<?php include '../core/main.class.php'; $main = new Main(); //check for loged in $id = Security::secureString($_GET['id']); $status = Security::secureString($_GET['status']); if (session::check() && session::get_param('admin')) { $main->con()->db_query("UPDATE feedback_ideas SET status='{$status}' WHERE id='{$id}'"); $info = array('status' => '<div id="status_' . $id . '" class="nr_votes ' . render::giveStatus($status, "class") . '">' . render::giveStatus($status, "text") . '</div>', 'adm_com' => '<div id="com_status_' . $id . '" class="ad_' . render::giveStatus($status, "class") . '"></div>'); echo json_encode($info); }
<?php include '../core/main.class.php'; $main = new Main(); //check for loged in $id = Security::secureString($_GET['id']); $idea = mysql_fetch_array($main->con()->db_query("SELECT votes FROM feedback_ideas WHERE id='{$id}'")); if (session::check()) { $voter_id = session::get_param('user_id'); $main->con()->db_query("UPDATE feedback_ideas SET votes=votes+1 WHERE id='{$id}'"); $main->con()->db_query("INSERT INTO feedback_votes (idea_id,voter_id) VALUES('{$id}','{$voter_id}')"); } echo render::dynamicFont(number_format($idea['votes'] + 1, 0, '', ','), 32); ?> <br/> votes<br/>
<?php include '../../../core/main.class.php'; $main = new Main(); //check for loged in $title = Security::secureString($_GET['title']); $descr = Security::secureString($_GET['description']); $auth_id = session::get_param('user_id'); $main->con()->db_query("INSERT INTO feedback_ideas (idea,description,sub_date,auth_id) VALUES('{$title}','{$descr}',NOW(),'{$auth_id}')"); //insert si in votes votu lu asta! $id = mysql_insert_id(); $idea = mysql_fetch_array($main->con()->db_query("SELECT idea,id FROM feedback_ideas WHERE id='{$id}'")); $url = HTTP_CORE_BASE . 'idea/id/' . $idea['id'] . '/' . render::makeTitle($idea['idea']); echo '&url=' . $url;
$email = strtolower(Security::secureString($_GET['email'])); $password = Security::secureString($_GET['password']); $rpassword = Security::secureString($_GET['rpassword']); if ($password == $rpassword) { $pass = md5($password); } else { $msg = 'The passwords did not match!'; } if ($main->con()->db_query("INSERT INTO members (username,email,password,joindate) VALUES('{$username}','{$email}','{$pass}',NOW())")) { $msg = 'The user was created!'; } echo $msg; break; case 'login': $username = strtolower(Security::secureString($_GET['username'])); $password = md5(Security::secureString($_GET['password'])); $error = '0'; $msg = ''; $admin = false; $sql_check = $main->con()->db_query("SELECT username,password,id,admin FROM members WHERE username='******' AND password='******'"); if (mysql_num_rows($sql_check)) { $row = mysql_fetch_assoc($sql_check); session::start_secure_session(); session::add_param("admin", $row['admin']); session::add_param("user_id", $row['id']); session::add_param("username", $username); } else { $error = '1'; $msg = 'Acest user nu exista!'; } echo '&error=' . $error . '&msg=' . $msg;
<?php /** * Copyright: ajaxmasters.com * Original Authors: ajaxmasters.com */ include 'core/main.class.php'; $main = new Main(); $users = new Users(); //get pars except for page $pars = parseUrl::get_pars($_GET['pars']); //get page name and store it in a variable $pagename = parseUrl::get_page(Security::secureString($_GET['pars'])); $filename = $main->modulesUrl($pagename); //include the header of every module $controller = $main->controllerUrl($pagename); if (is_file($controller)) { include_once $controller; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <?php include_once CORE_DIR . "meta_tags.php"; ?> <link rel="stylesheet" href="<?php echo HTTP_CORE_BASE; ?>
<?php include '../../../core/main.class.php'; $main = new Main(); $term = Security::secureString($_GET['term']); $result_resources = $main->con()->db_query("SELECT *, MATCH(idea, description) AGAINST('{$term}') AS score FROM feedback_ideas\n WHERE MATCH(idea, description) AGAINST('{$term}') ORDER BY score DESC LIMIT 30"); while ($info = mysql_fetch_array($result_resources)) { $ideas[] = $info; } $voted_ideas = array(); if (session::check()) { $videas_q = $main->con()->db_query("SELECT idea_id FROM feedback_votes WHERE voter_id='" . session::get_param('user_id') . "'"); while ($i_videas = mysql_fetch_assoc($videas_q)) { $voted_ideas[] = $i_videas; } } $highliter = '<span style="background:yellow;">\\1</span>'; if (!empty($ideas)) { foreach ($ideas as $idea) { ?> <div id="idea_<?php echo $idea['id']; ?> " class="idea_container"> <div class="votes"> <div id="nr_votes_<?php echo $idea['id']; ?> " class="nr_votes <?php echo $idea['status'] == 4 || render::checkVoted($idea['id'], $voted_ideas) ? 'full' : ''; ?>
<?php include '../../../core/main.class.php'; $main = new Main(); if (session::check()) { $user_id = session::get_param('user_id'); $idea_id = Security::secureString($_GET['idea_id']); $comment = Security::secureString(strip_tags($_GET['comment'])); $admin_change = Security::secureString(strip_tags($_GET['admin_change'])); if ($admin_change == '1') { $main->con()->db_query("UPDATE feedback_ideas SET admin_comment='{$comment}' WHERE id='{$idea_id}'"); } else { $main->con()->db_query("INSERT INTO feedback_comments (idea_id,user_id,comment,date) VALUES('{$idea_id}','{$user_id}','{$comment}',NOW())"); $main->con()->db_query("UPDATE feedback_ideas SET comments=comments+1 WHERE id='{$idea_id}'"); } } ?>