public static function login($name, $email, $user) { if (!$name || !$user) { throw new Exception('Wypełnij wszystkie pola.'); } $user = new ChatUser(array('name' => $name, 'gravatar' => $user)); include_once "../db_connect.php"; include_once "../include/ust.php"; $Querys = 'SELECT * FROM ' . $pre . 'user WHERE user_id=' . $_SESSION['user_id'] . ''; $results = db_query($Querys) or die(db_error()); while ($rows = db_fetch($results)) { $ile_pkt = $rows['user_money']; if ($rows['user_vip'] >= time()) { $czy_vp = 1; } $user_chat = $rows['user_chat']; } if ($user_chat == 1) { throw new Exception('Masz zablokowany dostęp do czatu.'); } if ($czy_vp != 1) { if ($ile_pkt > $ust['chatp']) { $up = "UPDATE " . $pre . "user SET user_money=user_money-" . $ust['chatp'] . " WHERE user_id='" . db_real_escape_string($_SESSION['user_id']) . "'"; db_query($up); } else { throw new Exception('Masz zamało punktów by dołączyć do czatu.'); } } // The save method returns a MySQLi object if ($user->save()->affected_rows != 1) { throw new Exception('Nick jest zajęty.'); } $_SESSION['user'] = array('name' => $name, 'gravatar' => $user); return array('status' => 1, 'name' => $name, 'gravatar' => $user); }
function user_apikey_session_control($apikey_in) { //---------------------------------------------------- // Check for apikey login //---------------------------------------------------- $apikey_in = db_real_escape_string($apikey_in); $userid = get_apikey_read_user($apikey_in); if ($userid != 0) { session_regenerate_id(); $session['userid'] = $userid; $session['read'] = 1; $session['write'] = 0; $session['admin'] = 0; // $session['lang'] = "en"; } $userid = get_apikey_write_user($apikey_in); if ($userid != 0) { session_regenerate_id(); $session['userid'] = $userid; $session['read'] = 1; $session['write'] = 1; $session['admin'] = 0; // $session['lang'] = "en"; } //---------------------------------------------------- return $session; }
function confirm_controller() { $message = preg_replace('/[^\\w\\s-.<>?:]/', '', $_POST['message']); // filter out all except for alphanumeric white space and dash $message = db_real_escape_string($message); $id = intval($_POST['id']); $action = preg_replace('/[^.\\/a-z]/', '', $_POST['action']); // filter out all except a-z / . $action = db_real_escape_string($action); $content['content'] = view("confirm_view.php", array('message' => $message, 'id' => $id, 'action' => $action)); return $content; }
function api_controller() { global $session, $action; require "Models/input_model.php"; require "Models/feed_model.php"; require "Models/process_model.php"; // POST arduino posts up to emoncms if ($action == 'post' && $session['write']) { $node = intval($_GET['node']); $json = db_real_escape_string($_GET['json']); $csv = db_real_escape_string($_GET['csv']); } if ($csv) { $values = explode(',', $csv); $i = 0; foreach ($values as $value) { $i++; if ($node) { $key = $i; } else { $key = "csv" . $i; } $datapairs[] = $key . ":" . $value; } } if ($json) { // preg_replace strips out everything appart from alphanumeric characters, whitespace and -.:, $json = preg_replace('/[^\\w\\s-.:,]/', '', $json); $datapairs = explode(',', $json); } if ($json || $csv) { $time = time(); // get the time - data recived time if (isset($_GET["time"])) { $time = intval($_GET["time"]); // - or use sent timestamp if present } $inputs = register_inputs($session['userid'], $node, $datapairs, $time); // register inputs process_inputs($session['userid'], $inputs, $time); // process inputs to feeds etc $output['message'] = "ok"; } return $output; }
function node_controller() { require "Modules/node/node_model.php"; global $session, $route; $output['content'] = ""; $output['message'] = ""; if ($route['action'] == 'create' && $session['write']) { $nodeid = create_node($session['userid'], "(new)", ""); $output['message'] = "Node created"; } if ($route['action'] == 'list' && $session['read']) { $list = get_node_list($session['userid']); $output['content'] = view('node/node_list.php', array('list' => $list)); } if ($route['action'] == 'edit' && $session['write']) { $nodeid = intval($_GET['id']); $title = get_node_title($nodeid); $content = get_node_content($nodeid); $output['content'] = view('node/node_edit.php', array('id' => $nodeid, 'title' => $title, 'content' => $content)); } if ($route['action'] == 'save' && $session['write']) { $nodeid = intval($_POST['id']); $title = $_POST['title']; $content = $_POST['content']; $content = db_real_escape_string($content); set_node_title($nodeid, $title); set_node_content($nodeid, $content); $output['message'] = "Node saved"; } if ($route['action'] == 'view') { $nodeid = intval($_GET['id']); $title = get_node_title($nodeid); $content = get_node_content($nodeid); include_once "Modules/node/markdown/markdown.php"; $content = Markdown($content); $output['content'] = view('node/node_view.php', array('title' => $title, 'content' => $content)); } if ($route['action'] == 'delete' && $session['write']) { $nodeid = intval($_GET['id']); delete_node($nodeid); $output['message'] = "Node deleted"; } return $output; }
<?php include "subheader.php"; $ilepw = 0; $Query = 'SELECT * FROM ' . $pre . 'friend WHERE fo_do="' . db_real_escape_string($_SESSION['user_id']) . '" order by fo_id DESC'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $Query1 = 'SELECT * FROM ' . $pre . 'user WHERE user_id="' . db_real_escape_string($row['fo_od']) . '"'; $result1 = db_query($Query1) or die(db_error()); while ($row1 = db_fetch($result1)) { $user_login[] = $row1['user_login']; $user_loginn[] = namen($row1['user_login']); } $pw_id[] = $row['fo_id']; $pw_od[] = $row['fo_od']; $pw_czyt[] = $row['fo_akt']; $pw_tresc[] = $row['fo_tresc']; $pw_data[] = $row['fo_data']; $ilepw++; } $smarty->assign("od_login", $user_login); $smarty->assign("od_loginn", $user_loginn); $smarty->assign("pw_id", $pw_id); $smarty->assign("temat", $pw_temat); $smarty->assign("od", $pw_od); $smarty->assign("pw_tresc", $pw_tresc); $smarty->assign("czyt", $pw_czyt); $smarty->assign("data", $pw_data); $smarty->assign("ilepw", $ilepw); if ($_GET['v'] == "wyslano") { $smarty->assign("wyslano", "ok");
function dashboard_controller() { require "Models/dashboard_model.php"; global $path, $session, $action, $subaction, $format; $output['content'] = ""; $output['message'] = ""; //---------------------------------------------------------------------------------------------------------------------- // New dashboard //---------------------------------------------------------------------------------------------------------------------- if ($action == 'new' && $session['write']) { $dashid = new_dashboard($session['userid']); $output['message'] = _("dashboards new"); if ($format == 'html') { header("Location: ../dashboard/edit?id=" . $dashid); } } elseif ($action == 'delete' && $session['write']) { $output['message'] = delete_dashboard($session['userid'], intval($_POST["id"])); } elseif ($action == 'clone' && $session['write']) { $output['message'] = clone_dashboard($session['userid'], intval($_POST["id"])); } elseif ($action == 'list' && $session['read']) { $_SESSION['editmode'] = TRUE; if ($session['read']) { $apikey = get_apikey_read($session['userid']); } $dashboards = get_dashboard_list($session['userid'], 0, 0); $menu = build_dashboard_menu($session['userid'], "edit"); $user = get_user($session['userid']); if ($format == 'html') { $output['content'] = view("dashboard/dashboard_list_view.php", array('apikey' => $apikey, 'dashboards' => $dashboards, 'menu' => $menu, 'user' => $user)); } } elseif ($action == 'public') { $userlist = get_user_list(); $dashboard_list = array(); foreach ($userlist as $user) { $user_dash_list = get_dashboard_list($user['userid'], 1, 1); foreach ($user_dash_list as $user_dash) { $user_dash['username'] = $user['name']; $dashboard_list[] = $user_dash; } } if ($format == 'html') { $output['content'] = view("dashboard/dashboard_publiclist_view.php", array('dashboards' => $dashboard_list)); } } elseif ($action == 'thumb' && $session['read']) { $_SESSION['editmode'] = TRUE; if ($session['read']) { $apikey = get_apikey_read($session['userid']); } $dashboards = get_dashboard_list($session['userid'], 0, 0); $menu = build_dashboard_menu($session['userid'], "edit"); if ($format == 'html') { $output['content'] = view("dashboard/dashboard_thumb_view.php", array('apikey' => $apikey, 'dashboards' => $dashboards, 'menu' => $menu)); } } elseif (($action == 'run' || $action == 'view') && $session['read']) { $id = intval($_GET['id']); $alias = preg_replace('/[^a-z]/', '', $subaction); if ($action == "run") { $public = !$session['write']; $published = 1; } else { $public = 0; $published = 0; } if ($id) { // If a dashboard id is given we get the coresponding dashboard $dashboard = get_dashboard_id($session['userid'], $id, $public, $published); } elseif ($alias) { $dashboard = get_dashboard_alias($session['userid'], $alias, $public, $published); } else { // Otherwise we get the main dashboard $dashboard = get_main_dashboard($session['userid']); } // URL ENCODE... if ($format == 'json') { $output['content'] = urlencode($dashboard['content']); return $output; } $menu = build_dashboard_menu($session['userid'], $action); if ($action == "run") { // In run mode dashboard menu becomes the main menu $_SESSION['editmode'] = FALSE; $output['runmenu'] = '<div class="nav-collapse collapse">'; $output['runmenu'] .= '<ul class="nav">' . $menu . '</ul>'; if ($session['write']) { $output['runmenu'] .= "<ul class='nav pull-right'><li><a href='" . $GLOBALS['path'] . "user/logout'>" . _("Logout") . "</a></li></ul>"; } $output['runmenu'] .= "</div>"; } else { // Otherwise in view mode the dashboard menu is an additional grey menu $_SESSION['editmode'] = TRUE; $output['submenu'] = view("dashboard/dashboard_menu.php", array('id' => $dashboard['id'], 'menu' => $menu, 'type' => "view")); } //if ($dashboard_arr) //{ $apikey = get_apikey_read($session['userid']); $output['content'] = view("dashboard/dashboard_view.php", array('dashboard' => $dashboard, "apikey_read" => $apikey)); // If run mode avoid include dashboard configuration (this makes dashboard page lighter) if ($action != "run") { $output['content'] .= view("dashboard/dashboard_config.php", array('dashboard' => $dashboard)); } //} //else //{ // $output['content'] = view("dashboard_run_errornomain.php",array()); //} } elseif ($action == 'edit' && $session['write']) { $id = intval($_GET['id']); $alias = preg_replace('/[^a-z]/', '', $subaction); if ($id) { // If a dashboard id is given we get the coresponding dashboard $dashboard = get_dashboard_id($session['userid'], $id, 0, 0); } elseif ($alias) { $dashboard = get_dashboard_alias($session['userid'], $alias, 0, 0); } else { // Otherwise we get the main dashboard $dashboard = get_main_dashboard($session['userid']); } $apikey = get_apikey_read($session['userid']); $menu = build_dashboard_menu($session['userid'], "edit"); $output['content'] = view("dashboard/dashboard_edit_view.php", array('dashboard' => $dashboard, "apikey_read" => $apikey)); $output['content'] .= view("dashboard/dashboard_config.php", array('dashboard' => $dashboard)); $output['submenu'] = view("dashboard/dashboard_menu.php", array('id' => $dashboard['id'], 'menu' => $menu, 'type' => "edit")); } elseif ($action == 'ckeditor' && $session['write']) { $id = intval($_GET['id']); $alias = preg_replace('/[^a-z]/', '', $subaction); if ($id) { // If a dashboard id is given we get the coresponding dashboard $dashboard = get_dashboard_id($session['userid'], $id, 0, 0); } elseif ($alias) { $dashboard = get_dashboard_alias($session['userid'], $alias, 0, 0); } else { // Otherwise we get the main dashboard $dashboard = get_main_dashboard($session['userid']); } $menu = build_dashboard_menu($session['userid'], "ckeditor"); $output['content'] = view("dashboard/dashboard_ckeditor_view.php", array('dashboard' => $dashboard, 'menu' => $menu)); $output['submenu'] = view("dashboard/dashboard_menu.php", array('id' => $dashboard['id'], 'menu' => $menu, 'type' => "ckeditor")); } //---------------------------------------------------------------------------------------------------------------------- // SET dashboard // dashboard/set?content=<h2>HelloWorld</h2> //---------------------------------------------------------------------------------------------------------------------- if ($action == 'set' && $session['write']) { $content = $_POST['content']; if (!$content) { $content = $_GET['content']; } $id = intval($_POST['id']); if (!$id) { $id = intval($_GET['id']); } // IMPORTANT: if you get problems with characters being removed check this line: $content = preg_replace('/[^\\w\\s-.#<>?",;:=&\\/%]/', '', $content); // filter out all except characters usually used $content = db_real_escape_string($content); set_dashboard_content($session['userid'], $content, $id); if ($format == 'html') { $output['message'] = _("dashboard set"); } else { $output['message'] = "ok"; } } elseif ($action == 'setconf' && $session['write']) { $id = intval($_POST['id']); $name = preg_replace('/[^\\w\\s-]/', '', $_POST['name']); $alias = preg_replace('/[^a-z]/', '', $_POST['alias']); $description = preg_replace('/[^\\w\\s-]/', '', $_POST['description']); // Separated functions to allow set values in independent way if (isset($_POST['main'])) { set_dashboard_main($session['userid'], $id, intval($_POST['main'])); } if (isset($_POST['published'])) { set_dashboard_publish($session['userid'], $id, intval($_POST['published'])); } if (isset($_POST['public'])) { set_dashboard_public($session['userid'], $id, intval($_POST['public'])); } if (isset($_POST['name'])) { set_dashboard_name($session['userid'], $id, $name); } if (isset($_POST['alias'])) { set_dashboard_alias($session['userid'], $id, $alias); } if (isset($_POST['description'])) { set_dashboard_description($session['userid'], $id, $description); } if (isset($_POST['showdescription'])) { set_dashboard_showdescription($session['userid'], $id, intval($_POST['showdescription'])); } //set_dashboard_conf($session['userid'],$id,$name,$alias,$description,$main,$public,$published); $output['message'] = _("dashboard set configuration"); } return $output; }
<?php session_start(); include '../db_connect.php'; if ($_SESSION['logadm'] == "adm") { if ($_POST['nazwa'] != "") { $up = "UPDATE " . $pre . "faq SET faq_nazwa='" . $_POST['nazwa'] . "', faq_tresc='" . $_POST['tresc'] . "' WHERE faq_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($up); } else { header('Location: index.php?page=faq&action=&e=t'); exit; } } header('Location: index.php?page=faq&action=&e=2');
$smarty->assign("vipendd", $rows['user_vip']); $smarty->assign("vipend", date("Y.m.d", $rows['user_vip'])); } else { $smarty->assign("vipend", "0"); } } $smarty->assign("get_user_prezenty", get_user_prezenty($_SESSION['user_id'])); } //------ if ($_GET['v'] == "delete-zaproszenie") { $del = "DELETE FROM " . $pre . "friend WHERE fo_id='" . db_real_escape_string($_GET['id']) . "' and fo_do='" . $_SESSION['user_id'] . "' "; db_query($del); $smarty->assign("del-zaproszenie", "ok"); } if ($_GET['v'] == "zatwierdz") { $del = "UPDATE " . $pre . "friend SET fo_akt=1 WHERE fo_id='" . db_real_escape_string($_GET['id']) . "' and fo_do='" . $_SESSION['user_id'] . "' "; db_query($del); } //------ if ($_GET['enter'] == "ok") { $_SESSION['user_18'] = "ok"; } if ($ust['kos'] == "1" and $_SESSION['user_18'] != "ok") { $smarty->display($ust['templates'] . '/page_18.tpl'); exit; } $topads = array(); $bottom1ads = array(); $bottom2ads = array(); $bottom3ads = array(); //$bottom4ads = array();
<?php session_start(); include 'db_connect.php'; include 'include/function.php'; include 'include/ust.php'; if ($_COOKIE['lang'] != "" and isset($_COOKIE['lang']) and strlen($_COOKIE['lang']) <= 3) { $u_usr['lang'] = substr($_COOKIE['lang'], 0, 3); } else { $u_usr['lang'] = $ust['lang_d']; } include "lang/" . $u_usr['lang'] . "/site.php"; if ($_GET['p'] == "v") { $Query = 'SELECT * FROM ' . $pre . 'dni WHERE dni_id="' . db_real_escape_string($_GET['id']) . '" ORDER by dni_dni ASC'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $p_dni = $row['dni_dni']; $p_pkt = $row['dni_pkt']; $p_cpkt = $row['dni_cpkt']; $p_dniid = $row['dni_id']; $p_dnicena = $row['dni_cena']; $p_dnicenasms = $row['dni_cenasms']; $p_dninumer = $row['dni_numer']; $p_dnikod = $row['dni_kod']; $p_dnitresc = $row['dni_tresc']; $p_dnismspkt = $row['dni_sms_pkt']; $p_dnipaykod = $row['dni_pay_kod']; $p_dnipaypkt = $row['dni_pay_pkt']; } $in = "INSERT INTO " . $pre . "zamowienia(`za_pakiet`,`za_user`,`za_data`,`za_cena`,`za_punkty`)VALUES('pay','" . $_SESSION['user_id'] . "',NOW(),'" . $p_dnicena . "','" . $p_dniid . "')"; db_query($in);
db_query($up); } header("Location: /user/moje-filmy/5"); exit; } else { $msg = "Sorry, there was an error uploading your file."; } header("Location: /user/moje-filmy/15"); exit; } } else { header("Location: /user/moje-filmy/19"); exit; } } $Query = 'SELECT * FROM ' . $pre . 'mov WHERE fo_user="******" order by fo_id DESC'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $fo_id[] = $row['fo_id']; $fo_fd[] = $row['fo_fd']; $fo_opis[] = $row['fo_opis']; $fo_prv[] = $row['fo_prv']; $fo_custom_file[] = $row['fo_custom_file']; $fo_cena[] = $row['fo_cena']; $fo_user[] = $row['fo_user']; if ($row['fo_custom_file'] == 1) { $fo_fm[] = $row['fo_fm']; } else { $fo_fm[] = get_you($row['fo_fm']); } $fo_thumb[] = $row['fo_thumb'];
} else { $e_plec = 0; } if ($_POST['y'] == "" or $_POST['m'] == "" or $_POST['d'] == "") { $smarty->assign("e_wiek", "1"); $e_wiek = 1; } else { $e_wiek = 0; } if ($_POST['regulamin'] == "") { $smarty->assign("reg", "1"); $reg = 1; } else { $reg = 0; } $ile_email = db_num_rows(db_query("SELECT user_email FROM " . $pre . "user WHERE user_email='" . db_real_escape_string($_POST['email']) . "'")); if ($ile_email >= 1) { $smarty->assign("ei", "1"); $ei = 1; } else { $ei = 0; } if (!spremail($_POST['email'])) { $smarty->assign("e", "1"); $e = 1; } else { $e = 0; } $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($ust['token_r'] == 1) { if (!$resp->is_valid) {
<?php session_start(); include "../db_connect.php"; include "../include/function.php"; if ($_SESSION['user_id'] >= 1) { $del = "DELETE FROM " . $pre . "czlonkowie WHERE c_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($del); } header("Location: " . $_SERVER['HTTP_REFERER'] . "");
<?php include "subheader.php"; if ($_GET['del'] >= 1) { $del = "DELETE FROM " . $pre . "imprezy WHERE i_id=" . db_real_escape_string($_GET['del']) . " and i_user="******""; db_query($del); $smarty->assign("delc", "1"); } $Query = 'SELECT * FROM ' . $pre . 'imprezy WHERE i_user="******"'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $i_id[] = $row['i_id']; $i_d[] = $row['i_d']; $i_m[] = $row['i_m']; $i_y[] = $row['i_y']; $i_h[] = $row['i_h']; $i_mi[] = $row['i_mi']; $i_nazwa[] = $row['i_nazwa']; $i_opis[] = $row['i_opis']; } $smarty->assign("i_id", $i_id); $smarty->assign("i_d", $i_d); $smarty->assign("i_m", $i_m); $smarty->assign("i_y", $i_y); $smarty->assign("i_h", $i_h); $smarty->assign("i_mi", $i_mi); $smarty->assign("i_nazwa", $i_nazwa); $smarty->assign("i_opis", $i_opis); $smarty->assign("stan", $_GET['stan']); $smarty->assign("title", $lang['464'] . ' - ' . $ust['nazwa']); $smarty->display($ust['templates'] . '/panel-imprezy.tpl');
<?php session_start(); include '../db_connect.php'; if ($_SESSION['logadm'] == "adm") { $uid = $_POST['uid']; $up = "UPDATE " . $pre . "user SET user_money='" . $_POST['punkty'] . "', user_vip='" . strtotime($_POST['vip']) . "' WHERE user_id='" . db_real_escape_string($uid) . "'"; db_query($up); header('Location: index.php?page=user&action=view&id=' . $uid . '&e=1'); exit; } header('Location: index.php?page=cat&action=&e=2');
echo ' align="center">' . $row['user_id'] . '</td> <td width="95%"'; if ($i % 2 == 0) { echo ' bgcolor="#dddddd" '; } echo ' align="center"><a href="index.php?page=komentarze&action=galerie&typ=g&id=' . $row['user_id'] . '" title="Zobacz komentarze">' . $row['user_login'] . '</a> [' . $ilek . ']</td> </tr>'; $i++; } echo '</table>'; if ($i == "1") { echo '<center><b>Brak</b></center>'; } } else { $k = 0; $Query = 'SELECT * FROM ' . $pre . 'komentarze WHERE kom_typ="g" AND kom_idk="' . db_real_escape_string($_GET['id']) . '" ORDER by kom_id DESC '; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { echo ' Nick: <b>'; if ($row['kom_idu'] == "") { echo '' . $row['kom_nick'] . ''; } else { echo '<a href="../user/' . namen($row['kom_nick']) . '/' . $row['kom_idu'] . '">' . $row['kom_nick'] . '</a>'; } echo '</b> Data: <b>' . $row['kom_data'] . '</b> - <b><a href="index.php?page=komentarze&action=galerie&typ=g&id=' . htmlspecialchars($_GET['id']) . '&id_del=' . $row['kom_id'] . '&v=delete"><b>Usuń</b></a></b><br> ' . $row['kom_tresc'] . '<br><hr><br> '; $k++; } if ($k == "0") {
if ($_GET['action'] == "woj") { echo ' <br> <a name="glowne"></a> <br>'; echo ' <form action="dodaj_woj.php" method="POST"> ' . $lang['47'] . ' <input type="text" name="nazwa"><input type="submit" name="ddd" value="' . $lang['48'] . '"></form> '; if ($_GET['v'] == "dodane") { echo '<div id="ukryj" ><br><br><div id="green" style="border-style:solid;border-width:thin;width:400px;height:30px;text-align:center;display:table-cell;vertical-align:middle;border-color:black;background-color:#e9ffd3;"><center><b>' . $lang['49'] . '</b></center></div></div>'; } if ($_GET['v'] == "delete") { $del = "DELETE FROM " . $pre . "woj WHERE w_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($del); echo '<div id="ukryj" ><br><br><div id="red" style="border-style:solid;border-width:thin;width:400px;height:30px;text-align:center;display:table-cell;vertical-align:middle;border-color:black;background-color:#fde1e1;"><center><b>' . $lang['50'] . '</b></center></div></div>'; } echo '<br><br> <table width="40%" cellspacing="0" cellpadding="0" style="border: 1px solid #cccccc;"> <tr> <td width="5%" background="style/images/belka.gif" height="24" align="center"><b></b></td> <td width="90%" background="style/images/belka.gif" height="24" align="center"><b>' . $lang['51'] . '</b></td> <td width="5%" background="style/images/belka.gif" height="24" align="center"><b>' . $lang['52'] . '</b></td> </tr>'; $i = 1; $Query = 'SELECT * FROM ' . $pre . 'woj ORDER by w_id DESC '; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { echo '<tr>
<?php include "subheader.php"; $Query = 'SELECT * FROM ' . $pre . 'czlonkowie WHERE c_g="' . db_real_escape_string($_GET['id']) . '" and c_user="******" and c_akt="1" '; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $smarty->assign("czlonek", $row['c_akt']); } $Query = 'SELECT * FROM ' . $pre . 'grupa WHERE g_id="' . db_real_escape_string($_GET['id']) . '" ORDER by g_nazwa ASC'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $g_id = $row['g_id']; $g_nazwan = namen($row['g_nazwa']); $g_nazwa = $row['g_nazwa']; $g_typ = $row['g_typ']; $g_data = $row['g_data']; $g_user = $row['g_user']; } $smarty->assign("g_id", $g_id); $smarty->assign("g_typ", $g_typ); $smarty->assign("g_nazwan", $g_nazwan); $smarty->assign("g_nazwa", $g_nazwa); $smarty->assign("g_data", $g_data); $smarty->assign("g_user", $g_user); $Query = 'SELECT * FROM ' . $pre . 'temat WHERE t_g=' . $g_id . ' ORDER by t_dataz DESC'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $gt_id[] = $row['t_id']; $gt_nazwan[] = namen($row['t_nazwa']); $gt_nazwa[] = $row['t_nazwa']; $gt_data[] = $row['t_data'];
$smarty->assign("k_n", "1"); } } } $kom_ile = 0; $Query = 'SELECT * FROM ' . $pre . 'komentarze WHERE kom_idk="' . db_real_escape_string($_GET['id']) . '" AND kom_typ="n" ORDER by kom_id DESC'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $kom_data[] = $row['kom_data']; $kom_nick[] = $row['kom_nick']; $kom_nickn[] = namen($row['kom_nick']); $kom_tresc[] = $row['kom_tresc']; $kom_idu[] = $row['kom_idu']; $kom_ile++; } $Query = "SELECT * FROM " . $pre . "news WHERE news_wys='1' AND news_id='" . db_real_escape_string($_GET['id']) . "' ORDER by news_id DESC"; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $news_tytul = $row['news_tytul']; $news_tytul_n = namen($row['news_tytul']); $news_tresc = $row['news_tresc']; $news_data = $row['news_data']; $news_autor = $row['news_user']; $news_autorn = namen($row['news_user']); $news_autorid = $row['news_userid']; $news_id = $row['news_id']; $ocena = $row['news_ocena']; $ileg = $row['news_ileg']; $wys = $row['news_wys']; } if ($wys == 1) {
<?php session_start(); include '../db_connect.php'; if ($_SESSION['logadm'] == "adm") { if ($_POST['nazwa'] != "") { $up = "UPDATE " . $pre . "menu SET menu_nazwa='" . $_POST['nazwa'] . "', menu_tresc='" . $_POST['tresc'] . "', menu_wys='" . $_POST['wys'] . "', menu_t='" . $_POST['tf'] . "' WHERE menu_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($up); } else { header('Location: index.php?page=menu&e=t'); exit; } } header('Location: index.php?page=menu&e=2');
<?php session_start(); include "../db_connect.php"; include "../include/ust.php"; if ($_SESSION['user_id'] >= 1) { $up = "UPDATE " . $pre . "foto SET fo_opis='" . htmlspecialchars($_POST['opis']) . "' WHERE fo_id='" . db_real_escape_string($_POST['id']) . "' and fo_user='******'user_id'] . "'"; db_query($up); } header("Location: " . $ust['adres'] . "user/moje-zdjecia/"); exit;
$del = "DELETE FROM " . $pre . "friend WHERE fo_id='" . $row['fo_id'] . "'"; db_query($del); } $Query = 'SELECT * FROM ' . $pre . 'komentarze WHERE kom_idu="' . db_real_escape_string($user_id) . '"'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $del = "DELETE FROM " . $pre . "komentarze WHERE kom_id='" . $row['kom_id'] . "'"; db_query($del); } $Query = 'SELECT * FROM ' . $pre . 'pw WHERE pw_od="' . db_real_escape_string($user_id) . '" or pw_do="' . db_real_escape_string($user_id) . '"'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $del = "DELETE FROM " . $pre . "pw WHERE pw_id='" . $row['pw_id'] . "'"; db_query($del); } $Query = 'SELECT * FROM ' . $pre . 'foto WHERE fo_user="******"'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { @unlink("../upload/zdjecia/" . $row['fo_fm']); @unlink("../upload/zdjecia/" . $row['fo_fd']); $del = "DELETE FROM " . $pre . "foto WHERE fo_id='" . $row['fo_id'] . "'"; db_query($del); } unset($_SESSION['logadm']); unset($_SESSION['user_nick']); unset($_SESSION['user_id']); unset($_SESSION['user_t']); setcookie("autologin", "", time() - 86400000); header("Location: " . $ust['adres'] . "user/usun-konto/2"); exit; }
} if ($_GET['v'] == "readm") { $del = "UPDATE " . $pre . "user SET user_t='1' WHERE user_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($del); echo '<div id="ukryj" ><div id="red" style="border-style:solid;border-width:thin;width:400px;height:30px;text-align:center;display:table-cell;vertical-align:middle;border-color:black;background-color:#fde1e1;"><center><b>' . $lang['200'] . '</b></center></div></div><br>'; } if ($_GET['e'] == 1) { echo '<div id="ukryj" ><div id="green" style="border-style:solid;border-width:thin;width:400px;height:30px;text-align:center;display:table-cell;vertical-align:middle;border-color:black;background-color:#e9ffd3;"><center><b>' . $lang['201'] . '</b></center></div></div><br>'; } if ($_GET['nh'] == 1) { echo '<div id="ukryj" ><div id="green" style="border-style:solid;border-width:thin;width:400px;height:30px;text-align:center;display:table-cell;vertical-align:middle;border-color:black;background-color:#e9ffd3;"><center><b>' . $lang['202'] . '</b></center></div></div><br>'; } if ($_GET['nh'] == 2) { echo '<div id="ukryj" ><div id="green" style="border-style:solid;border-width:thin;width:400px;height:30px;text-align:center;display:table-cell;vertical-align:middle;border-color:black;background-color:#e9ffd3;"><center><b>' . $lang['203'] . '</b></center></div></div><br>'; } $Query = 'SELECT * FROM ' . $pre . 'user WHERE user_id="' . db_real_escape_string($_GET['id']) . '" '; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { echo ' <table> <tr> <td align="center">'; if ($row['user_akt'] != "1") { echo '<a href="index.php?page=user&action=view&id=' . $row['user_id'] . '&strona=' . $_GET['strona'] . '&sort=' . $_GET['sort'] . '&q=' . $_GET['q'] . '&query=' . $_GET['query'] . '&v=akt&id=' . $row['user_id'] . '"><img src="style/images/ok16r.png" title="' . $lang['204'] . '"></a>'; } else { echo '<a href="index.php?page=user&action=view&id=' . $row['user_id'] . '&strona=' . $_GET['strona'] . '&sort=' . $_GET['sort'] . '&q=' . $_GET['q'] . '&query=' . $_GET['query'] . '&v=dakt&id=' . $row['user_id'] . '"><img src="style/images/ok16.png" title="' . $lang['205'] . '"></a>'; } echo '</td> <td align="center">'; if ($row['user_t'] == "3") {
</td> </tr> <div id="paneltresc"> <tr> <td valign="top"><b>' . $lang['341'] . '</b></td> <td><textarea name="tresc" style="width:300px;height:100px;" ></textarea></td> </tr> </div> </table> <input type="submit" value="' . $lang['342'] . '" name="addcat"> </form> '; } if ($_GET['action'] == "edit") { $Query = 'SELECT * FROM ' . $pre . 'menu WHERE menu_id="' . db_real_escape_string($_GET['id']) . '" limit 1'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { echo ' <center> <form action="up_menu.php?id=' . $row['menu_id'] . '" method="POST" name="frmn" onSubmit="return sprn()"> <table> <tr> <td><b>' . $lang['334'] . '</b></td> <td><input type="text" name="nazwa" style="width:250px;" value="' . $row['menu_nazwa'] . '"></td> </tr> <tr> <td><b>' . $lang['335'] . '</b></td> <td><input type="checkbox" name="wys" value="1" '; if ($row['menu_wys']) {
<?php include "subheader.php"; $Query = "SELECT * FROM " . $pre . "strony WHERE strony_wys='1' AND strony_id='" . db_real_escape_string($_GET['id']) . "' ORDER by strony_id DESC"; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $page_nazwa = $row['strony_nazwa']; $page_id = $row['strony_id']; $page_nazwa_n = namen($row['strony_nazwa']); $page_tresc = $row['strony_tresc']; $wys = $row['strony_wys']; } if ($wys == 1) { $smarty->assign("page_nazwa", $page_nazwa); $smarty->assign("page_nazwa_n", $page_nazwa_n); $smarty->assign("page_tresc", $page_tresc); $smarty->assign("page_id", $page_id); $smarty->assign("title", $page_nazwa . ' - ' . $ust['nazwa']); } $smarty->display($ust['templates'] . '/page.tpl');
} //------------------------- if ($_POST['upcatg']) { if ($_POST['nazwa'] != "") { include "include/add_cat_img.php"; $fotm = @imggd($ust); if ($_POST['del'] == 1 and $fotm == "") { $up = "UPDATE " . $pre . "gift SET ga_img='', gi_nazwa='" . htmlspecialchars($_POST['nazwa']) . "', gi_money='" . htmlspecialchars($_POST['money']) . "', gi_cena='" . htmlspecialchars($_POST['cena']) . "' WHERE gi_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($up); } else { if ($fotm == "") { $up = "UPDATE " . $pre . "gift SET gi_nazwa='" . htmlspecialchars($_POST['nazwa']) . "', gi_money='" . htmlspecialchars($_POST['money']) . "', gi_cena='" . htmlspecialchars($_POST['cena']) . "' WHERE gi_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($up); } else { if ($fotm != "") { $up = "UPDATE " . $pre . "gift SET gi_img='" . $fotm . "', gi_nazwa='" . htmlspecialchars($_POST['nazwa']) . "', gi_money='" . htmlspecialchars($_POST['money']) . "', gi_cena='" . htmlspecialchars($_POST['cena']) . "' WHERE gi_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($up); } } } header("Location: " . $ust['adres'] . "admin/index.php?page=gift&e=2"); exit; } else { header("Location: " . $ust['adres'] . "admin/index.php?page=galerie&e=t"); exit; } } } //------------------------- ?> <html>
protected static function delete_attrib($id, $attrib, $val = false) { Error::generate('debug', "delete_attrib({$id}, {$attrib}, {$val})"); if (is_int($attrib)) { $attribid = $attrib; } else { $attribid = static::get_attrib_id($attrib); } $attribtype = static::get_attrib_type($attribid); $attribprops = static::get_attrib_props($attribid); switch ($attribtype) { case static::ATTRIB_TYPE_STRING: $datacol = 'stringdata'; break; case static::ATTRIB_TYPE_INT: $datacol = 'intdata'; break; default: Error::generate('debug', "Bad attribute type in store_attrib({$id}, {$attribstr}, {$val})"); return false; } if ($val) { $val = db_real_escape_string($val); $valconstraint = "AND {$datacol}='{$val}'"; } else { $valconstraint = ''; } db_query("DELETE FROM %s_data WHERE attrib='%d' AND id='%d' {$valconstraint}", static::subGetClass(), $attribid, $id); if (db_affected_rows() >= 1) { static::$cache[$id][$attribid] = false; return true; } else { Error::generate('debug', 'could not delete attribute'); return false; } }
<?php $tab_saf_z = array(");", "\$", "<?", "?>", ".'", "eval", "base64_decode", "base64_", '."', "`"); $tab_saf_na = array("", " \$ ", "", "", "'", "", "", "", ' " ', ""); if (isset($_POST)) { foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = is_array($key) ? $_POST[$key] : db_real_escape_string(str_replace($tab_saf_z, $tab_saf_na, $_POST[$key])); } } } if (isset($_GET)) { foreach ($_GET as $key => $value) { $_GET[$key] = is_array($key) ? $_GET[$key] : db_real_escape_string(str_replace($tab_saf_z, $tab_saf_na, $_GET[$key])); } }
session_start(); include "../db_connect.php"; include "../include/function.php"; if ($_SESSION['user_id'] >= 1) { if ($_COOKIE['lang'] != "" and isset($_COOKIE['lang']) and strlen($_COOKIE['lang']) <= 3) { $u_usr['lang'] = substr($_COOKIE['lang'], 0, 3); } else { $u_usr['lang'] = $ust['lang_d']; } include "../lang/" . $u_usr['lang'] . "/site.php"; } if ($_SESSION['user_id'] >= 1) { $Query = 'SELECT * FROM ' . $pre . 'czlonkowie WHERE c_id="' . db_real_escape_string($_GET['id']) . '"'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $g_user = $row['c_user']; $g_g = $row['c_g']; } $Query = 'SELECT * FROM ' . $pre . 'grupa WHERE g_id="' . $g_g . '" ORDER by g_nazwa ASC'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $g_typ = $row['g_typ']; $g_id = $row['g_id']; $g_nazwa = $row['g_nazwa']; } $del = "UPDATE " . $pre . "czlonkowie SET c_akt='1' WHERE c_id='" . db_real_escape_string($_GET['id']) . "'"; db_query($del); $in = "INSERT INTO " . $pre . "pw(`pw_tytul`, `pw_tresc`, `pw_od`, `pw_do`, `pw_data`, `pw_typ`)VALUES('" . $lang['598'] . " " . $g_nazwa . "','" . $lang['599'] . " " . $g_nazwa . "', '0', '" . $g_user . "', NOW(), '1')"; db_query($in); } header("Location: " . $_SERVER['HTTP_REFERER'] . "");
function sync_controller() { require "Models/feed_model.php"; global $session, $action, $format; $output['content'] = ""; $output['message'] = ""; $url = urldecode($_GET['url']); $remotekey = db_real_escape_string(preg_replace('/[^.\\/A-Za-z0-9]/', '', $_GET['remotekey'])); // Register a feed to be downloaded action // sync/feed?url=URL &remotekey=REMOTEKEY &id=FEEDID &name=FEEDNAME if ($action == "feed" && $session['write']) { $id = intval($_GET['id']); $name = preg_replace('/[^\\w\\s-.]/', '', $_GET["name"]); $localfeedid = get_feed_id($session['userid'], $name); if (!$localfeedid) { $localfeedid = create_feed($session['userid'], $name, 1, 0); } // Make sure feed is not already in que $result = db_query("SELECT * FROM importqueue WHERE baseurl='{$url}' AND apikey='{$remotekey}' AND feedid='{$id}' AND localfeedid='{$localfeedid}'"); if (!db_fetch_array($result)) { db_query("INSERT INTO importqueue (`baseurl`,`apikey`,`feedid`,`localfeedid`) VALUES ('{$url}','{$remotekey}','{$id}','{$localfeedid}')"); } } // SYNC Page display if ($session['write']) { $settingsarray = get_user_settingsarray($session['userid']); if (!$url || !$remotekey) { $url = $settingsarray->remoteurl; $remotekey = $settingsarray->remotekey; } if ($url && $remotekey) { $settingsarray->remoteurl = $url; $settingsarray->remotekey = $remotekey; set_user_settingsarray($session['userid'], $settingsarray); // Request feed list $fh = @fopen($url . "/feed/list.json?apikey=" . $remotekey, 'r'); // Read reply $data = ""; while (($buffer = fgets($fh)) !== false) { $data .= $buffer; } // Convert into feedlist array $remote_feeds = json_decode($data); fclose($fh); /* This section gets import queue location of the feeds */ // Get id position of first feed in line $result = db_query("SELECT * FROM importqueue ORDER BY `queid` Asc LIMIT 1"); $row = db_fetch_array($result); $first_in_line = $row['queid']; // For each feed check that the feed exists in the import que and calculate its position for ($i = 0; $i < count($remote_feeds); $i++) { $id = $remote_feeds[$i][0]; $localfeedid = get_feed_id($session['userid'], $remote_feeds[$i][1]); $result = db_query("SELECT * FROM importqueue WHERE baseurl='{$url}' AND apikey='{$remotekey}' AND feedid='{$id}' AND localfeedid='{$localfeedid}'"); if ($row = db_fetch_array($result)) { $remote_feeds[$i]['inque'] = "Queue position: " . ($row['queid'] - $first_in_line); } if ($localfeedid) { $localfeedname = "feed_" . trim($localfeedid) . ""; $localfeedtime_result = db_query("SELECT * FROM {$localfeedname} ORDER BY time Desc LIMIT 1"); $localfeedtime_row = db_fetch_array($localfeedtime_result); $time_diff = ($remote_feeds[$i][3] / 1000 - $localfeedtime_row[0]) / 3600; $remote_feeds[$i]['synctime'] = intval($time_diff) . " hours"; if ($time_diff > 48) { $remote_feeds[$i]['synctime'] = intval($time_diff / 24) . " days"; } if ($time_diff > 24 * 365) { $remote_feeds[$i]['synctime'] = intval($time_diff / (24 * 365)) . " years"; } } else { $remote_feeds[$i]['synctime'] = "no local feed"; } } } $output['content'] = view("sync_view.php", array('url' => $url, 'remotekey' => $remotekey, 'feeds' => $remote_feeds)); } return $output; }