/**
* Send key to db
*/
public function send_key_to_db()
{
if (!self::$flag_key_sent_to_db) {
$db = new db($this->db_link);
// todo: disable logging in db
$db->query("SELECT set_config('sm.numbers.crypt.key', '" . $db->escape($this->key) . "', false)");
$db->query("SELECT set_config('sm.numbers.crypt.options', '" . $db->escape($this->cipher) . "', false)");
// todo: enable logging in db
self::$flag_key_sent_to_db = true;
}
return true;
}
public function __set($name, $value)
{
$s_name = db::escape($name);
$s_val = db::escape($value);
$s_uid = db::escape($this->_uid);
return db::execute("REPLACE INTO 202_config (var_name, var_value, user_id)\n VALUES ('{$s_name}', '{$s_val}', '{$s_uid}')");
}
/**
* Deletes a card
*
* @param mixed $addressBookId
* @param string $cardUri
* @return bool
*/
function deleteCard($addressBookId, $cardUri)
{
debug_log("deleteContactObject( {$addressBookId} , {$cardUri} )");
if (!$this->user->rights->societe->contact->supprimer) {
return false;
}
if (strpos($cardUri, '-ct-') > 0) {
$contactid = $cardUri * 1;
// cardUri starts with contact id
} else {
$sql .= "SELECT `fk_object` FROM " . MAIN_DB_PREFIX . "socpeople_cdav\n\t\t\t\t\tWHERE `uuidext`= '" . $this->db->escape($cardUri) . "'";
// cardUri comes from external apps
$result = $this->db->query($sql);
if ($result !== false && ($row = $this->db->fetch_array($result)) !== false) {
$contactid = $row['fk_object'] * 1;
} else {
return false;
}
// not found
}
$sql = "UPDATE " . MAIN_DB_PREFIX . "socpeople SET ";
$sql .= " statut = 0, tms = NOW(), fk_user_modif = " . $this->user->id;
$sql .= " WHERE rowid = " . $contactid;
$res = $this->db->query($sql);
return true;
}
public static function update_visitor_log($uid, $force_update = false)
{
$http_referer = session::$db->escape(session::get_http_referer());
$user_agent = session::$db->escape(session::get_user_agent());
$ip_address = session::$db->escape(get_ip_address());
if (!($forum_fid = get_forum_fid())) {
$forum_fid = 0;
}
$current_datetime = date(MYSQL_DATETIME, time());
$uid = is_numeric($uid) && $uid > 0 ? session::$db->escape($uid) : 'NULL';
if (!($search_id = session::is_search_engine())) {
$search_id = 'NULL';
}
if (!$force_update) {
$sql = "SELECT UNIX_TIMESTAMP(MAX(LAST_LOGON)) FROM VISITOR_LOG WHERE FORUM = {$forum_fid} ";
$sql .= "AND ((UID = {$uid} AND {$uid} IS NOT NULL) OR (SID = {$search_id} AND {$search_id} IS NOT NULL) ";
$sql .= "OR (IPADDRESS = '{$ip_address}' AND {$uid} IS NULL AND {$search_id} IS NULL))";
if (!($result = session::$db->query($sql))) {
return false;
}
list($last_logon) = $result->fetch_row();
}
if (!isset($last_logon) || $last_logon < time() - HOUR_IN_SECONDS) {
$sql = "REPLACE INTO VISITOR_LOG (FORUM, UID, LAST_LOGON, IPADDRESS, REFERER, USER_AGENT, SID) ";
$sql .= "VALUES ('{$forum_fid}', {$uid}, CAST('{$current_datetime}' AS DATETIME), '{$ip_address}', ";
$sql .= "'{$http_referer}', '{$user_agent}', {$search_id})";
if (!session::$db->query($sql)) {
return false;
}
}
return true;
}
/**
* Returns condition code for sql query
*
* @param bool should returned condition code start with WHERE (false) or AND (true)?
* @return string the condition code
*/
function getSqlWhere($append = false)
{
if ($this->searchtext != '') {
if ($append == true) {
$condition = ' AND ';
} else {
$condition = ' WHERE ';
}
$searchfield = explode('.', $this->searchfield);
foreach ($searchfield as $id => $field) {
if (substr($field, -1, 1) != '`') {
$field .= '`';
}
if ($field[0] != '`') {
$field = '`' . $field;
}
$searchfield[$id] = $field;
}
$searchfield = implode('.', $searchfield);
$searchtext = str_replace('*', '%', $this->searchtext);
$condition .= $searchfield . ' LIKE "' . $this->db->escape($searchtext) . '" ';
} else {
$condition = '';
}
return $condition;
}
public function setCronLog($_cronlog = 0)
{
$_cronlog = (int) $_cronlog;
if ($_cronlog != 0 && $_cronlog != 1) {
$_cronlog = 0;
}
$this->db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` \n\t\t\t\t SET `value`='" . $this->db->escape($_cronlog) . "' \n\t\t\t\t WHERE `settinggroup`='logger' \n\t\t\t\t AND `varname`='log_cron'");
return true;
}
public function logAction($action = USR_ACTION, $type = LOG_NOTICE, $text = null)
{
if (parent::isEnabled()) {
if (parent::getSeverity() <= 1 && $type == LOG_NOTICE) {
return;
}
if (!isset($this->userinfo['loginname']) || $this->userinfo['loginname'] == '') {
$name = 'unknown';
} else {
$name = " (" . $this->userinfo['loginname'] . ")";
}
$now = time();
if ($text != null && $text != '') {
$this->db->query("INSERT INTO `panel_syslog` (`type`, `date`, `action`, `user`, `text`)\n VALUES ('" . (int) $type . "', '" . $now . "', '" . (int) $action . "', '" . $this->db->escape($name) . "', '" . $this->db->escape($text) . "')");
} else {
$this->db->query("INSERT INTO `panel_syslog` (`type`, `date`, `action`, `userid`, `text`)\n VALUES ('" . (int) $type . "', '" . $now . "', '" . (int) $action . "', '" . $this->db->escape($name) . "', 'No text given!!! Check scripts!')");
}
}
}
public function write($sessionId, $data)
{
if ($this->new) {
Db::query(sprintf("INSERT into system.sessions(id, data, expires, lifespan) VALUES('%s', '%s', %d, %d)", $sessionId, Db::escape($data), time() + $this->lifespan, $this->lifespan), 'main');
} else {
if ($_GET['no_extend'] == true) {
return true;
} else {
Db::query(sprintf("UPDATE system.sessions SET data = '%s', expires = %d WHERE id = '%s'", db::escape($data), time() + $this->lifespan, $sessionId), 'main');
}
}
return true;
}
/**
* Base sql request for contacts
*
* @return string
*/
protected function _getSqlContacts()
{
$sql = 'SELECT p.*, co.label country_label, GREATEST(s.tms, p.tms) lastupd, s.code_client soc_code_client, s.code_fournisseur soc_code_fournisseur,
s.nom soc_nom, s.address soc_address, s.zip soc_zip, s.town soc_town, cos.label soc_country_label, s.phone soc_phone, s.email soc_email,
s.client soc_client, s.fournisseur soc_fournisseur, s.note_private soc_note_private, s.note_public soc_note_public, cl.label category_label
FROM ' . MAIN_DB_PREFIX . 'socpeople as p
LEFT JOIN ' . MAIN_DB_PREFIX . 'c_country as co ON co.rowid = p.fk_pays
LEFT JOIN ' . MAIN_DB_PREFIX . 'societe as s ON s.rowid = p.fk_soc
LEFT JOIN ' . MAIN_DB_PREFIX . 'c_country as cos ON cos.rowid = s.fk_pays
LEFT JOIN ' . MAIN_DB_PREFIX . 'categorie_contact as cc ON cc.fk_socpeople = p.rowid
LEFT JOIN ' . MAIN_DB_PREFIX . 'categorie_lang as cl ON (cl.fk_category = cc.fk_categorie AND cl.lang=\'' . $this->db->escape($this->langs->defaultlang) . '\')
WHERE p.entity IN (' . getEntity('societe', 1) . ')
AND (p.priv=0 OR (p.priv=1 AND p.fk_user_creat=' . $this->user->id . '))';
return $sql;
}
/**
* Mail notifications.
*/
public function sendMail($customerid = -1, $template_subject = null, $default_subject = null, $template_body = null, $default_body = null)
{
global $mail;
// Some checks are to be made here in the future
if ($customerid != -1) {
// Get e-mail message for customer
$usr = $this->db->query_first('SELECT `name`, `firstname`, `email`
FROM `' . TABLE_PANEL_CUSTOMERS . '`
WHERE `customerid` = "' . (int) $customerid . '"');
$replace_arr = array('FIRSTNAME' => $usr['firstname'], 'NAME' => $usr['name'], 'SUBJECT' => $this->Get('subject', true));
} else {
$replace_arr = array('SUBJECT' => $this->Get('subject', true));
}
$result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
WHERE `adminid`=\'' . (int) $this->userinfo['adminid'] . '\'
AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\'
AND `templategroup`=\'mails\'
AND `varname`=\'' . $template_subject . '\'');
$mail_subject = html_entity_decode(replace_variables($result['value'] != '' ? $result['value'] : $default_subject, $replace_arr));
$result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
WHERE `adminid`=\'' . (int) $this->userinfo['adminid'] . '\'
AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\'
AND `templategroup`=\'mails\'
AND `varname`=\'' . $template_body . '\'');
$mail_body = html_entity_decode(replace_variables($result['value'] != '' ? $result['value'] : $default_body, $replace_arr));
if ($customerid != -1) {
$mail->From = $this->settings['ticket']['noreply_email'];
$mail->FromName = $this->settings['ticket']['noreply_name'];
$mail->Subject = $mail_subject;
$mail->Body = $mail_body;
$mail->AddAddress($usr['email'], $usr['firstname'] . ' ' . $usr['name']);
if (!$mail->Send()) {
standard_error(array('errorsendingmail', $usr['email']));
}
$mail->ClearAddresses();
} else {
$admin = $this->db->query_first('SELECT `email` FROM `' . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int) $this->userinfo['adminid'] . "'");
$mail->From = $this->settings['ticket']['noreply_email'];
$mail->FromName = $this->settings['ticket']['noreply_name'];
$mail->Subject = $mail_subject;
$mail->Body = $mail_body;
$mail->AddAddress($admin['email'], $admin['firstname'] . ' ' . $admin['name']);
if (!$mail->Send()) {
standard_error(array('errorsendingmail', $admin['email']));
}
$mail->ClearAddresses();
}
}
/**
* Updates an existing calendarobject, based on it's uri.
*
* The object uri is only the basename, or filename and not a full path.
*
* It is possible return an etag from this function, which will be used in
* the response to this PUT request. Note that the ETag must be surrounded
* by double-quotes.
*
* However, you should only really return this ETag if you don't mangle the
* calendar-data. If the result of a subsequent GET to this object is not
* the exact same as this request body, you should omit the ETag.
*
* @param mixed $calendarId
* @param string $objectUri
* @param string $calendarData
* @return string|null
*/
function updateCalendarObject($calendarId, $objectUri, $calendarData)
{
debug_log("updateCalendarObject( {$calendarId} , {$objectUri} )");
//Check right on $calendarId for current user
if (!in_array($calendarId, $this->_getCalendarsIdForUser())) {
// not authorized
return;
}
$calendarData = $this->_parseData($calendarData);
if (!$calendarData || empty($calendarData)) {
return;
}
$sql = "UPDATE " . MAIN_DB_PREFIX . "actioncomm \n\t\t\t\t\tSET\n\t\t\t\t\t\tlabel \t\t\t= '" . $this->db->escape($calendarData['label']) . "',\n\t\t\t\t\t\tdatep\t\t\t= '" . ($calendarData['fullday'] == 1 ? date('Y-m-d 00:00:00', $calendarData['start']) : date('Y-m-d H:i:s', $calendarData['start'])) . "',\n\t\t\t\t\t\tdatep2\t\t\t= '" . ($calendarData['fullday'] == 1 ? date('Y-m-d 23:59:59', $calendarData['end'] - 1) : date('Y-m-d H:i:s', $calendarData['end'])) . "',\n\t\t\t\t\t\tfulldayevent\t= " . (int) $calendarData['fullday'] . ",\n\t\t\t\t\t\tlocation \t\t= '" . $this->db->escape($calendarData['location']) . "',\n\t\t\t\t\t\tpriority \t\t= '" . $this->db->escape($calendarData['priority']) . "',\n\t\t\t\t\t\ttransparency \t= '" . $this->db->escape($calendarData['transparency']) . "',\n\t\t\t\t\t\tnote \t\t\t= '" . $this->db->escape($calendarData['note']) . "',\n\t\t\t\t\t\tpercent \t\t= " . (int) $calendarData['percent'] . ",\n\t\t\t\t\t\tfk_user_mod\t\t= '" . (int) $this->user->id . "',\n\t\t\t\t\t\tdurationp\t\t= " . ($calendarData['end'] - $calendarData['fullday'] - $calendarData['start']) . ",\n\t\t\t\t\t\ttms\t\t\t\t= NOW()\n\t\t\t\t\tWHERE id = " . (int) $calendarData['id'];
$this->db->query($sql);
return;
}
public static function importUser($affiliate_id, $install_db)
{
// Grab user from directtrack db.
//$s_addcode = db::escape($pub);
$user = db::getRow("select * from prosper_master.affiliates WHERE affiliate_id='{$affiliate_id}'");
//md5 the user pass with salt
$user_pass = salt_user_pass($_SESSION['login_pass']);
$mysql['user_pass'] = db::escape($user_pass);
//insert this user
$user_sql = " \tINSERT INTO {$install_db}.`202_users`\n\t\t\t\t\t \tSET\tuser_email='" . $user['email'] . "',\n\t\t\t\t\t \t\tuser_name='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t \t\taddCode='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_timezone='-5',\n\t\t\t\t\t \t\tuser_time_register=NOW()";
//die($user_sql);
$user_result = db::execute($user_sql);
$user_id = mysql_insert_id(db::$db_write);
$mysql['user_id'] = db::escape($user_id);
$mysql['affiliate_id'] = $user['affiliate_id'];
$md5token = md5(serialize($user) . uniqid());
$_SESSION['authtoken'] = $md5token;
db::execute("insert into prosper_master.login_tokens(affiliate_id, user_id, user_name, token)\n\t\t values ('" . $mysql['affiliate_id'] . "', '" . $mysql['user_id'] . "', '" . $user['addCode'] . "', '" . $md5token . "');");
//update user preference table
$user_sql = "INSERT INTO {$install_db}.`202_users_pref` SET user_id='" . $mysql['user_id'] . "'";
$user_result = db::execute($user_sql);
}
$db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`%` = \'' . $current_password['password'] . '\'', false, true);
} else {
$db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($result['databasename']) . '`@`%`', false, true);
$db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\\_', $db_root->escape($result['databasename'])) . '` . * FROM `' . $db_root->escape($result['databasename']) . '`@`%`', false, true);
$db_root->query('DELETE FROM `mysql`.`user` WHERE `User` = "' . $db_root->escape($result['databasename']) . '" AND `Host` = "%"', false, true);
}
$db_root->query('FLUSH PRIVILEGES');
$db_root->close();
if ($password != '') {
// validate password
$password = validatePassword($password);
$access_result = $db->query_first('SELECT `allow_external_access` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int) $userinfo['customerid'] . '" AND `id`="' . (int) $id . '"');
// Begin root-session
$db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], '');
foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) {
$db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')');
}
//if ($access_result['allow_external_access'] == '1' && $_POST['mysql_allow_external_access'] == '1') {
if ($external_access_val == '1') {
$db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`%` = PASSWORD(\'' . $db_root->escape($password) . '\')');
}
$db_root->query('FLUSH PRIVILEGES');
$db_root->close();
// End root-session
}
// Update the Database description -- PH 2004-11-29
$log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'");
$databasedescription = validate($_POST['description'], 'description');
$db->query('UPDATE `' . TABLE_PANEL_DATABASES . '` SET `description`="' . $db->escape($databasedescription) . '", `allow_external_access`="' . $external_access_val . '" WHERE `customerid`="' . (int) $userinfo['customerid'] . '" AND `id`="' . (int) $id . '"');
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$sql_query = split_sql_file($sql_query, ';');
for ($i = 0; $i < sizeof($sql_query); ++$i) {
if (trim($sql_query[$i]) != '') {
$result = $db->query($sql_query[$i]);
}
}
status_message('green', 'OK');
status_message('begin', 'System Servername...');
if (validate_ip($_SERVER['SERVER_NAME'], true) !== false) {
status_message('red', $lng['install']['servername_should_be_fqdn']);
} else {
status_message('green', 'OK');
}
//now let's change the settings in our settings-table
status_message('begin', $lng['install']['changing_data']);
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = 'admin@" . $db->escape($servername) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'adminmail'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($serverip) . "' WHERE `settinggroup` = 'system' AND `varname` = 'ipaddress'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($servername) . "' WHERE `settinggroup` = 'system' AND `varname` = 'hostname'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($dbversion) . "' WHERE `settinggroup` = 'system' AND `varname` = 'dbversion'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($languages[$language]) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'standardlanguage'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($mysql_access_host) . "' WHERE `settinggroup` = 'system' AND `varname` = 'mysql_access_host'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($webserver) . "' WHERE `settinggroup` = 'system' AND `varname` = 'webserver'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($webserver) . "' WHERE `settinggroup` = 'system' AND `varname` = 'webserver'");
//FIXME
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($httpuser) . "' WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($httpgroup) . "' WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'");
if ($webserver == 'apache2') {
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/apache2/sites-enabled/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_vhost'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/apache2/sites-enabled/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_diroptions'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/apache2/syscp-htpasswd/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_htpasswddir'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/init.d/apache2 reload' WHERE `settinggroup` = 'system' AND `varname` = 'apachereload_command'");
if ($oDB->in_table('tweets', 'tweet_id=' . $tweet_id)) {
continue;
}
// Gather tweet data from the JSON object
// $oDB->escape() escapes ' and " characters, and blocks characters that
// could be used in a SQL injection attempt
if (isset($tweet_object->retweeted_status)) {
// This is a retweet
// Use the original tweet's entities, they are more complete
$entities = $tweet_object->retweeted_status->entities;
$is_rt = 1;
} else {
$entities = $tweet_object->entities;
$is_rt = 0;
}
$tweet_text = $oDB->escape($tweet_object->text);
$created_at = $oDB->date($tweet_object->created_at);
if (isset($tweet_object->geo)) {
$geo_lat = $tweet_object->geo->coordinates[0];
$geo_long = $tweet_object->geo->coordinates[1];
} else {
$geo_lat = $geo_long = 0;
}
$user_object = $tweet_object->user;
$user_id = $user_object->id_str;
$screen_name = $oDB->escape($user_object->screen_name);
$name = $oDB->escape($user_object->name);
$profile_image_url = $user_object->profile_image_url;
// Add a new user row or update an existing one
$field_values = 'screen_name = "' . $screen_name . '", ' . 'profile_image_url = "' . $profile_image_url . '", ' . 'user_id = ' . $user_id . ', ' . 'name = "' . $name . '", ' . 'location = "' . $oDB->escape($user_object->location) . '", ' . 'url = "' . $user_object->url . '", ' . 'description = "' . $oDB->escape($user_object->description) . '", ' . 'created_at = "' . $oDB->date($user_object->created_at) . '", ' . 'followers_count = ' . $user_object->followers_count . ', ' . 'friends_count = ' . $user_object->friends_count . ', ' . 'statuses_count = ' . $user_object->statuses_count . ', ' . 'time_zone = "' . $user_object->time_zone . '", ' . 'last_update = "' . $oDB->date($tweet_object->created_at) . '"';
if ($oDB->in_table('users', 'user_id="' . $user_id . '"')) {
if ($str != null) {
$str .= 'AND';
}
$str .= " Silnik.pojemnosc = '" . db::escape($_POST['Silnik_pojemnosc']) . "' ";
}
if ($_POST['Silnik_zasilanie'] != -1) {
if ($str != null) {
$str .= 'AND';
}
$str .= " Silnik.zasilanie = '" . db::escape($_POST['Silnik_zasilanie']) . "' ";
}
if ($_POST['Silnik_moc'] != -1) {
if ($str != null) {
$str .= 'AND';
}
$str .= " Silnik.moc = '" . db::escape($_POST['Silnik_moc']) . "' ";
}
if ($str != null) {
$str = ' WHERE ' . $str;
}
//echo $str."<BR>";
$rows = db::query('SELECT ID_samochodu FROM Samochod ' . $innerjoin . ' ' . $str . ' ORDER BY ID_uzytkownika;');
$i = 0;
foreach ($rows as $row) {
//print_r($row); echo "<BR>";
echo "<article id='wrapper_{$i}'>\n\t\t\t\t\t<iframe id='content_iframe_{$i}' name='content_iframe'\n\t\t\t\t\t\tsrc='myCars.php?ID_samochodu=" . $row['ID_samochodu'] . "' onLoad='resizeUpdate({$i})'>\n\t\t\t\t\t</iframe>\n\t\t\t\t</article>";
$i = $i + 1;
}
break;
}
?>
$connection->request('GET', $connection->url('1.1/direct_messages/sent'), array('include_entities' => 'false', 'count' => 100, 'max_id' => $max_id));
}
if ($connection->response['response'] == '[]') {
break;
}
if ($connection->response['code'] != 200) {
break;
}
$results = json_decode($connection->response['response']);
foreach ($results as $dm) {
$dm_id = $dm->id;
$max_id = $dm_id;
if ($db->in_table('dms', "dm_id={$dm_id}")) {
continue;
}
$dm_text = $db->escape($dm->text);
$created_at = $db->date($dm->created_at);
$sender_user_id = $dm->sender->id;
$recipient_user_id = $dm->recipient->id;
$db->insert('dms', "dm_id={$dm_id},dm_text='{$dm_text}',created_at='{$created_at}',\r\n\t\t\tsender_user_id={$sender_user_id},recipient_user_id={$recipient_user_id},sent=1");
$screen_name = $db->escape($dm->recipient->screen_name);
$name = $db->escape($dm->recipient->name);
$location = $db->escape($dm->recipient->location);
$description = $db->escape($dm->recipient->description);
$url = $db->escape($dm->recipient->url);
$profile_image_url = $db->escape($dm->recipient->profile_image_url);
$created_at = $dm->recipient->created_at;
$friends_count = $dm->recipient->friends_count;
$followers_count = $dm->recipient->followers_count;
$statuses_count = $dm->recipient->statuses_count;
$listed_count = $dm->recipient->listed_count;
$end_date = htmlspecialchars($_GET['end_date'], ENT_QUOTES);
if ($end_date != '0000-00-00') {
$where .= ' AND tweets.created_at <= "' . $db->date($end_date) . '"';
}
if (isset($_GET['prev'])) {
$page = intval($_GET['page']) - 1;
if ($page < 0) {
$page = 0;
}
} elseif (isset($_GET['next'])) {
$page = intval($_GET['page']) + 1;
} else {
$page = 0;
}
// Save the screen name of the user being reported on
$partner = $db->escape(htmlspecialchars($_GET['partner'], ENT_QUOTES));
} else {
$start_date = '0000-00-00';
$end_date = '0000-00-00';
$page = 0;
$partner = '';
}
require 'page_top.html';
print '<h2>Engagement Conversation</h2>';
print "<form action='tweet_conversation.php' method='get'>";
print "Start Date: <input type='text' name='start_date' value='{$start_date}'>";
print "End Date: <input type='text' name='end_date' value='{$end_date}'><br/>";
print "Conversation Partner: <input type='text' name='partner' value='{$partner}' size='20'>";
print "<input type='hidden' name='page' value={$page}>";
print '<button type="submit" name="submit" value=1>Search</button>';
print '<button type="submit" name="prev" value=1>< Prev</button>';
$databases_list[] = strtolower($databases_list_row['Database']);
}
while ($row_database = $db->fetch_array($databases)) {
if ($last_dbserver != $row_database['dbserver']) {
$db_root->close();
$db_root = new db($sql_root[$row_database['dbserver']]['host'], $sql_root[$row_database['dbserver']]['user'], $sql_root[$row_database['dbserver']]['password'], '');
unset($db_root->password);
$last_dbserver = $row_database['dbserver'];
$database_list = array();
$databases_list_result = $db_root->query('show databases');
while ($databases_list_row = $db->fetch_array($databases_list_result)) {
$databases_list[] = strtolower($databases_list_row['Database']);
}
}
if (in_array(strtolower($row_database['databasename']), $databases_list)) {
$mysql_usage_result = $db_root->query('SHOW TABLE STATUS FROM `' . $db_root->escape($row_database['databasename']) . '`');
while ($mysql_usage_row = $db_root->fetch_array($mysql_usage_result)) {
if (!isset($mysqlusage_all[$row_database['customerid']])) {
$mysqlusage_all[$row_database['customerid']] = 0;
}
$mysqlusage_all[$row_database['customerid']] += floatval($mysql_usage_row['Data_length'] + $mysql_usage_row['Index_length']);
}
} else {
echo 'Seems like the database ' . $row_database['databasename'] . " had been removed manually.\n";
}
}
$db_root->close();
$result = $db->query('SELECT * FROM `' . TABLE_PANEL_CUSTOMERS . '` ORDER BY `customerid` ASC');
while ($row = $db->fetch_array($result)) {
/*
* HTTP-Traffic
/**
* This file is part of the SysCP project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.syscp.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <*****@*****.**>
* @license GPLv2 http://files.syscp.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
function correctMysqlUsers($mysql_access_host_array)
{
global $db, $settings, $sql, $sql_root;
foreach ($sql_root as $mysql_server => $mysql_server_details) {
$db_root = new db($mysql_server_details['host'], $mysql_server_details['user'], $mysql_server_details['password'], '');
unset($db_root->password);
$users = array();
$users_result = $db_root->query('SELECT * FROM `mysql`.`user`');
while ($users_row = $db_root->fetch_array($users_result)) {
if (!isset($users[$users_row['User']]) || !is_array($users[$users_row['User']])) {
$users[$users_row['User']] = array('password' => $users_row['Password'], 'hosts' => array());
}
$users[$users_row['User']]['hosts'][] = $users_row['Host'];
}
$databases = array($sql['db']);
$databases_result = $db->query('SELECT * FROM `' . TABLE_PANEL_DATABASES . '` WHERE `dbserver` = \'' . $mysql_server . '\'');
while ($databases_row = $db->fetch_array($databases_result)) {
$databases[] = $databases_row['databasename'];
}
foreach ($databases as $username) {
if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
$password = $users[$username]['password'];
foreach ($mysql_access_host_array as $mysql_access_host) {
$mysql_access_host = trim($mysql_access_host);
if (!in_array($mysql_access_host, $users[$username]['hosts'])) {
$db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\\_', $db_root->escape($username)) . '`.* TO `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` IDENTIFIED BY \'password\'');
$db_root->query('SET PASSWORD FOR `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` = \'' . $db_root->escape($password) . '\'');
}
}
foreach ($users[$username]['hosts'] as $mysql_access_host) {
if (!in_array($mysql_access_host, $mysql_access_host_array)) {
$db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '`');
$db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\\_', $db_root->escape($username)) . '` . * FROM `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '`');
$db_root->query('DELETE FROM `mysql`.`user` WHERE `User` = "' . $db_root->escape($username) . '" AND `Host` = "' . $db_root->escape($mysql_access_host) . '"');
}
}
}
}
$db_root->query('FLUSH PRIVILEGES');
$db_root->close();
unset($db_root);
}
}
function findCampaignCreative($campaign_id)
{
$s_campaign = db::escape($campaign_id);
$row = db::getRow("SELECT * FROM prosper_master.creatives\n WHERE campaign_id='{$s_campaign}' LIMIT 1");
return $row['creative_id'];
}
require './xtracks-app/bootstrap.php';
require './xtracks-app/install/sys-install.php';
$run_install = false;
$domain = Auth::getDomain();
if (!isset($_SESSION['subdomain_granted'])) {
forward("/new-subdomain.php");
exit;
}
// Bail out if this page is accessed directly.
if (!isset($_SESSION['login_user'])) {
forward("/xtracks-login.php");
exit;
}
if (!isset($_GET['action'])) {
$subdomain = $_SESSION['subdomain_granted'];
$s_subdomain = db::escape($subdomain);
// Check if we have something running already.
$row = db::getRow("select id, status from prosper_master.install_jobs\n where subdomain='{$s_subdomain}'");
if ($row) {
$install_id = $row['id'];
} else {
db::execute("insert into prosper_master.install_jobs\n (subdomain) VALUES ('{$s_subdomain}')");
$install_id = mysql_insert_id(db::$db_write);
}
$run_install = true;
}
if (isset($_GET['action']) && $_GET['action'] == 'check') {
$install_id = (int) $_GET['install'];
$row = db::getRow('select * from prosper_master.install_jobs
where id=' . (int) $install_id);
echo json_encode(array('status' => $row['status'], 'auth' => $_SESSION['authtoken']));
function getAvailableOnCallRangesForUser($username)
{
$username = db::escape($username);
$query = "SELECT DISTINCT(range_start), range_end FROM oncall_weekly where contact = '{$username}' order by range_start ASC;";
$results = db::query($query);
return db::fetch_all($results);
}
break;
}
$tweets_found = 0;
$results = json_decode($connection->response['response']);
$tweets = $results->statuses;
foreach ($tweets as $tweet) {
++$tweets_found;
$tweet_id = $tweet->id;
$max_id = $tweet_id;
if ($search_since_id == 0) {
$search_since_id = $tweet_id;
}
if ($db->in_table('tweets', "tweet_id={$tweet_id}")) {
continue;
}
$tweet_text = $db->escape($tweet->text);
$tweet_created_at = $db->date($tweet->created_at);
$retweet_count = $tweet->retweet_count;
$user_id = $tweet->user->id;
if (isset($tweet->retweeted_status)) {
$is_rt = 1;
$tweet_text = $db->escape($tweet->retweeted_status->text);
$retweet_count = 0;
$retweet_user_id = $tweet->retweeted_status->user->id;
$entities = $tweet->retweeted_status->entities;
} else {
$is_rt = 0;
$entities = $tweet->entities;
}
$db->insert('tweets', "tweet_id={$tweet_id},tweet_text='{$tweet_text}',created_at='{$tweet_created_at}',\r\n\t\t\tuser_id={$user_id},is_rt={$is_rt},retweet_count={$retweet_count}");
if ($is_rt) {
++b.index;
}
</script>
<?php
//Kamnil Cukrowski
// ------------- pobierz samochody ------------------
//db::setDebug(10);
$order = ' ORDER BY ID_samochodu DESC;';
if (isset($_GET['ID_uzytkownika'])) {
// wyświetlamy wszystki samochodu tego użytkownika
$cars = db::query('select * from Samochod where ID_uzytkownika = "' . db::escape($_GET['ID_uzytkownika']) . '"' . $order);
} elseif (isset($_GET['ID_samochodu'])) {
// wyswietlamy tylko ten samochod
$cars = db::query('select * from Samochod where ID_samochodu = "' . db::escape($_GET['ID_samochodu']) . '"' . $order);
} else {
// wyswietlamy samochodu zalogowanego uzytkownika
$cars = db::query('select * from Samochod where ID_uzytkownika = "' . $user->getID() . '"' . $order);
}
// ------------------------- petla po samochodach ----------------------
foreach ($cars as $car) {
$pics = db::query('select * from Zdjecie where ID_samochodu = ' . $car['ID_samochodu']);
$uzytkownik = db::query('select * from Uzytkownik where ID_uzytkownika = ' . $car['ID_uzytkownika'])[0];
$wersja = db::query('select * from Wersja where ID_wersji = ' . $car['ID_wersji'])[0];
$model = db::query('select * from Model where ID_modelu = ' . $wersja['ID_modelu'])[0];
$marka = db::query('select * from Marka where ID_marki = ' . $model['ID_marki'])[0];
$silnik = db::query('select * from Silnik where ID_silnika = ' . $car['ID_silnika'])[0];
// dodajemy do tablicy bc wszsystkie informacje do javascriptu
echo "<script type='text/javascript'> \n" . "\tba.push({ID_samochodu:" . $car['ID_samochodu'] . ",index:1,pics:" . json_encode($pics) . "}); \n" . "</script> \n";
// ----------- cale wyswietlanie ponizej ------------
/**
* Build the having part of the query
* @return string
*/
private function build_having_string()
{
$string = '';
if (!empty($this->havings)) {
$tmp = array_shift($this->havings);
$string .= ' HAVING ' . $tmp['column'] . ' ' . $tmp['comparison'] . ' ' . db::QUOTE . $this->db->escape($tmp['having']) . db::QUOTE;
}
foreach ($this->havings as $h) {
$string .= ' ' . $h['comparison_type'] . ' ' . $h['column'] . ' ' . $h['comparison'] . ' ' . db::QUOTE . $this->db->escape($h['having']) . db::QUOTE;
}
return $string;
}
/**
* An easy method to build a part of the where clause to find stuff by its first character
*
* @param string $field The name of the field
* @param string $char The character to search for
* @return string Returns the where clause part
*/
static function with($field, $char)
{
return 'LOWER(SUBSTRING(' . $field . ',1,1)) = "' . db::escape($char) . '"';
}
<?php
include_once 'phplib/base.php';
if (!db::connect()) {
echo "Database connection failed, cannot continue. ";
} else {
$timestamp = time();
$username = getUsername();
$range_start = db::escape($_POST['range_start']);
$range_end = db::escape($_POST['range_end']);
$report_id = generateMeetingNotesID($range_start, $range_end);
$notes = db::escape($_POST['weeklynotes']);
$query = "INSERT INTO meeting_notes (report_id, range_start, range_end, timestamp, user, notes) VALUES ('{$report_id}', '{$range_start}', '{$range_end}', '{$timestamp}', '{$username}', '{$notes}')";
if (!db::query($query)) {
echo "Database update failed, error: " . db::error();
} else {
Header("Location: {$ROOT_URL}/index.php?meeting_done=hellyeah");
}
}
/**
* Handles saving updates from the product editor
*
* Saves all product related information which includes core product data
* and supporting elements such as images, digital downloads, tags,
* assigned categories, specs and pricing variations.
*
* @author Jonathan Davis
* @since 1.0
*
* @param Product $Product
* @return void
**/
public function save(ShoppProduct $Product)
{
check_admin_referer('shopp-save-product');
if (!current_user_can('shopp_products')) {
wp_die(__('You do not have sufficient permissions to access this page.'));
}
ShoppSettings()->saveform();
// Save workflow setting
$status = $Product->status;
// Set publish date
if ('publish' == $_POST['status']) {
$publishing = isset($_POST['publish']) ? $_POST['publish'] : array();
$fields = array('month' => '', 'date' => '', 'year' => '', 'hour' => '', 'minute' => '', 'meridiem' => '');
$publishdate = join('', array_merge($fields, $publishing));
if (!empty($publishdate)) {
$publish =& $_POST['publish'];
if ($publish['meridiem'] == "PM" && $publish['hour'] < 12) {
$publish['hour'] += 12;
}
$publish = mktime($publish['hour'], $publish['minute'], 0, $publish['month'], $publish['date'], $publish['year']);
$Product->status = 'future';
unset($_POST['status']);
} else {
unset($_POST['publish']);
// Auto set the publish date if not set (or more accurately, if set to an irrelevant timestamp)
if ($Product->publish <= 86400) {
$Product->publish = null;
}
}
} else {
unset($_POST['publish']);
$Product->publish = 0;
}
// Set a unique product slug
if (empty($Product->slug)) {
$Product->slug = sanitize_title($_POST['name']);
}
$Product->slug = wp_unique_post_slug($Product->slug, $Product->id, $Product->status, ShoppProduct::posttype(), 0);
$Product->featured = 'off';
if (isset($_POST['content'])) {
$_POST['description'] = $_POST['content'];
}
$Product->updates($_POST, array('meta', 'categories', 'prices', 'tags'));
do_action('shopp_pre_product_save');
$Product->save();
// Remove deleted images
if (!empty($_POST['deleteImages'])) {
$deletes = array();
if (strpos($_POST['deleteImages'], ",") !== false) {
$deletes = explode(',', $_POST['deleteImages']);
} else {
$deletes = array($_POST['deleteImages']);
}
$Product->delete_images($deletes);
}
// Update image data
if (!empty($_POST['images']) && is_array($_POST['images'])) {
$Product->link_images($_POST['images']);
$Product->save_imageorder($_POST['images']);
if (!empty($_POST['imagedetails'])) {
$Product->update_images($_POST['imagedetails']);
}
}
// Update Prices
if (!empty($_POST['price']) && is_array($_POST['price'])) {
// Delete prices that were marked for removal
if (!empty($_POST['deletePrices'])) {
$deletes = array();
if (strpos($_POST['deletePrices'], ",")) {
$deletes = explode(',', $_POST['deletePrices']);
} else {
$deletes = array($_POST['deletePrices']);
}
foreach ($deletes as $option) {
$Price = new ShoppPrice($option);
$Price->delete();
}
}
$Product->resum();
// Save prices that there are updates for
foreach ($_POST['price'] as $i => $priceline) {
if (empty($priceline['id'])) {
$Price = new ShoppPrice();
$priceline['product'] = $Product->id;
} else {
$Price = new ShoppPrice($priceline['id']);
}
$priceline['sortorder'] = array_search($i, $_POST['sortorder']) + 1;
$priceline['shipfee'] = Shopp::floatval($priceline['shipfee']);
if (isset($priceline['recurring']['trialprice'])) {
$priceline['recurring']['trialprice'] = Shopp::floatval($priceline['recurring']['trialprice']);
}
if ($Price->stock != $priceline['stocked']) {
$priceline['stock'] = (int) $priceline['stocked'];
do_action('shopp_stock_product', $priceline['stock'], $Price, $Price->stock, $Price->stocklevel);
} else {
unset($priceline['stocked']);
}
$Price->updates($priceline);
$Price->save();
// Save 'price' meta records after saving the price record
if (isset($priceline['dimensions']) && is_array($priceline['dimensions'])) {
$priceline['dimensions'] = array_map(array('Shopp', 'floatval'), $priceline['dimensions']);
}
$settings = array('donation', 'recurring', 'membership', 'dimensions');
$priceline['settings'] = array();
foreach ($settings as $setting) {
if (!isset($priceline[$setting])) {
continue;
}
$priceline['settings'][$setting] = $priceline[$setting];
}
if (!empty($priceline['settings'])) {
shopp_set_meta($Price->id, 'price', 'settings', $priceline['settings']);
}
if (!empty($priceline['options'])) {
shopp_set_meta($Price->id, 'price', 'options', $priceline['options']);
}
$Product->sumprice($Price);
if (!empty($priceline['download'])) {
$Price->attach_download($priceline['download']);
}
if (!empty($priceline['downloadpath'])) {
// Attach file specified by URI/path
if (!empty($Price->download->id) || empty($Price->download) && $Price->load_download()) {
$File = $Price->download;
} else {
$File = new ProductDownload();
}
$stored = false;
$tmpfile = sanitize_path($priceline['downloadpath']);
$File->storage = false;
$Engine = $File->engine();
// Set engine from storage settings
$File->parent = $Price->id;
$File->context = "price";
$File->type = "download";
$File->name = !empty($priceline['downloadfile']) ? $priceline['downloadfile'] : basename($tmpfile);
$File->filename = $File->name;
if ($File->found($tmpfile)) {
$File->uri = $tmpfile;
$stored = true;
} else {
$stored = $File->store($tmpfile, 'file');
}
if ($stored) {
$File->readmeta();
$File->save();
}
}
// END attach file by path/uri
}
// END foreach()
unset($Price);
}
// END if (!empty($_POST['price']))
$Product->load_sold($Product->id);
// Refresh accurate product sales stats
$Product->sumup();
// Update taxonomies after pricing summary is generated
// Summary table entry is needed for ProductTaxonomy::recount() to
// count properly based on aggregate product inventory, see #2968
foreach (get_object_taxonomies(Product::$posttype) as $taxonomy) {
$tags = '';
$taxonomy_obj = get_taxonomy($taxonomy);
if (isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy])) {
$tags = $_POST['tax_input'][$taxonomy];
if (is_array($tags)) {
// array = hierarchical, string = non-hierarchical.
$tags = array_filter($tags);
}
}
if (current_user_can($taxonomy_obj->cap->assign_terms)) {
wp_set_post_terms($Product->id, $tags, $taxonomy);
}
}
// Ensure taxonomy counts are updated on status changes, see #2968
if ($status != $_POST['status']) {
$Post = new StdClass();
$Post->ID = $Product->id;
$Post->post_type = ShoppProduct::$posttype;
wp_transition_post_status($_POST['status'], $Product->status, $Post);
}
if (!empty($_POST['meta']['options'])) {
$_POST['meta']['options'] = stripslashes_deep($_POST['meta']['options']);
} else {
$_POST['meta']['options'] = false;
}
// No variation options at all, delete all variation-pricelines
if (!empty($Product->prices) && is_array($Product->prices) && (empty($_POST['meta']['options']['v']) || empty($_POST['meta']['options']['a']))) {
foreach ($Product->prices as $priceline) {
// Skip if not tied to variation options
if ($priceline->optionkey == 0) {
continue;
}
if (empty($_POST['meta']['options']['v']) && $priceline->context == "variation" || empty($_POST['meta']['options']['a']) && $priceline->context == "addon") {
$Price = new ShoppPrice($priceline->id);
$Price->delete();
}
}
}
// Handle product spec/detail data
if (!empty($_POST['details']) || !empty($_POST['deletedSpecs'])) {
// Delete specs queued for removal
$ids = array();
$deletes = array();
if (!empty($_POST['deletedSpecs'])) {
if (strpos($_POST['deleteImages'], ",") !== false) {
$deletes = explode(',', $_POST['deleteImages']);
} else {
$deletes = array($_POST['deletedSpecs']);
}
$ids = db::escape($_POST['deletedSpecs']);
$Spec = new Spec();
db::query("DELETE FROM {$Spec->_table} WHERE id IN ({$ids})");
}
if (is_array($_POST['details'])) {
foreach ($_POST['details'] as $i => $spec) {
if (in_array($spec['id'], $deletes)) {
continue;
}
if (isset($spec['new'])) {
$Spec = new Spec();
$spec['id'] = '';
$spec['parent'] = $Product->id;
} else {
$Spec = new Spec($spec['id']);
}
$spec['sortorder'] = array_search($i, $_POST['details-sortorder']) + 1;
$Spec->updates($spec);
$Spec->save();
}
}
}
// Save any meta data
if (isset($_POST['meta']) && is_array($_POST['meta'])) {
foreach ($_POST['meta'] as $name => $value) {
if (isset($Product->meta[$name])) {
$Meta = $Product->meta[$name];
if (is_array($Meta)) {
$Meta = reset($Product->meta[$name]);
}
} else {
$Meta = new ShoppMetaObject(array('parent' => $Product->id, 'context' => 'product', 'type' => 'meta', 'name' => $name));
}
$Meta->parent = $Product->id;
$Meta->name = $name;
$Meta->value = $value;
$Meta->save();
}
}
$Product->load_data();
// Reload data so everything is fresh for shopp_product_saved
do_action_ref_array('shopp_product_saved', array(&$Product));
unset($Product);
}
public static function push_unsubscribe($subject, $term, $device_id, $device_type) {
$subjectId = self::get_subject_id($subject);
$term = db::escape($term);
$device_id = db::escape($device_id);
$device_type = db::escape($device_type);
db::$connection->query("DELETE FROM MyStellarSubscription WHERE "
. " subject_id='$subjectId' AND term='$term' "
. " AND device_id=$device_id AND device_type='{$device_type}'");
}