/** * Send key to db */ public function send_key_to_db() { if (!self::$flag_key_sent_to_db) { $db = new db($this->db_link); // todo: disable logging in db $db->query("SELECT set_config('sm.numbers.crypt.key', '" . $db->escape($this->key) . "', false)"); $db->query("SELECT set_config('sm.numbers.crypt.options', '" . $db->escape($this->cipher) . "', false)"); // todo: enable logging in db self::$flag_key_sent_to_db = true; } return true; }
public function __set($name, $value) { $s_name = db::escape($name); $s_val = db::escape($value); $s_uid = db::escape($this->_uid); return db::execute("REPLACE INTO 202_config (var_name, var_value, user_id)\n VALUES ('{$s_name}', '{$s_val}', '{$s_uid}')"); }
/** * Deletes a card * * @param mixed $addressBookId * @param string $cardUri * @return bool */ function deleteCard($addressBookId, $cardUri) { debug_log("deleteContactObject( {$addressBookId} , {$cardUri} )"); if (!$this->user->rights->societe->contact->supprimer) { return false; } if (strpos($cardUri, '-ct-') > 0) { $contactid = $cardUri * 1; // cardUri starts with contact id } else { $sql .= "SELECT `fk_object` FROM " . MAIN_DB_PREFIX . "socpeople_cdav\n\t\t\t\t\tWHERE `uuidext`= '" . $this->db->escape($cardUri) . "'"; // cardUri comes from external apps $result = $this->db->query($sql); if ($result !== false && ($row = $this->db->fetch_array($result)) !== false) { $contactid = $row['fk_object'] * 1; } else { return false; } // not found } $sql = "UPDATE " . MAIN_DB_PREFIX . "socpeople SET "; $sql .= " statut = 0, tms = NOW(), fk_user_modif = " . $this->user->id; $sql .= " WHERE rowid = " . $contactid; $res = $this->db->query($sql); return true; }
public static function update_visitor_log($uid, $force_update = false) { $http_referer = session::$db->escape(session::get_http_referer()); $user_agent = session::$db->escape(session::get_user_agent()); $ip_address = session::$db->escape(get_ip_address()); if (!($forum_fid = get_forum_fid())) { $forum_fid = 0; } $current_datetime = date(MYSQL_DATETIME, time()); $uid = is_numeric($uid) && $uid > 0 ? session::$db->escape($uid) : 'NULL'; if (!($search_id = session::is_search_engine())) { $search_id = 'NULL'; } if (!$force_update) { $sql = "SELECT UNIX_TIMESTAMP(MAX(LAST_LOGON)) FROM VISITOR_LOG WHERE FORUM = {$forum_fid} "; $sql .= "AND ((UID = {$uid} AND {$uid} IS NOT NULL) OR (SID = {$search_id} AND {$search_id} IS NOT NULL) "; $sql .= "OR (IPADDRESS = '{$ip_address}' AND {$uid} IS NULL AND {$search_id} IS NULL))"; if (!($result = session::$db->query($sql))) { return false; } list($last_logon) = $result->fetch_row(); } if (!isset($last_logon) || $last_logon < time() - HOUR_IN_SECONDS) { $sql = "REPLACE INTO VISITOR_LOG (FORUM, UID, LAST_LOGON, IPADDRESS, REFERER, USER_AGENT, SID) "; $sql .= "VALUES ('{$forum_fid}', {$uid}, CAST('{$current_datetime}' AS DATETIME), '{$ip_address}', "; $sql .= "'{$http_referer}', '{$user_agent}', {$search_id})"; if (!session::$db->query($sql)) { return false; } } return true; }
/** * Returns condition code for sql query * * @param bool should returned condition code start with WHERE (false) or AND (true)? * @return string the condition code */ function getSqlWhere($append = false) { if ($this->searchtext != '') { if ($append == true) { $condition = ' AND '; } else { $condition = ' WHERE '; } $searchfield = explode('.', $this->searchfield); foreach ($searchfield as $id => $field) { if (substr($field, -1, 1) != '`') { $field .= '`'; } if ($field[0] != '`') { $field = '`' . $field; } $searchfield[$id] = $field; } $searchfield = implode('.', $searchfield); $searchtext = str_replace('*', '%', $this->searchtext); $condition .= $searchfield . ' LIKE "' . $this->db->escape($searchtext) . '" '; } else { $condition = ''; } return $condition; }
public function setCronLog($_cronlog = 0) { $_cronlog = (int) $_cronlog; if ($_cronlog != 0 && $_cronlog != 1) { $_cronlog = 0; } $this->db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` \n\t\t\t\t SET `value`='" . $this->db->escape($_cronlog) . "' \n\t\t\t\t WHERE `settinggroup`='logger' \n\t\t\t\t AND `varname`='log_cron'"); return true; }
public function logAction($action = USR_ACTION, $type = LOG_NOTICE, $text = null) { if (parent::isEnabled()) { if (parent::getSeverity() <= 1 && $type == LOG_NOTICE) { return; } if (!isset($this->userinfo['loginname']) || $this->userinfo['loginname'] == '') { $name = 'unknown'; } else { $name = " (" . $this->userinfo['loginname'] . ")"; } $now = time(); if ($text != null && $text != '') { $this->db->query("INSERT INTO `panel_syslog` (`type`, `date`, `action`, `user`, `text`)\n VALUES ('" . (int) $type . "', '" . $now . "', '" . (int) $action . "', '" . $this->db->escape($name) . "', '" . $this->db->escape($text) . "')"); } else { $this->db->query("INSERT INTO `panel_syslog` (`type`, `date`, `action`, `userid`, `text`)\n VALUES ('" . (int) $type . "', '" . $now . "', '" . (int) $action . "', '" . $this->db->escape($name) . "', 'No text given!!! Check scripts!')"); } } }
public function write($sessionId, $data) { if ($this->new) { Db::query(sprintf("INSERT into system.sessions(id, data, expires, lifespan) VALUES('%s', '%s', %d, %d)", $sessionId, Db::escape($data), time() + $this->lifespan, $this->lifespan), 'main'); } else { if ($_GET['no_extend'] == true) { return true; } else { Db::query(sprintf("UPDATE system.sessions SET data = '%s', expires = %d WHERE id = '%s'", db::escape($data), time() + $this->lifespan, $sessionId), 'main'); } } return true; }
/** * Base sql request for contacts * * @return string */ protected function _getSqlContacts() { $sql = 'SELECT p.*, co.label country_label, GREATEST(s.tms, p.tms) lastupd, s.code_client soc_code_client, s.code_fournisseur soc_code_fournisseur, s.nom soc_nom, s.address soc_address, s.zip soc_zip, s.town soc_town, cos.label soc_country_label, s.phone soc_phone, s.email soc_email, s.client soc_client, s.fournisseur soc_fournisseur, s.note_private soc_note_private, s.note_public soc_note_public, cl.label category_label FROM ' . MAIN_DB_PREFIX . 'socpeople as p LEFT JOIN ' . MAIN_DB_PREFIX . 'c_country as co ON co.rowid = p.fk_pays LEFT JOIN ' . MAIN_DB_PREFIX . 'societe as s ON s.rowid = p.fk_soc LEFT JOIN ' . MAIN_DB_PREFIX . 'c_country as cos ON cos.rowid = s.fk_pays LEFT JOIN ' . MAIN_DB_PREFIX . 'categorie_contact as cc ON cc.fk_socpeople = p.rowid LEFT JOIN ' . MAIN_DB_PREFIX . 'categorie_lang as cl ON (cl.fk_category = cc.fk_categorie AND cl.lang=\'' . $this->db->escape($this->langs->defaultlang) . '\') WHERE p.entity IN (' . getEntity('societe', 1) . ') AND (p.priv=0 OR (p.priv=1 AND p.fk_user_creat=' . $this->user->id . '))'; return $sql; }
/** * Mail notifications. */ public function sendMail($customerid = -1, $template_subject = null, $default_subject = null, $template_body = null, $default_body = null) { global $mail; // Some checks are to be made here in the future if ($customerid != -1) { // Get e-mail message for customer $usr = $this->db->query_first('SELECT `name`, `firstname`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = "' . (int) $customerid . '"'); $replace_arr = array('FIRSTNAME' => $usr['firstname'], 'NAME' => $usr['name'], 'SUBJECT' => $this->Get('subject', true)); } else { $replace_arr = array('SUBJECT' => $this->Get('subject', true)); } $result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int) $this->userinfo['adminid'] . '\' AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\' AND `templategroup`=\'mails\' AND `varname`=\'' . $template_subject . '\''); $mail_subject = html_entity_decode(replace_variables($result['value'] != '' ? $result['value'] : $default_subject, $replace_arr)); $result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int) $this->userinfo['adminid'] . '\' AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\' AND `templategroup`=\'mails\' AND `varname`=\'' . $template_body . '\''); $mail_body = html_entity_decode(replace_variables($result['value'] != '' ? $result['value'] : $default_body, $replace_arr)); if ($customerid != -1) { $mail->From = $this->settings['ticket']['noreply_email']; $mail->FromName = $this->settings['ticket']['noreply_name']; $mail->Subject = $mail_subject; $mail->Body = $mail_body; $mail->AddAddress($usr['email'], $usr['firstname'] . ' ' . $usr['name']); if (!$mail->Send()) { standard_error(array('errorsendingmail', $usr['email'])); } $mail->ClearAddresses(); } else { $admin = $this->db->query_first('SELECT `email` FROM `' . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int) $this->userinfo['adminid'] . "'"); $mail->From = $this->settings['ticket']['noreply_email']; $mail->FromName = $this->settings['ticket']['noreply_name']; $mail->Subject = $mail_subject; $mail->Body = $mail_body; $mail->AddAddress($admin['email'], $admin['firstname'] . ' ' . $admin['name']); if (!$mail->Send()) { standard_error(array('errorsendingmail', $admin['email'])); } $mail->ClearAddresses(); } }
/** * Updates an existing calendarobject, based on it's uri. * * The object uri is only the basename, or filename and not a full path. * * It is possible return an etag from this function, which will be used in * the response to this PUT request. Note that the ETag must be surrounded * by double-quotes. * * However, you should only really return this ETag if you don't mangle the * calendar-data. If the result of a subsequent GET to this object is not * the exact same as this request body, you should omit the ETag. * * @param mixed $calendarId * @param string $objectUri * @param string $calendarData * @return string|null */ function updateCalendarObject($calendarId, $objectUri, $calendarData) { debug_log("updateCalendarObject( {$calendarId} , {$objectUri} )"); //Check right on $calendarId for current user if (!in_array($calendarId, $this->_getCalendarsIdForUser())) { // not authorized return; } $calendarData = $this->_parseData($calendarData); if (!$calendarData || empty($calendarData)) { return; } $sql = "UPDATE " . MAIN_DB_PREFIX . "actioncomm \n\t\t\t\t\tSET\n\t\t\t\t\t\tlabel \t\t\t= '" . $this->db->escape($calendarData['label']) . "',\n\t\t\t\t\t\tdatep\t\t\t= '" . ($calendarData['fullday'] == 1 ? date('Y-m-d 00:00:00', $calendarData['start']) : date('Y-m-d H:i:s', $calendarData['start'])) . "',\n\t\t\t\t\t\tdatep2\t\t\t= '" . ($calendarData['fullday'] == 1 ? date('Y-m-d 23:59:59', $calendarData['end'] - 1) : date('Y-m-d H:i:s', $calendarData['end'])) . "',\n\t\t\t\t\t\tfulldayevent\t= " . (int) $calendarData['fullday'] . ",\n\t\t\t\t\t\tlocation \t\t= '" . $this->db->escape($calendarData['location']) . "',\n\t\t\t\t\t\tpriority \t\t= '" . $this->db->escape($calendarData['priority']) . "',\n\t\t\t\t\t\ttransparency \t= '" . $this->db->escape($calendarData['transparency']) . "',\n\t\t\t\t\t\tnote \t\t\t= '" . $this->db->escape($calendarData['note']) . "',\n\t\t\t\t\t\tpercent \t\t= " . (int) $calendarData['percent'] . ",\n\t\t\t\t\t\tfk_user_mod\t\t= '" . (int) $this->user->id . "',\n\t\t\t\t\t\tdurationp\t\t= " . ($calendarData['end'] - $calendarData['fullday'] - $calendarData['start']) . ",\n\t\t\t\t\t\ttms\t\t\t\t= NOW()\n\t\t\t\t\tWHERE id = " . (int) $calendarData['id']; $this->db->query($sql); return; }
public static function importUser($affiliate_id, $install_db) { // Grab user from directtrack db. //$s_addcode = db::escape($pub); $user = db::getRow("select * from prosper_master.affiliates WHERE affiliate_id='{$affiliate_id}'"); //md5 the user pass with salt $user_pass = salt_user_pass($_SESSION['login_pass']); $mysql['user_pass'] = db::escape($user_pass); //insert this user $user_sql = " \tINSERT INTO {$install_db}.`202_users`\n\t\t\t\t\t \tSET\tuser_email='" . $user['email'] . "',\n\t\t\t\t\t \t\tuser_name='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t \t\taddCode='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_timezone='-5',\n\t\t\t\t\t \t\tuser_time_register=NOW()"; //die($user_sql); $user_result = db::execute($user_sql); $user_id = mysql_insert_id(db::$db_write); $mysql['user_id'] = db::escape($user_id); $mysql['affiliate_id'] = $user['affiliate_id']; $md5token = md5(serialize($user) . uniqid()); $_SESSION['authtoken'] = $md5token; db::execute("insert into prosper_master.login_tokens(affiliate_id, user_id, user_name, token)\n\t\t values ('" . $mysql['affiliate_id'] . "', '" . $mysql['user_id'] . "', '" . $user['addCode'] . "', '" . $md5token . "');"); //update user preference table $user_sql = "INSERT INTO {$install_db}.`202_users_pref` SET user_id='" . $mysql['user_id'] . "'"; $user_result = db::execute($user_sql); }
$db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`%` = \'' . $current_password['password'] . '\'', false, true); } else { $db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($result['databasename']) . '`@`%`', false, true); $db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\\_', $db_root->escape($result['databasename'])) . '` . * FROM `' . $db_root->escape($result['databasename']) . '`@`%`', false, true); $db_root->query('DELETE FROM `mysql`.`user` WHERE `User` = "' . $db_root->escape($result['databasename']) . '" AND `Host` = "%"', false, true); } $db_root->query('FLUSH PRIVILEGES'); $db_root->close(); if ($password != '') { // validate password $password = validatePassword($password); $access_result = $db->query_first('SELECT `allow_external_access` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int) $userinfo['customerid'] . '" AND `id`="' . (int) $id . '"'); // Begin root-session $db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], ''); foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) { $db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')'); } //if ($access_result['allow_external_access'] == '1' && $_POST['mysql_allow_external_access'] == '1') { if ($external_access_val == '1') { $db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`%` = PASSWORD(\'' . $db_root->escape($password) . '\')'); } $db_root->query('FLUSH PRIVILEGES'); $db_root->close(); // End root-session } // Update the Database description -- PH 2004-11-29 $log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'"); $databasedescription = validate($_POST['description'], 'description'); $db->query('UPDATE `' . TABLE_PANEL_DATABASES . '` SET `description`="' . $db->escape($databasedescription) . '", `allow_external_access`="' . $external_access_val . '" WHERE `customerid`="' . (int) $userinfo['customerid'] . '" AND `id`="' . (int) $id . '"'); redirectTo($filename, array('page' => $page, 's' => $s)); } else {
$sql_query = split_sql_file($sql_query, ';'); for ($i = 0; $i < sizeof($sql_query); ++$i) { if (trim($sql_query[$i]) != '') { $result = $db->query($sql_query[$i]); } } status_message('green', 'OK'); status_message('begin', 'System Servername...'); if (validate_ip($_SERVER['SERVER_NAME'], true) !== false) { status_message('red', $lng['install']['servername_should_be_fqdn']); } else { status_message('green', 'OK'); } //now let's change the settings in our settings-table status_message('begin', $lng['install']['changing_data']); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = 'admin@" . $db->escape($servername) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'adminmail'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($serverip) . "' WHERE `settinggroup` = 'system' AND `varname` = 'ipaddress'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($servername) . "' WHERE `settinggroup` = 'system' AND `varname` = 'hostname'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($dbversion) . "' WHERE `settinggroup` = 'system' AND `varname` = 'dbversion'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($languages[$language]) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'standardlanguage'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($mysql_access_host) . "' WHERE `settinggroup` = 'system' AND `varname` = 'mysql_access_host'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($webserver) . "' WHERE `settinggroup` = 'system' AND `varname` = 'webserver'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($webserver) . "' WHERE `settinggroup` = 'system' AND `varname` = 'webserver'"); //FIXME $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($httpuser) . "' WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($httpgroup) . "' WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'"); if ($webserver == 'apache2') { $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/apache2/sites-enabled/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_vhost'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/apache2/sites-enabled/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_diroptions'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/apache2/syscp-htpasswd/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_htpasswddir'"); $db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/init.d/apache2 reload' WHERE `settinggroup` = 'system' AND `varname` = 'apachereload_command'");
if ($oDB->in_table('tweets', 'tweet_id=' . $tweet_id)) { continue; } // Gather tweet data from the JSON object // $oDB->escape() escapes ' and " characters, and blocks characters that // could be used in a SQL injection attempt if (isset($tweet_object->retweeted_status)) { // This is a retweet // Use the original tweet's entities, they are more complete $entities = $tweet_object->retweeted_status->entities; $is_rt = 1; } else { $entities = $tweet_object->entities; $is_rt = 0; } $tweet_text = $oDB->escape($tweet_object->text); $created_at = $oDB->date($tweet_object->created_at); if (isset($tweet_object->geo)) { $geo_lat = $tweet_object->geo->coordinates[0]; $geo_long = $tweet_object->geo->coordinates[1]; } else { $geo_lat = $geo_long = 0; } $user_object = $tweet_object->user; $user_id = $user_object->id_str; $screen_name = $oDB->escape($user_object->screen_name); $name = $oDB->escape($user_object->name); $profile_image_url = $user_object->profile_image_url; // Add a new user row or update an existing one $field_values = 'screen_name = "' . $screen_name . '", ' . 'profile_image_url = "' . $profile_image_url . '", ' . 'user_id = ' . $user_id . ', ' . 'name = "' . $name . '", ' . 'location = "' . $oDB->escape($user_object->location) . '", ' . 'url = "' . $user_object->url . '", ' . 'description = "' . $oDB->escape($user_object->description) . '", ' . 'created_at = "' . $oDB->date($user_object->created_at) . '", ' . 'followers_count = ' . $user_object->followers_count . ', ' . 'friends_count = ' . $user_object->friends_count . ', ' . 'statuses_count = ' . $user_object->statuses_count . ', ' . 'time_zone = "' . $user_object->time_zone . '", ' . 'last_update = "' . $oDB->date($tweet_object->created_at) . '"'; if ($oDB->in_table('users', 'user_id="' . $user_id . '"')) {
if ($str != null) { $str .= 'AND'; } $str .= " Silnik.pojemnosc = '" . db::escape($_POST['Silnik_pojemnosc']) . "' "; } if ($_POST['Silnik_zasilanie'] != -1) { if ($str != null) { $str .= 'AND'; } $str .= " Silnik.zasilanie = '" . db::escape($_POST['Silnik_zasilanie']) . "' "; } if ($_POST['Silnik_moc'] != -1) { if ($str != null) { $str .= 'AND'; } $str .= " Silnik.moc = '" . db::escape($_POST['Silnik_moc']) . "' "; } if ($str != null) { $str = ' WHERE ' . $str; } //echo $str."<BR>"; $rows = db::query('SELECT ID_samochodu FROM Samochod ' . $innerjoin . ' ' . $str . ' ORDER BY ID_uzytkownika;'); $i = 0; foreach ($rows as $row) { //print_r($row); echo "<BR>"; echo "<article id='wrapper_{$i}'>\n\t\t\t\t\t<iframe id='content_iframe_{$i}' name='content_iframe'\n\t\t\t\t\t\tsrc='myCars.php?ID_samochodu=" . $row['ID_samochodu'] . "' onLoad='resizeUpdate({$i})'>\n\t\t\t\t\t</iframe>\n\t\t\t\t</article>"; $i = $i + 1; } break; } ?>
$connection->request('GET', $connection->url('1.1/direct_messages/sent'), array('include_entities' => 'false', 'count' => 100, 'max_id' => $max_id)); } if ($connection->response['response'] == '[]') { break; } if ($connection->response['code'] != 200) { break; } $results = json_decode($connection->response['response']); foreach ($results as $dm) { $dm_id = $dm->id; $max_id = $dm_id; if ($db->in_table('dms', "dm_id={$dm_id}")) { continue; } $dm_text = $db->escape($dm->text); $created_at = $db->date($dm->created_at); $sender_user_id = $dm->sender->id; $recipient_user_id = $dm->recipient->id; $db->insert('dms', "dm_id={$dm_id},dm_text='{$dm_text}',created_at='{$created_at}',\r\n\t\t\tsender_user_id={$sender_user_id},recipient_user_id={$recipient_user_id},sent=1"); $screen_name = $db->escape($dm->recipient->screen_name); $name = $db->escape($dm->recipient->name); $location = $db->escape($dm->recipient->location); $description = $db->escape($dm->recipient->description); $url = $db->escape($dm->recipient->url); $profile_image_url = $db->escape($dm->recipient->profile_image_url); $created_at = $dm->recipient->created_at; $friends_count = $dm->recipient->friends_count; $followers_count = $dm->recipient->followers_count; $statuses_count = $dm->recipient->statuses_count; $listed_count = $dm->recipient->listed_count;
$end_date = htmlspecialchars($_GET['end_date'], ENT_QUOTES); if ($end_date != '0000-00-00') { $where .= ' AND tweets.created_at <= "' . $db->date($end_date) . '"'; } if (isset($_GET['prev'])) { $page = intval($_GET['page']) - 1; if ($page < 0) { $page = 0; } } elseif (isset($_GET['next'])) { $page = intval($_GET['page']) + 1; } else { $page = 0; } // Save the screen name of the user being reported on $partner = $db->escape(htmlspecialchars($_GET['partner'], ENT_QUOTES)); } else { $start_date = '0000-00-00'; $end_date = '0000-00-00'; $page = 0; $partner = ''; } require 'page_top.html'; print '<h2>Engagement Conversation</h2>'; print "<form action='tweet_conversation.php' method='get'>"; print "Start Date: <input type='text' name='start_date' value='{$start_date}'>"; print "End Date: <input type='text' name='end_date' value='{$end_date}'><br/>"; print "Conversation Partner: <input type='text' name='partner' value='{$partner}' size='20'>"; print "<input type='hidden' name='page' value={$page}>"; print '<button type="submit" name="submit" value=1>Search</button>'; print '<button type="submit" name="prev" value=1>< Prev</button>';
$databases_list[] = strtolower($databases_list_row['Database']); } while ($row_database = $db->fetch_array($databases)) { if ($last_dbserver != $row_database['dbserver']) { $db_root->close(); $db_root = new db($sql_root[$row_database['dbserver']]['host'], $sql_root[$row_database['dbserver']]['user'], $sql_root[$row_database['dbserver']]['password'], ''); unset($db_root->password); $last_dbserver = $row_database['dbserver']; $database_list = array(); $databases_list_result = $db_root->query('show databases'); while ($databases_list_row = $db->fetch_array($databases_list_result)) { $databases_list[] = strtolower($databases_list_row['Database']); } } if (in_array(strtolower($row_database['databasename']), $databases_list)) { $mysql_usage_result = $db_root->query('SHOW TABLE STATUS FROM `' . $db_root->escape($row_database['databasename']) . '`'); while ($mysql_usage_row = $db_root->fetch_array($mysql_usage_result)) { if (!isset($mysqlusage_all[$row_database['customerid']])) { $mysqlusage_all[$row_database['customerid']] = 0; } $mysqlusage_all[$row_database['customerid']] += floatval($mysql_usage_row['Data_length'] + $mysql_usage_row['Index_length']); } } else { echo 'Seems like the database ' . $row_database['databasename'] . " had been removed manually.\n"; } } $db_root->close(); $result = $db->query('SELECT * FROM `' . TABLE_PANEL_CUSTOMERS . '` ORDER BY `customerid` ASC'); while ($row = $db->fetch_array($result)) { /* * HTTP-Traffic
/** * This file is part of the SysCP project. * Copyright (c) 2003-2009 the SysCP Team (see authors). * * For the full copyright and license information, please view the COPYING * file that was distributed with this source code. You can also view the * COPYING file online at http://files.syscp.org/misc/COPYING.txt * * @copyright (c) the authors * @author Florian Lippert <*****@*****.**> * @license GPLv2 http://files.syscp.org/misc/COPYING.txt * @package Functions * @version $Id$ */ function correctMysqlUsers($mysql_access_host_array) { global $db, $settings, $sql, $sql_root; foreach ($sql_root as $mysql_server => $mysql_server_details) { $db_root = new db($mysql_server_details['host'], $mysql_server_details['user'], $mysql_server_details['password'], ''); unset($db_root->password); $users = array(); $users_result = $db_root->query('SELECT * FROM `mysql`.`user`'); while ($users_row = $db_root->fetch_array($users_result)) { if (!isset($users[$users_row['User']]) || !is_array($users[$users_row['User']])) { $users[$users_row['User']] = array('password' => $users_row['Password'], 'hosts' => array()); } $users[$users_row['User']]['hosts'][] = $users_row['Host']; } $databases = array($sql['db']); $databases_result = $db->query('SELECT * FROM `' . TABLE_PANEL_DATABASES . '` WHERE `dbserver` = \'' . $mysql_server . '\''); while ($databases_row = $db->fetch_array($databases_result)) { $databases[] = $databases_row['databasename']; } foreach ($databases as $username) { if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) { $password = $users[$username]['password']; foreach ($mysql_access_host_array as $mysql_access_host) { $mysql_access_host = trim($mysql_access_host); if (!in_array($mysql_access_host, $users[$username]['hosts'])) { $db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\\_', $db_root->escape($username)) . '`.* TO `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` IDENTIFIED BY \'password\''); $db_root->query('SET PASSWORD FOR `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` = \'' . $db_root->escape($password) . '\''); } } foreach ($users[$username]['hosts'] as $mysql_access_host) { if (!in_array($mysql_access_host, $mysql_access_host_array)) { $db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '`'); $db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\\_', $db_root->escape($username)) . '` . * FROM `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '`'); $db_root->query('DELETE FROM `mysql`.`user` WHERE `User` = "' . $db_root->escape($username) . '" AND `Host` = "' . $db_root->escape($mysql_access_host) . '"'); } } } } $db_root->query('FLUSH PRIVILEGES'); $db_root->close(); unset($db_root); } }
function findCampaignCreative($campaign_id) { $s_campaign = db::escape($campaign_id); $row = db::getRow("SELECT * FROM prosper_master.creatives\n WHERE campaign_id='{$s_campaign}' LIMIT 1"); return $row['creative_id']; }
require './xtracks-app/bootstrap.php'; require './xtracks-app/install/sys-install.php'; $run_install = false; $domain = Auth::getDomain(); if (!isset($_SESSION['subdomain_granted'])) { forward("/new-subdomain.php"); exit; } // Bail out if this page is accessed directly. if (!isset($_SESSION['login_user'])) { forward("/xtracks-login.php"); exit; } if (!isset($_GET['action'])) { $subdomain = $_SESSION['subdomain_granted']; $s_subdomain = db::escape($subdomain); // Check if we have something running already. $row = db::getRow("select id, status from prosper_master.install_jobs\n where subdomain='{$s_subdomain}'"); if ($row) { $install_id = $row['id']; } else { db::execute("insert into prosper_master.install_jobs\n (subdomain) VALUES ('{$s_subdomain}')"); $install_id = mysql_insert_id(db::$db_write); } $run_install = true; } if (isset($_GET['action']) && $_GET['action'] == 'check') { $install_id = (int) $_GET['install']; $row = db::getRow('select * from prosper_master.install_jobs where id=' . (int) $install_id); echo json_encode(array('status' => $row['status'], 'auth' => $_SESSION['authtoken']));
function getAvailableOnCallRangesForUser($username) { $username = db::escape($username); $query = "SELECT DISTINCT(range_start), range_end FROM oncall_weekly where contact = '{$username}' order by range_start ASC;"; $results = db::query($query); return db::fetch_all($results); }
break; } $tweets_found = 0; $results = json_decode($connection->response['response']); $tweets = $results->statuses; foreach ($tweets as $tweet) { ++$tweets_found; $tweet_id = $tweet->id; $max_id = $tweet_id; if ($search_since_id == 0) { $search_since_id = $tweet_id; } if ($db->in_table('tweets', "tweet_id={$tweet_id}")) { continue; } $tweet_text = $db->escape($tweet->text); $tweet_created_at = $db->date($tweet->created_at); $retweet_count = $tweet->retweet_count; $user_id = $tweet->user->id; if (isset($tweet->retweeted_status)) { $is_rt = 1; $tweet_text = $db->escape($tweet->retweeted_status->text); $retweet_count = 0; $retweet_user_id = $tweet->retweeted_status->user->id; $entities = $tweet->retweeted_status->entities; } else { $is_rt = 0; $entities = $tweet->entities; } $db->insert('tweets', "tweet_id={$tweet_id},tweet_text='{$tweet_text}',created_at='{$tweet_created_at}',\r\n\t\t\tuser_id={$user_id},is_rt={$is_rt},retweet_count={$retweet_count}"); if ($is_rt) {
++b.index; } </script> <?php //Kamnil Cukrowski // ------------- pobierz samochody ------------------ //db::setDebug(10); $order = ' ORDER BY ID_samochodu DESC;'; if (isset($_GET['ID_uzytkownika'])) { // wyświetlamy wszystki samochodu tego użytkownika $cars = db::query('select * from Samochod where ID_uzytkownika = "' . db::escape($_GET['ID_uzytkownika']) . '"' . $order); } elseif (isset($_GET['ID_samochodu'])) { // wyswietlamy tylko ten samochod $cars = db::query('select * from Samochod where ID_samochodu = "' . db::escape($_GET['ID_samochodu']) . '"' . $order); } else { // wyswietlamy samochodu zalogowanego uzytkownika $cars = db::query('select * from Samochod where ID_uzytkownika = "' . $user->getID() . '"' . $order); } // ------------------------- petla po samochodach ---------------------- foreach ($cars as $car) { $pics = db::query('select * from Zdjecie where ID_samochodu = ' . $car['ID_samochodu']); $uzytkownik = db::query('select * from Uzytkownik where ID_uzytkownika = ' . $car['ID_uzytkownika'])[0]; $wersja = db::query('select * from Wersja where ID_wersji = ' . $car['ID_wersji'])[0]; $model = db::query('select * from Model where ID_modelu = ' . $wersja['ID_modelu'])[0]; $marka = db::query('select * from Marka where ID_marki = ' . $model['ID_marki'])[0]; $silnik = db::query('select * from Silnik where ID_silnika = ' . $car['ID_silnika'])[0]; // dodajemy do tablicy bc wszsystkie informacje do javascriptu echo "<script type='text/javascript'> \n" . "\tba.push({ID_samochodu:" . $car['ID_samochodu'] . ",index:1,pics:" . json_encode($pics) . "}); \n" . "</script> \n"; // ----------- cale wyswietlanie ponizej ------------
/** * Build the having part of the query * @return string */ private function build_having_string() { $string = ''; if (!empty($this->havings)) { $tmp = array_shift($this->havings); $string .= ' HAVING ' . $tmp['column'] . ' ' . $tmp['comparison'] . ' ' . db::QUOTE . $this->db->escape($tmp['having']) . db::QUOTE; } foreach ($this->havings as $h) { $string .= ' ' . $h['comparison_type'] . ' ' . $h['column'] . ' ' . $h['comparison'] . ' ' . db::QUOTE . $this->db->escape($h['having']) . db::QUOTE; } return $string; }
/** * An easy method to build a part of the where clause to find stuff by its first character * * @param string $field The name of the field * @param string $char The character to search for * @return string Returns the where clause part */ static function with($field, $char) { return 'LOWER(SUBSTRING(' . $field . ',1,1)) = "' . db::escape($char) . '"'; }
<?php include_once 'phplib/base.php'; if (!db::connect()) { echo "Database connection failed, cannot continue. "; } else { $timestamp = time(); $username = getUsername(); $range_start = db::escape($_POST['range_start']); $range_end = db::escape($_POST['range_end']); $report_id = generateMeetingNotesID($range_start, $range_end); $notes = db::escape($_POST['weeklynotes']); $query = "INSERT INTO meeting_notes (report_id, range_start, range_end, timestamp, user, notes) VALUES ('{$report_id}', '{$range_start}', '{$range_end}', '{$timestamp}', '{$username}', '{$notes}')"; if (!db::query($query)) { echo "Database update failed, error: " . db::error(); } else { Header("Location: {$ROOT_URL}/index.php?meeting_done=hellyeah"); } }
/** * Handles saving updates from the product editor * * Saves all product related information which includes core product data * and supporting elements such as images, digital downloads, tags, * assigned categories, specs and pricing variations. * * @author Jonathan Davis * @since 1.0 * * @param Product $Product * @return void **/ public function save(ShoppProduct $Product) { check_admin_referer('shopp-save-product'); if (!current_user_can('shopp_products')) { wp_die(__('You do not have sufficient permissions to access this page.')); } ShoppSettings()->saveform(); // Save workflow setting $status = $Product->status; // Set publish date if ('publish' == $_POST['status']) { $publishing = isset($_POST['publish']) ? $_POST['publish'] : array(); $fields = array('month' => '', 'date' => '', 'year' => '', 'hour' => '', 'minute' => '', 'meridiem' => ''); $publishdate = join('', array_merge($fields, $publishing)); if (!empty($publishdate)) { $publish =& $_POST['publish']; if ($publish['meridiem'] == "PM" && $publish['hour'] < 12) { $publish['hour'] += 12; } $publish = mktime($publish['hour'], $publish['minute'], 0, $publish['month'], $publish['date'], $publish['year']); $Product->status = 'future'; unset($_POST['status']); } else { unset($_POST['publish']); // Auto set the publish date if not set (or more accurately, if set to an irrelevant timestamp) if ($Product->publish <= 86400) { $Product->publish = null; } } } else { unset($_POST['publish']); $Product->publish = 0; } // Set a unique product slug if (empty($Product->slug)) { $Product->slug = sanitize_title($_POST['name']); } $Product->slug = wp_unique_post_slug($Product->slug, $Product->id, $Product->status, ShoppProduct::posttype(), 0); $Product->featured = 'off'; if (isset($_POST['content'])) { $_POST['description'] = $_POST['content']; } $Product->updates($_POST, array('meta', 'categories', 'prices', 'tags')); do_action('shopp_pre_product_save'); $Product->save(); // Remove deleted images if (!empty($_POST['deleteImages'])) { $deletes = array(); if (strpos($_POST['deleteImages'], ",") !== false) { $deletes = explode(',', $_POST['deleteImages']); } else { $deletes = array($_POST['deleteImages']); } $Product->delete_images($deletes); } // Update image data if (!empty($_POST['images']) && is_array($_POST['images'])) { $Product->link_images($_POST['images']); $Product->save_imageorder($_POST['images']); if (!empty($_POST['imagedetails'])) { $Product->update_images($_POST['imagedetails']); } } // Update Prices if (!empty($_POST['price']) && is_array($_POST['price'])) { // Delete prices that were marked for removal if (!empty($_POST['deletePrices'])) { $deletes = array(); if (strpos($_POST['deletePrices'], ",")) { $deletes = explode(',', $_POST['deletePrices']); } else { $deletes = array($_POST['deletePrices']); } foreach ($deletes as $option) { $Price = new ShoppPrice($option); $Price->delete(); } } $Product->resum(); // Save prices that there are updates for foreach ($_POST['price'] as $i => $priceline) { if (empty($priceline['id'])) { $Price = new ShoppPrice(); $priceline['product'] = $Product->id; } else { $Price = new ShoppPrice($priceline['id']); } $priceline['sortorder'] = array_search($i, $_POST['sortorder']) + 1; $priceline['shipfee'] = Shopp::floatval($priceline['shipfee']); if (isset($priceline['recurring']['trialprice'])) { $priceline['recurring']['trialprice'] = Shopp::floatval($priceline['recurring']['trialprice']); } if ($Price->stock != $priceline['stocked']) { $priceline['stock'] = (int) $priceline['stocked']; do_action('shopp_stock_product', $priceline['stock'], $Price, $Price->stock, $Price->stocklevel); } else { unset($priceline['stocked']); } $Price->updates($priceline); $Price->save(); // Save 'price' meta records after saving the price record if (isset($priceline['dimensions']) && is_array($priceline['dimensions'])) { $priceline['dimensions'] = array_map(array('Shopp', 'floatval'), $priceline['dimensions']); } $settings = array('donation', 'recurring', 'membership', 'dimensions'); $priceline['settings'] = array(); foreach ($settings as $setting) { if (!isset($priceline[$setting])) { continue; } $priceline['settings'][$setting] = $priceline[$setting]; } if (!empty($priceline['settings'])) { shopp_set_meta($Price->id, 'price', 'settings', $priceline['settings']); } if (!empty($priceline['options'])) { shopp_set_meta($Price->id, 'price', 'options', $priceline['options']); } $Product->sumprice($Price); if (!empty($priceline['download'])) { $Price->attach_download($priceline['download']); } if (!empty($priceline['downloadpath'])) { // Attach file specified by URI/path if (!empty($Price->download->id) || empty($Price->download) && $Price->load_download()) { $File = $Price->download; } else { $File = new ProductDownload(); } $stored = false; $tmpfile = sanitize_path($priceline['downloadpath']); $File->storage = false; $Engine = $File->engine(); // Set engine from storage settings $File->parent = $Price->id; $File->context = "price"; $File->type = "download"; $File->name = !empty($priceline['downloadfile']) ? $priceline['downloadfile'] : basename($tmpfile); $File->filename = $File->name; if ($File->found($tmpfile)) { $File->uri = $tmpfile; $stored = true; } else { $stored = $File->store($tmpfile, 'file'); } if ($stored) { $File->readmeta(); $File->save(); } } // END attach file by path/uri } // END foreach() unset($Price); } // END if (!empty($_POST['price'])) $Product->load_sold($Product->id); // Refresh accurate product sales stats $Product->sumup(); // Update taxonomies after pricing summary is generated // Summary table entry is needed for ProductTaxonomy::recount() to // count properly based on aggregate product inventory, see #2968 foreach (get_object_taxonomies(Product::$posttype) as $taxonomy) { $tags = ''; $taxonomy_obj = get_taxonomy($taxonomy); if (isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy])) { $tags = $_POST['tax_input'][$taxonomy]; if (is_array($tags)) { // array = hierarchical, string = non-hierarchical. $tags = array_filter($tags); } } if (current_user_can($taxonomy_obj->cap->assign_terms)) { wp_set_post_terms($Product->id, $tags, $taxonomy); } } // Ensure taxonomy counts are updated on status changes, see #2968 if ($status != $_POST['status']) { $Post = new StdClass(); $Post->ID = $Product->id; $Post->post_type = ShoppProduct::$posttype; wp_transition_post_status($_POST['status'], $Product->status, $Post); } if (!empty($_POST['meta']['options'])) { $_POST['meta']['options'] = stripslashes_deep($_POST['meta']['options']); } else { $_POST['meta']['options'] = false; } // No variation options at all, delete all variation-pricelines if (!empty($Product->prices) && is_array($Product->prices) && (empty($_POST['meta']['options']['v']) || empty($_POST['meta']['options']['a']))) { foreach ($Product->prices as $priceline) { // Skip if not tied to variation options if ($priceline->optionkey == 0) { continue; } if (empty($_POST['meta']['options']['v']) && $priceline->context == "variation" || empty($_POST['meta']['options']['a']) && $priceline->context == "addon") { $Price = new ShoppPrice($priceline->id); $Price->delete(); } } } // Handle product spec/detail data if (!empty($_POST['details']) || !empty($_POST['deletedSpecs'])) { // Delete specs queued for removal $ids = array(); $deletes = array(); if (!empty($_POST['deletedSpecs'])) { if (strpos($_POST['deleteImages'], ",") !== false) { $deletes = explode(',', $_POST['deleteImages']); } else { $deletes = array($_POST['deletedSpecs']); } $ids = db::escape($_POST['deletedSpecs']); $Spec = new Spec(); db::query("DELETE FROM {$Spec->_table} WHERE id IN ({$ids})"); } if (is_array($_POST['details'])) { foreach ($_POST['details'] as $i => $spec) { if (in_array($spec['id'], $deletes)) { continue; } if (isset($spec['new'])) { $Spec = new Spec(); $spec['id'] = ''; $spec['parent'] = $Product->id; } else { $Spec = new Spec($spec['id']); } $spec['sortorder'] = array_search($i, $_POST['details-sortorder']) + 1; $Spec->updates($spec); $Spec->save(); } } } // Save any meta data if (isset($_POST['meta']) && is_array($_POST['meta'])) { foreach ($_POST['meta'] as $name => $value) { if (isset($Product->meta[$name])) { $Meta = $Product->meta[$name]; if (is_array($Meta)) { $Meta = reset($Product->meta[$name]); } } else { $Meta = new ShoppMetaObject(array('parent' => $Product->id, 'context' => 'product', 'type' => 'meta', 'name' => $name)); } $Meta->parent = $Product->id; $Meta->name = $name; $Meta->value = $value; $Meta->save(); } } $Product->load_data(); // Reload data so everything is fresh for shopp_product_saved do_action_ref_array('shopp_product_saved', array(&$Product)); unset($Product); }
public static function push_unsubscribe($subject, $term, $device_id, $device_type) { $subjectId = self::get_subject_id($subject); $term = db::escape($term); $device_id = db::escape($device_id); $device_type = db::escape($device_type); db::$connection->query("DELETE FROM MyStellarSubscription WHERE " . " subject_id='$subjectId' AND term='$term' " . " AND device_id=$device_id AND device_type='{$device_type}'"); }