 2, $_POST['userid']);
pageStart('Uložení změn');
mainMenu(2);
sparklets('<a href="./users.php">uživatelé</a> » <a href="./edituser.php">úprava uživatele</a> » <strong>uložení změn</strong>');
$ures = MySQL_Query("SELECT id FROM " . DB_PREFIX . "users WHERE UCASE(login)=UCASE('" . mysql_real_escape_string(safeInput($_POST['login'])) . "') AND id<>" . $_POST['userid']);
if (MySQL_Num_Rows($ures)) {
echo '<div id="obsah"><p>Uživatel již existuje, změňte jeho jméno.</p></div>';
} else {
MySQL_Query("UPDATE " . DB_PREFIX . "users SET login='******'login'])) . "', right_power='" . $_POST['power'] . "', right_text='" . $_POST['texty'] . "', idperson='" . $_POST['idperson'] . "' WHERE id=" . $_POST['userid']);
echo '<div id="obsah"><p>Uživatel upraven.</p></div>';
}
pageEnd();
} else {
if (isset($_POST['edituser'])) {
pageStart('Uložení změn');
mainMenu(2);
sparklets('<a href="./users.php">uživatelé</a> » <a href="./edituser.php">úprava uživatele</a> » <strong>uložení změn</strong>');
echo '<div id="obsah"><p>Chyba při ukládání změn, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>';
pageEnd();
}
}
<?php
require_once './inc/func_main.php';
$sql = "SELECT id as 'id' FROM " . DB_PREFIX . "users";
$res = MySQL_Query($sql);
while ($rec_utc = MySQL_Fetch_Assoc($res)) {
MySQL_Query("CREATE TABLE nw_unread_" . $rec_utc['id'] . " (id int NOT NULL PRIMARY KEY AUTO_INCREMENT, idtable int, idrecord int)");
echo 'vysledek=' . $rec_utc;
print_r($rec_utc);
debug_zval_dump($rec_utc);
echo '<br />';
}
announces_print_subsections($sub_sel, $sess);
}
} else {
// user listing of announces
announces_print_user($uoz, $sess);
}
?>
<tr>
<td colspan="6">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td colspan="2"><hr size="3" noshade></td></tr>
</tr>
<td>
<b><?php
$message = MySQL_Query("SELECT * FROM lets_skupiny WHERE s_id = '{$sess['4']}'") or die($query_error);
//vybíráme zprávy - seøazeno podle id
$entry = MySQL_Fetch_Row($message);
echo $entry[1];
?>
</b>
</td>
<td align="right">
<b>uniLETIM</b>
<?php
$date = date("Y-m-d");
$date = Explode("-", $date);
echo " " . $date[2] . ". " . $date[1] . ". " . $date[0] . "";
?>
</td>
</tr>
$memberExists = MySQL_Num_Rows(MySQL_Query("SELECT mbr_id FROM uniletim_members")) ? 1 : 0;
if (!$memberExists) {
include "./install.php";
exit;
}
if ($lang == "") {
$lang = $app_lang;
}
} else {
$lang = $sess[9];
$MSQ = MySQL_Query("UPDATE uniletim_auth SET aut_date = {$date} WHERE aut_id = '{$sid}'");
}
// change group
if ($group_ch != "") {
mysql_query("UPDATE uniletim_auth SET aut_group='{$group_ch}', aut_group_name='{$grp_name}' WHERE aut_id='{$sess['0']}'");
$MSQ = MySQL_Query("SELECT * FROM uniletim_auth WHERE (aut_id = '{$sid}')");
// AND (aut_date >= '$ad')
$sess = mysql_fetch_row($MSQ);
}
// included files
include "language/lang-{$lang}.php";
include "./includes/page.inc.php";
include "./includes/announces.inc.php";
include "./includes/members.inc.php";
if ($action == "print") {
include "./includes/announces-print.inc.php";
// printing of announces
announces_print($sess, $uoz, $rub, $pri, $keyword, $age);
} else {
include "./includes/admin.inc.php";
if (!$menu) {
// in the terms of the Vseobecna zverejnovacia licencia GNU) as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or visit http://www.gnu.sk/ for Vseobecna zverejnovacia licencia GNU
//odstraníme nebezpeèné znaky
$zaco = SubStr($zacof, 0, 1500);
//bereme pouze 1500 znakù
$zaco = Trim($zaco);
//odstraníme mezery ze zaèátku a konce øetìzce
$zaco = HTMLSpecialChars($zaco);
//odstraníme nebezpeèné znaky
$zaco = Str_Replace("\r\n", " <BR> ", $zaco);
//nahradíme konce øádkù na tagy <BR>
$zacof = WordWrap($zaco, 90, "\n", 1);
//rozdìlíme dlouhá slova
$kedyf = Date("Y-m-d");
//kedy
@($tsi = time());
include "./config.php";
$kolkof = Str_Replace(",", ".", $kolkof);
$kolkof = abs($kolkof);
$add = MySQL_Query("INSERT INTO uniletim_services VALUES ('', '{$ktof}', '{$komuf}', '{$kedyf}', '{$zacof}', '{$kolkof}', '{$tsi}', '{$lgr}')") or die($query_error1);
//vložíme zprávu
$ads = MySQL_Query("select * from uniletim_services where ser_time like '{$tsi}' AND ul_group = '{$sess['4']}'") or die($query_error2);
$adk = mysql_fetch_row($ads);
$result = _PAYMENT_SCSFL;
//zavøeme databázi
MySQL_Close();
header("Location: ./platby.php?pres=pl");
<?php
require_once './inc/func_main.php';
// najde nejvyssi aktualni symbol id
$sql_count = "SELECT id as 'id' FROM " . DB_PREFIX . "symbols ORDER BY id desc LIMIT 1";
$res_count = MySQL_Query($sql_count);
$rec_count = MySQL_Fetch_Assoc($res_count);
$highest_id = $rec_count['id'];
// prida sloupec assigned to tabulky symbols
MySQL_Query("ALTER TABLE `nw_symbols` ADD `assigned` INT NOT NULL");
// hodnoty symbolu z persons vlozi do symbols
MySQL_Query("INSERT INTO nw_symbols (symbol) SELECT symbol FROM nw_persons WHERE symbol <> ''");
$time = time();
$sql = "SELECT id as 'id', symbol as 'symbol' FROM " . DB_PREFIX . "symbols WHERE " . DB_PREFIX . "symbols.id > " . $highest_id;
$res = MySQL_Query($sql);
while ($rec_utc = MySQL_Fetch_Assoc($res)) {
// prepise v persons puvodni hodnoty symbolu novymi symbol id
MySQL_Query("UPDATE " . DB_PREFIX . "persons SET symbol = " . $rec_utc['id'] . " WHERE symbol = '" . $rec_utc['symbol'] . "'");
// do tabulky symbols prida k novym symbolum ostatni hodnoty
MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET created = '" . $time . "', created_by = 1, modified = '" . $time . "', modified_by = 1, assigned = 1 WHERE id = " . $rec_utc['id']);
echo 'vysledek=' . $rec_utc;
print_r($rec_utc);
debug_zval_dump($rec_utc);
echo '<br />';
}
$view_number = 10;
//zpravy budou zobrazeny po ...
$start = $page * $view_number;
//prvni zprava, ktera se zobrazi
if (!isset($order)) {
$order = "ser_time";
}
if (!isset($adesc)) {
$adesc = "DESC";
}
if ($adesc == "ASC") {
$message = MySQL_Query("SELECT * FROM uniletim_services WHERE {$sort} AND ul_group = '{$sess['4']}' ORDER BY {$order} ASC LIMIT {$start},{$view_number}") or die($query_error);
//vybíráme zprávy - seøazeno podle id
$adesc = "DESC";
} else {
$message = MySQL_Query("SELECT * FROM uniletim_services WHERE {$sort} AND ul_group = '{$sess['4']}' ORDER BY {$order} DESC LIMIT {$start},{$view_number}") or die($query_error);
//vybíráme zprávy - seøazeno podle id
$adesc = "ASC";
}
?>
</th>
</tr>
<tr class="th_sub">
<th width="70"><A HREF="platby.php?order=ser_time&adesc=<?php
echo $adesc;
?>
"><?php
echo _DATE;
?>
</A></th>
$rec_count = MySQL_Num_Rows($pers);
echo $rec_count;
?>
</h3><p>
<?php
$cases = array();
while ($perc = MySQL_Fetch_Assoc($pers)) {
$cases[] = '<a href="./readcase.php?rid=' . $perc['id'] . '&hidenotes=0">' . StripSlashes($perc['title']) . '</a>';
}
echo implode($cases, '<br />') != "" ? implode($cases, '<br />') : '<em>Uživatel nemá žádný přiřazený neuzavřený případ.</em>';
?>
</p>
<div class="clear"> </div>
<h3>Nedokončené úkoly: <?php
$sql_r = "SELECT * FROM " . DB_PREFIX . "tasks WHERE " . DB_PREFIX . "tasks.iduser="******" AND " . DB_PREFIX . "tasks.status=0 ORDER BY " . DB_PREFIX . "tasks.created ASC";
$res_r = MySQL_Query($sql_r);
$rec_count = MySQL_Num_Rows($res_r);
echo $rec_count;
?>
</h3><p>
<?php
if (MySQL_Num_Rows($res_r)) {
$tasks = array();
while ($rec_r = MySQL_Fetch_Assoc($res_r)) {
$tasks[] = StripSlashes($rec_r['task']) . ' (' . getAuthor($rec_r['created_by'], 2) . ')';
}
echo implode($tasks, '<br />');
} else {
echo 'Uživatel nemá žádné nedokončené úkoly.';
}
?>
</div>
<!-- end of #new-file .otherform-wrap -->
<fieldset><legend><h2>Aktuálně připojené poznámky:</h2></legend>
<span class="poznamka-edit-buttons"><a class="new" href="newnote.php?rid=<?php
echo $_REQUEST['rid'];
?>
&idtable=3" title="nová poznámka"><span class="button-text">nová poznámka</span></a><em style="font-size:smaller;"> (K případu si můžete připsat kolik chcete poznámek.)</em></span>
<ul>
<?php
if ($usrinfo['right_power']) {
$sql_n = "SELECT " . DB_PREFIX . "notes.iduser AS 'iduser', " . DB_PREFIX . "notes.title AS 'title', " . DB_PREFIX . "notes.secret AS 'secret', " . DB_PREFIX . "users.login AS 'user', " . DB_PREFIX . "notes.id AS 'id' FROM " . DB_PREFIX . "notes, " . DB_PREFIX . "users WHERE " . DB_PREFIX . "notes.iduser="******"users.id AND " . DB_PREFIX . "notes.iditem=" . $_REQUEST['rid'] . " AND " . DB_PREFIX . "notes.idtable=3 AND " . DB_PREFIX . "notes.deleted=0 ORDER BY " . DB_PREFIX . "notes.datum DESC";
} else {
$sql_n = "SELECT " . DB_PREFIX . "notes.iduser AS 'iduser', " . DB_PREFIX . "notes.title AS 'title', " . DB_PREFIX . "notes.secret AS 'secret', " . DB_PREFIX . "users.login AS 'user', " . DB_PREFIX . "notes.id AS 'id' FROM " . DB_PREFIX . "notes, " . DB_PREFIX . "users WHERE " . DB_PREFIX . "notes.iduser="******"users.id AND " . DB_PREFIX . "notes.iditem=" . $_REQUEST['rid'] . " AND " . DB_PREFIX . "notes.idtable=3 AND " . DB_PREFIX . "notes.deleted=0 AND (" . DB_PREFIX . "notes.secret=0 OR " . DB_PREFIX . "notes.iduser="******") ORDER BY " . DB_PREFIX . "notes.datum DESC";
}
$res_n = MySQL_Query($sql_n);
while ($rec_n = MySQL_Fetch_Assoc($res_n)) {
?>
<li><a href="readnote.php?rid=<?php
echo $rec_n['id'];
?>
&idtable=3"><?php
echo StripSlashes($rec_n['title']);
?>
</a> - <?php
echo StripSlashes($rec_n['user']);
if ($rec_n['secret'] == 0) {
?>
(veřejná)<?php
}
if ($rec_n['secret'] == 1) {
// header("Location: ./group.php?action=info");
}
// DELETE GROUP
if ($group_del != "") {
@($sql = mysql_query("DELETE FROM uniletim_groups WHERE grp_id = '{$group_del}'"));
@($sql = mysql_query("DELETE FROM uniletim_announces WHERE ul_group = '{$group_del}'"));
@($sql = mysql_query("DELETE FROM uniletim_members WHERE ul_group = '{$group_del}'"));
@($sql = mysql_query("DELETE FROM uniletim_sections WHERE ul_group = '{$group_del}'"));
@($sql = mysql_query("DELETE FROM uniletim_subsections WHERE ul_group = '{$group_del}'"));
$result = _GROUP . " " . _WAS_DELETED_FEMALE;
}
// ADD GROUP
if ($group_add != "") {
mysql_query("select * from uniletim_groups");
if (mysql_affected_rows() == 0) {
$dbInstalled = MySQL_Num_Rows(MySQL_Query("SHOW TABLES")) ? 1 : 0;
if (!$dbInstalled) {
include "./includes/tables.inc.php";
}
}
if ($mbr_password == "" || $grp_name == "") {
$error = _INS_RQRD_DATA . "\n";
} elseif ($mbr_password != $mbr_password2) {
$error = _PASSWD_TWICE_RQRD . "\n";
} else {
mysql_query("select * from uniletim_members where mbr_login = '******'");
if (mysql_affected_rows() > 0) {
$error1 = "<b>{$in_chu}</b>\n";
} else {
mysql_query("select * from uniletim_groups where grp_name = '{$grp_name}'");
if (mysql_affected_rows() > 0) {
mainMenu(5);
sparklets('<a href="./symbols.php">symboly</a> » <a href="./editsymbol.php?rid=' . $_POST['symbolid'] . '">úprava symbolu</a> » <strong>uložení změn neúspešné</strong>');
echo '<div id="obsah"><p>Chyba při ukládání změn, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>';
pageEnd();
}
}
// Ukoly
if (isset($_REQUEST['acctask']) && is_numeric($_REQUEST['acctask']) && $usrinfo['right_text']) {
auditTrail(10, 2, $_REQUEST['acctask']);
MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=2, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['acctask']);
// deleteAllUnread (1,$_REQUEST['delete']);
Header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if (isset($_REQUEST['rtrntask']) && is_numeric($_REQUEST['rtrntask']) && $usrinfo['right_text']) {
auditTrail(10, 2, $_REQUEST['rtrntask']);
MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=0, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['rtrntask']);
// deleteAllUnread (1,$_REQUEST['delete']);
Header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if (isset($_REQUEST['fnshtask']) && is_numeric($_REQUEST['fnshtask'])) {
auditTrail(10, 2, $_REQUEST['fnshtask']);
MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=1, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['fnshtask']);
// deleteAllUnread (1,$_REQUEST['delete']);
Header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if (isset($_REQUEST['cncltask']) && is_numeric($_REQUEST['cncltask']) && $usrinfo['right_text']) {
auditTrail(10, 2, $_REQUEST['cncltask']);
MySQL_Query("UPDATE " . DB_PREFIX . "tasks SET status=3, modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "' WHERE id=" . $_REQUEST['cncltask']);
// deleteAllUnread (1,$_REQUEST['delete']);
Header('Location: ' . $_SERVER['HTTP_REFERER']);
}
function custom_Filter($idtable, $idrecord = 0)
{
global $usrinfo;
switch ($idtable) {
case 1:
$table = "persons";
break;
case 2:
$table = "groups";
break;
case 3:
$table = "cases";
break;
case 4:
$table = "reports";
break;
case 8:
$table = "users";
break;
case 9:
$table = "evilpts";
break;
case 10:
$table = "tasks";
break;
case 11:
$table = "audit";
break;
case 13:
$table = "search";
break;
case 14:
$table = "group" . $idrecord;
break;
case 15:
$table = "p2c";
break;
case 16:
$table = "c2ar";
break;
case 17:
$table = "p2ar";
break;
case 18:
$table = "ar2c";
break;
case 19:
$table = "p2g";
break;
case 20:
$table = "sy2p";
break;
case 21:
$table = "sy2c";
break;
case 22:
$table = "sy2ar";
break;
}
$sql_cf = "SELECT filter FROM " . DB_PREFIX . "users WHERE id = " . $usrinfo['id'];
$res_cf = MySQL_Query($sql_cf);
$filter = $_REQUEST;
// pokud přichází nový filtr a nejedná se o zadání úkolu či přidání zlobodů, případně pokud se jedná o konkrétní záznam a je nově filtrovaný,
// použij nový filtr a ulož ho do databáze
if (!empty($filter) && !isset($_POST['inserttask']) && !isset($_POST['addpoints']) && !isset($filter['rid']) || isset($filter['sort']) && isset($filter['rid'])) {
if ($res_cf) {
$rec_cf = MySQL_Fetch_Assoc($res_cf);
$filters = unserialize($rec_cf['filter']);
$filters[$table] = $filter;
} else {
$filters[$table] = $filter;
}
$sfilters = serialize($filters);
$sql_scf = "UPDATE " . DB_PREFIX . "users SET filter='" . $sfilters . "' WHERE id=" . $usrinfo['id'];
MySQL_Query($sql_scf);
// v opačném případě zkontroluj, zda existuje odpovídající filtr v databázi, a pokud ano, načti jej
} else {
if ($res_cf) {
$rec_cf = MySQL_Fetch_Assoc($res_cf);
$filters = unserialize($rec_cf['filter']);
if (!empty($filters)) {
if (array_key_exists($table, $filters)) {
$filter = $filters[$table];
}
}
}
}
return $filter;
}
echo ' selected="selected"';
}
?>
>tajná</option>
<option value="2"<?php
if ($rec['secret'] == 2) {
echo ' selected="selected"';
}
?>
>soukromá</option>
</select>
</div>
<?php
if ($usrinfo['right_power']) {
$sql = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC";
$res_n = MySQL_Query($sql);
echo '<div>
<label for="nowner">Vlastník:</label>
<select name="nowner" id="nowner">';
while ($rec_n = MySQL_Fetch_Assoc($res_n)) {
echo '<option value="' . $rec_n['id'] . '"' . ($rec_n['id'] == $usrinfo['id'] ? ' selected="selected"' : '') . '>' . $rec_n['login'] . '</option>';
}
echo '</select>
</div>';
} else {
echo '<input type="hidden" name="nowner" value="' . $rec['iduser'] . '" />';
}
if ($usrinfo['right_org'] == 1) {
echo '
<div>
<label for="nnotnew">Není nové</label>
$sourceurl = "reports.php";
$sourcename = "hlášení";
break;
default:
$sourceurl = "";
$sourcename = "";
break;
}
sparklets('<a href="./' . $sourceurl . '">' . $sourcename . '</a> » <strong>úprava poznámky</strong> » <strong>uložení změn</strong>');
echo '<div id="obsah"><p>Chyba při ukládání změn, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>';
pageEnd();
}
}
// nová poznámka
if (isset($_POST['setnote'])) {
if (!preg_match('/^[[:blank:]]*$/i', $_POST['note']) && !preg_match('/^[[:blank:]]*$/i', $_POST['title']) && is_numeric($_POST['secret'])) {
auditTrail($_POST['tableid'], 7, $_POST['itemid']);
MySQL_Query("INSERT INTO " . DB_PREFIX . "notes VALUES('','" . mysql_real_escape_string($_POST['note']) . "','" . mysql_real_escape_string($_POST['title']) . "','" . Time() . "','" . $usrinfo['id'] . "','" . $_POST['tableid'] . "','" . $_POST['itemid'] . "','" . $_POST['secret'] . "','0')");
// echo '<div id="obsah"><p>Poznámka upravena.</p></div>';
if (!isset($_POST['nnotnew'])) {
unreadRecords($_POST['tableid'], $_POST['itemid']);
}
}
Header('Location: ' . $_POST['backurl']);
}
// vymazání poznámky
if (isset($_GET['deletenote'])) {
MySQl_Query("UPDATE " . DB_PREFIX . "notes SET deleted=1 WHERE " . DB_PREFIX . "notes.id=" . $_GET['deletenote']);
// echo '<div id="obsah"><p>Poznámka smazána.</p></div>';
Header('Location: ' . URLDecode($_GET['backurl']));
}
}
}
if (isset($_POST['uploadfile']) && is_uploaded_file($_FILES['attachment']['tmp_name']) && is_numeric($_POST['caseid']) && is_numeric($_POST['secret'])) {
auditTrail(3, 4, $_POST['caseid']);
$newname = Time() . MD5(uniqid(Time() . Rand()));
move_uploaded_file($_FILES['attachment']['tmp_name'], './files/' . $newname);
$sql = "INSERT INTO " . DB_PREFIX . "data VALUES('','" . $newname . "','" . mysql_real_escape_string($_FILES['attachment']['name']) . "','" . mysql_real_escape_string($_FILES['attachment']['type']) . "','" . $_FILES['attachment']['size'] . "','" . Time() . "','" . $usrinfo['id'] . "','3','" . $_POST['caseid'] . "','" . $_POST['secret'] . "')";
MySQL_Query($sql);
if (!isset($_POST['fnotnew'])) {
unreadRecords(3, $_POST['caseid']);
}
Header('Location: ' . $_POST['backurl']);
} else {
if (isset($_POST['uploadfile'])) {
pageStart('Přiložení souboru');
mainMenu(4);
sparklets('<a href="./cases.php">případy</a> » <a href="./editcase.php?rid=' . $_POST['caseid'] . '">úprava případu</a> » <strong>přiložení souboru neúspěšné</strong>');
echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>';
pageEnd();
}
}
if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) {
auditTrail(3, 5, $_GET['caseid']);
if ($usrinfo['right_text']) {
$fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
$frec = MySQL_Fetch_Assoc($fres);
UnLink('./files/' . $frec['uniquename']);
MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
}
Header('Location: editcase.php?rid=' . $_GET['caseid']);
}
public function Query($Query)
{
#-------------------------------------------------------------------------------
if (!Is_String($Query)) {
return ERROR | @Trigger_Error('[MySQL->Query]: первый параметр не является строкой');
}
#-------------------------------------------------------------------------------
if (!Is_Resource($this->Link)) {
return ERROR | @Trigger_Error('[MySQL->Query]: нет соединения с MySQL');
}
#-------------------------------------------------------------------------------
Debug(SPrintF('[MySQL->Query]: %s', $Query));
#-------------------------------------------------------------------------------
$this->Query = $Query;
#-------------------------------------------------------------------------------
$Result = MySQL_Query($Query, $this->Link);
if ($Result) {
return $Result;
}
#-------------------------------------------------------------------------------
$Error = $this->GetError();
#-------------------------------------------------------------------------------
return ERROR | @Trigger_Error(SPrintF('[MySQL->Query]: %s', $Error));
#-------------------------------------------------------------------------------
}
<?php
require_once './inc/func_main.php';
if (isset($_SESSION['sid'])) {
auditTrail(5, 3, 0);
}
pageStart('Přidáno');
mainMenu(1);
sparklets('<a href="./index.php">aktuality</a> » <a href="./newnews.php">nová aktualita</a> » <strong>přidáno</strong>');
if ($_POST['insertnews'] && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['nadpis']) && !preg_match('/^[[:blank:]]*$/i', $_POST['obsah']) && is_numeric($_POST['kategorie'])) {
MySQL_Query("INSERT INTO " . DB_PREFIX . "news VALUES('','" . Time() . "','" . $usrinfo['id'] . "','" . $_POST['kategorie'] . "','" . mysql_real_escape_string(safeInput($_POST['nadpis'])) . "','" . mysql_real_escape_string($_POST['obsah']) . "')");
unreadRecords(5, 0);
echo '<div id="obsah"><p>Aktualita vložena.</p></div>';
} else {
echo '<div id="obsah"><p>Chyba při přidávání, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>';
}
pageEnd();
<?php
require_once './inc/func_main.php';
// odhlaseni
MySQL_Query("DELETE FROM " . DB_PREFIX . "loggedin WHERE iduser=" . $usrinfo['id']);
unset($_SESSION['sid']);
Header('location: login.php');
<td class="filter"><input type="checkbox" name="ssymbols" value="1"' . ($ssymbols ? ' checked="checked"' : '') . '> Zobrazit symboly.</td>
<td class="filter"><input type="checkbox" name="farchiv" value="1"' . ($farchiv == 1 ? ' checked="checked"' : '') . '> Zobrazit i archiv.</td>
</tr>
</table>
<div id="filtersubmit"><input type="hidden" name="rid" value="' . $_REQUEST['rid'] . '" /><input type="submit" name="filter" value="Filtrovat" /></div>
</fieldset>
</form><form name="addpersons" action="addpersons.php" method="post" class="otherform">';
}
filter();
// vypis osob
if ($usrinfo['right_power']) {
$sql = "SELECT " . DB_PREFIX . "persons.phone AS 'phone', " . DB_PREFIX . "persons.secret AS 'secret', " . DB_PREFIX . "persons.name AS 'name', " . DB_PREFIX . "persons.surname AS 'surname', " . DB_PREFIX . "persons.id AS 'id', " . DB_PREFIX . "persons.symbol AS 'symbol', " . DB_PREFIX . "ar2p.role AS 'role', " . DB_PREFIX . "ar2p.iduser FROM " . DB_PREFIX . "persons LEFT JOIN " . DB_PREFIX . "ar2p ON " . DB_PREFIX . "ar2p.idperson=" . DB_PREFIX . "persons.id AND " . DB_PREFIX . "ar2p.idreport=" . $_REQUEST['rid'] . " WHERE " . DB_PREFIX . "persons.deleted=0 " . $fsql_dead . $fsql_archiv . " ORDER BY " . $fsql_sort;
} else {
$sql = "SELECT " . DB_PREFIX . "persons.phone AS 'phone', " . DB_PREFIX . "persons.secret AS 'secret', " . DB_PREFIX . "persons.name AS 'name', " . DB_PREFIX . "persons.surname AS 'surname', " . DB_PREFIX . "persons.id AS 'id', " . DB_PREFIX . "persons.symbol AS 'symbol', " . DB_PREFIX . "ar2p.role AS 'role', " . DB_PREFIX . "ar2p.iduser FROM " . DB_PREFIX . "persons LEFT JOIN " . DB_PREFIX . "ar2p ON " . DB_PREFIX . "ar2p.idperson=" . DB_PREFIX . "persons.id AND " . DB_PREFIX . "ar2p.idreport=" . $_REQUEST['rid'] . " WHERE " . DB_PREFIX . "persons.deleted=0 " . $fsql_dead . $fsql_archiv . " AND " . DB_PREFIX . "persons.secret=0 ORDER BY " . $fsql_sort;
}
$res = MySQL_Query($sql);
?>
<div id="in-form-table">
<?php
if (MySQL_Num_Rows($res)) {
echo '<table>
<thead>
<tr>
<th>#</th>
<th>Úloha</th>
' . ($sportraits ? '<th>Portrét</th>' : '') . ($ssymbols ? '<th>Symbol</th>' : '') . '
<th>Jméno</th>
</tr>
</thead>
<tbody>
';
<?php
if (isset($_POST['addBook'])) {
if ($_POST['Name'] != null && $_POST['Author'] != null && $_POST['Annotation'] != null && $_POST['Pages'] != null && $_POST['Department'] != null && $_POST['Subject'] != null && $_POST['Tags'] != null && $_POST['Link'] != null) {
$CountTable = mysql_query("SELECT COUNT(1) FROM books");
$Count = mysql_fetch_array($CountTable);
$ID = $Count[0] + 1;
$Name = $_POST['Name'];
$Author = $_POST['Author'];
$Annotation = $_POST['Annotation'];
$Pages = $_POST['Pages'];
$Department = $_POST['Department'];
$Subject = $_POST['Subject'];
$Tags = $_POST['Tags'];
$Link = $_POST['Link'];
$Date = date("d.m.Y");
MySQL_Query("INSERT INTO `{$database}`.`books` (`ID`, `Name`, `Author`, `Annotation`, `Pages`, `Department`, `Subject`, `Tags`, `Date`, `Appeals`, `LastAppeals`, `Link`) VALUES ('{$ID}', '{$Name}', '{$Author}', '{$Annotation}', '{$Pages}', '{$Department}', '{$Subject}', '{$Tags}', '{$Date}', '0', '{$Date}', '{$Link}')");
echo "Книга успешно добавлена.<br>";
} else {
echo "Заполните все поля.<br>";
}
}
?>
<form method="post">
<table align="center" border="0">
<tr>
<td>Название:</td>
<td><input type="text" name="Name" value="<?php
if ($_POST['Name'] != null) {
echo $_POST['Name'];
}
?>
