public function deletePost($id) { $this->id = protectVar($id); $query = $this->sql->sendQuery("DELETE FROM " . __PREFIX__ . "posts WHERE id = '" . $this->id . "';") or die(mysql_error()); if ($query == TRUE) { return TRUE; } else { return FALSE; } }
public function newPost($text, $id_posts) { $this->username = protectVar($_COOKIE['username']); $this->text = protectVar($text); $this->id_posts = protectVar($id_posts); $query = $this->sql->sendQuery("INSERT INTO " . __PREFIX__ . "posts (author, text, date_time, id_topics) VALUES ('" . $this->username . "', '" . $this->text . "', '" . $this->date_time . "', '" . $this->id_posts . "')") or die(mysql_error()); $query = $this->sql->sendQuery("UPDATE " . __PREFIX__ . "topics SET date_time = '" . $this->date_time . "', last_author = '" . $this->username . "' WHERE id = '" . $this->id_posts . "'") or die(mysql_error()); $query = $this->sql->sendQuery("SELECT * FROM " . __PREFIX__ . "topics WHERE id = '" . $this->id_posts . "'") or die(mysql_error()); $ris = mysql_fetch_array($query); $id_section = $ris['id_sections']; $query = $this->sql->sendQuery("UPDATE " . __PREFIX__ . "sections SET date_time = '" . $this->date_time . "', last_author = '" . $this->username . "' WHERE id = '" . $id_section . "'") or die(mysql_error()); }
<tr /> <tr> <td> </td> <td> <input type="submit" value="Edit Section" /> </td> </tr> </table> <input type="hidden" name="id_topic" value="' . (int) @$_GET['id'] . '" /> </form>'; if (!empty($_POST['name']) && !empty($_POST['description'])) { if (!$section->editSection($_POST['id'], $_POST['name'], $_POST['description'])) { print "Section edited with success.<br />"; print '<meta http-equiv="refresh" content="3;url=admin.php" />'; } } } elseif ($action == 3) { @($id = protectVar($_REQUEST['id'])); if (empty($id)) { print '<form method="POST" action="?action=3&id=' . $id . '" />ID Section: <input type="text" name="id" value="' . $id . '" /><br /><input type="submit" value="Delete" /></form>'; } else { if (empty($id)) { die("ID NON specificato!"); } if ($section->deleteSection($id) == TRUE) { print "Section deleted with success.<br />"; print '<meta http-equiv="refresh" content="3;url=index.php" />'; } } } elseif ($action == 4) { $name = !empty($_POST['name']) ? htmlspecialchars($_POST['name']) : ""; $description = !empty($_POST['description']) ? htmlspecialchars($_POST['description']) : ""; print '<form method="POST" action="?action=4">
} else { print "<script> window.location='index.php' </script>"; } } else { echo "<script>alert(\"Errore! Inserire Nome e Testo.\"); windows.location=\"viewSection.php\";</script>"; } } } else { include "include/security.php"; $template = new DxTemplate(); print $template->Head("viewSection"); print $template->includeCSS("template/Default/style.tmp"); print $template->includeJS("include/menu.js"); print $template->openBody(0); print '<center>'; print $template->openDiv("header"); print $template->closeDiv(); print $template->openDiv("body"); print $template->setMenu(explode('/', $_SERVER['PHP_SELF']), 5); $id = protectVar($_GET['id']); if (empty($id)) { die("<p align='center'>ID non specificato!</p>"); } $template->printTopics($id); print $template->closeDiv(); // print $template->openDiv ("body-left"); // $template->printLastMessageTopics ($id); // print $template->closeDiv(); print '</center>'; print $template->closeBody(); }
<?php include "include/config.php"; include "include/mysql.class.php"; include "include/security.php"; if (@$_REQUEST['install'] == 1) { $sql = new MySQL($date["db_host"], $date["db_user"], $date["db_pass"], $date["db_name"]); mysql_query("CREATE TABLE IF NOT EXISTS `" . __PREFIX__ . "user` (\n `id` int(5) NOT NULL auto_increment,\n `username` varchar(255) default NULL,\n `password` varchar(255) default NULL,\n `class` varchar(255) default NULL,\n `timesession` int(11) NOT NULL default '0',\n `clickup` text NOT NULL,\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;") or die(mysql_error()); echo "Table 'user' created with success<br>"; mysql_query("CREATE TABLE IF NOT EXISTS `" . __PREFIX__ . "sections` (\n `id` int(5) NOT NULL auto_increment,\n `name` varchar(255) default NULL,\n `description` varchar(225) NOT NULL default '',\n `last_author` varchar(225) NOT NULL default '',\n `date_time` varchar(225) NOT NULL default '',\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;") or die(mysql_error()); echo "Table 'sections' created with success<br>"; mysql_query("CREATE TABLE IF NOT EXISTS `" . __PREFIX__ . "topics` (\n `id` int(5) NOT NULL auto_increment,\n `name` varchar(255) default NULL,\n `author` varchar(255) NOT NULL default '',\n `last_author` varchar(255) NOT NULL default '',\n `text` text NOT NULL,\n `date_time` varchar(255) NOT NULL default '',\n `id_sections` int(5) default NULL,\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;") or die(mysql_error()); echo "Table 'topics' created with success<br>"; mysql_query("CREATE TABLE IF NOT EXISTS `" . __PREFIX__ . "posts` (\n `id` int(5) NOT NULL auto_increment,\n `author` varchar(255) default NULL,\n `text` varchar(255) default NULL,\n `date_time` text NOT NULL,\n `id_topics` int(11) NOT NULL default '0',\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;") or die(mysql_error()); echo "Table 'posts' created with success<br>"; $user = protectVar($_REQUEST['username']); $pass = sha1(md5($_REQUEST['password'])); mysql_query("INSERT INTO `" . __PREFIX__ . "user` (`id`, `username`, `password`, `class`, `timesession`, `clickup`) VALUES ('1', '{$user}', '{$pass}', 'admin', '0', '');"); echo "User <b>'{$user}'</b> created with success<br>"; print "<br><br><br><br><p><a href=\"index.php\">Vai alla Home Page</a><br/><br/> <font color='red'>PRIMA CANCELLA IL FILE SEGENTE <u>install.php</u></font></p>"; } else { ?> <html> <head><title>Installation DxBB</title></head> <body> <h2 align="center">Installation</h2> <br /> <form methos="POST" /> => Dati di amministrazione_</br /><br /> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br />
public function printTopics($id) { $query_t = $this->sql->sendQuery("SELECT * FROM " . __PREFIX__ . "topics WHERE id_sections = '" . (int) $id . "'"); $query_m = $this->sql->sendQuery("SELECT * FROM " . __PREFIX__ . "topics WHERE id_sections = '" . (int) $id . "'"); $control_admin = $this->sql->sendQuery("SELECT * FROM " . __PREFIX__ . "user WHERE username = '******'username']) . "'"); print '<table width="100%" class="body"> <tr><td>Topics:</td><td>Ultimo messaggio:</td></tr>'; while ($result = mysql_fetch_array($control_admin)) { $class = $result['class']; $password = $result['password']; } while ($result_t = mysql_fetch_array($query_t)) { $date_time = preg_replace("[/,: ]", "", $result_t['date_time']); $code_left[] = '<td><p class="sections"><a class="link" href="viewTopic.php?id=' . $result_t['id'] . '">' . $result_t['name'] . "</a><br />"; if (@$class == 'admin' && $password == $_COOKIE['password']) { if ($this->MarkAsNewPost->SetNewPost($date_time)) { if ($this->MarkAsNewPost->UnsetNewPost($result_t['id'], $date_time)) { $code_left[] = "<a class='link' href='admin.php?action=5&id=" . $result_t['id'] . "'>[x]</a></p></td>\n\t\t\t"; } else { $code_left[] = "<a class='link' href='admin.php?action=5&id=" . $result_t['id'] . "'>[x]</a>[NEW]</p></td>\n\t\t\t"; } } else { $code_left[] = "<a class='link' href='admin.php?action=5&id=" . $result_t['id'] . "'>[x]</a> </p></td>\n\t\t\t"; } } else { if ($this->MarkAsNewPost->SetNewPost($date_time)) { if ($this->MarkAsNewPost->UnsetNewPost($result_t['id'], $date_time)) { $code_left[] = "</p></td>\n\t\t\t"; } else { $code_left[] = "[NEW]</p></td>\n\t\t\t"; } } else { $code_left[] = "</p></td>\n\t\t\t"; } } } while ($result_m = mysql_fetch_array($query_m)) { $code_right[] = '<td><p class="sections">' . $result_m['date_time'] . '<br />' . $result_m['last_author'] . '</p></td>' . "\n\t\t\t"; } @($count_left = count($code_left)); @($count_right = count($code_right)); $i = 0; $j = 0; while ($i < $count_left - 1) { print "<tr>"; print $code_left[$i] . $code_left[++$i]; print $code_right[$j++]; print "</tr>"; $i++; } print "</table>"; }