<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
$_SESSION["campos"] = $_POST;
if (trim($_POST["nombre"]) != "" && trim($_POST["resumen"]) != "" && trim($_POST["texto"]) != "") {
$db->rawData("INSERT INTO pagina (pagina_titulo,pagina_resumen,pagina_contenido,idioma_id,pagina_eliminado,pagina_foto,pagina_destacada,pagina_keywords,pagina_publicada)" . " VALUES ('" . addslashes($_POST["nombre"]) . "','" . addslashes($_POST["resumen"]) . "','" . addslashes($_POST["texto"]) . "'," . $_SESSION["idioma_gestor"] . ",0,''," . $_POST["destacada"] . "" . ",'" . addslashes($_POST["palabras_clave"]) . "'," . $_POST["publicada"] . ")");
$id_max = $db->consulta("SELECT * FROM pagina WHERE pagina_eliminado=0 AND idioma_id=" . $_SESSION["idioma_gestor"] . " ORDER BY pagina_id DESC LIMIT 1");
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/pagina/" . $id_max[0]["pagina_id"] . "." . $ext);
$db->rawData("UPDATE pagina SET pagina_foto='" . $id_max[0]["pagina_id"] . "." . $ext . "' WHERE pagina_id=" . $id_max[0]["pagina_id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=2");
die;
}
}
unset($_SESSION["campos"]);
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=3");
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "" && trim($_POST["descripcion"]) != "" && $_POST["categoria"] != 0) {
$img_del = "";
if ($_POST["elim_img"] == 1) {
$img_del = ",prod_foto='' ";
$rs = $db->consulta("SELECT * FROM producto WHERE prod_id=" . $_POST["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/producto/" . $rs[0]["prod_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/producto/" . $rs[0]["prod_foto"]);
}
}
$db->rawData("UPDATE producto SET prod_nombre='" . addslashes($_POST["nombre"]) . "'," . "prod_descripcion='" . addslashes($_POST["descripcion"]) . "'," . "catp_id=" . $_POST["categoria"] . "," . "prod_destacado=" . $_POST["destacada"] . ",prod_keywords='" . addslashes($_POST["palabras_clave"]) . "'" . ",prod_publicado=" . addslashes($_POST["publicada"]) . " " . $img_del . " " . "WHERE prod_id=" . $_POST["id"]);
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/producto/" . $_POST["id"] . "." . $ext);
$db->rawData("UPDATE producto SET prod_foto='" . $_POST["id"] . "." . $ext . "' WHERE prod_id=" . $_POST["id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE pedido SET pedido_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE pedido_id=" . $_GET["id"]);
$db->rawData("UPDATE reclamo SET reclamo_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE pedido_id=" . $_GET["id"]);
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "") {
$img_del = "";
if ($_POST["elim_img"] == 1) {
$img_del = ",marca_foto='' ";
$rs = $db->consulta("SELECT * FROM marca WHERE marca_id=" . $_POST["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/marca/" . $rs[0]["marca_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/marca/" . $rs[0]["marca_foto"]);
}
}
$db->rawData("UPDATE marca SET marca_nombre='" . addslashes($_POST["nombre"]) . "' " . $img_del . " WHERE marca_id=" . $_POST["id"]);
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/marca/" . $_POST["id"] . "." . $ext);
$db->rawData("UPDATE marca SET marca_foto='" . $_POST["id"] . "." . $ext . "' WHERE marca_id=" . $_POST["id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE usuario_sitio SET usw_eliminado={$_SESSION["usuario_gestor"]["us_id"]},usw_fecha_baja='" . date("Y-m-d H:i:s") . "' WHERE usw_id=" . $_GET["id"]);
$db->rawData("UPDATE direccion_envio SET dire_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE usw_id=" . $_GET["id"]);
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE producto SET catp_id=0 WHERE catp_id=" . $_GET["id"]);
$db->rawData("UPDATE categoria_producto SET catp_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE catp_id=" . $_GET["id"]);
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(__FILE__)) . "/functions/inc/mydb.inc.php";
include dirname(dirname(__FILE__)) . "/functions/inc/util.inc.php";
include dirname(dirname(__FILE__)) . "/functions/inc/seguridad.php";
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
switch ($_GET["func"]) {
case "cambiarEstado":
$valido_upd = "";
if ($_GET["val"] == 3) {
$valido_upd = ",usw_fecha_valido='" . date("Y-m-d H:i:s") . "'";
} else {
$valido_upd = ",usw_fecha_valido='0000-00-00 00:00:00'";
}
echo '
<div class="alert alert-success alert-dismissible fade in" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">x</span></button>
<b>Exito:</b> Se ha actualizado el estado del usuario correctamente
</div>
';
$db->rawData("UPDATE usuario_sitio SET estado_id=" . $_GET["val"] . " {$valido_upd} WHERE usw_id=" . $_GET["us"]);
break;
case "cambiarEstadoInscripto":
echo '
<div class="alert alert-success alert-dismissible fade in" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">x</span></button>
<b>Exito:</b> Se ha actualizado la inscripción al curso correctamente
</div>
';
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE inscripto_curso SET inscripto_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE inscripto_id=" . $_GET["id"]);
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "") {
$db->rawData("UPDATE que_desea_hacer SET qdh_titulo='" . addslashes($_POST["nombre"]) . "' " . "WHERE qdh_eliminado=0 AND qdh_id=" . $_POST["id"]);
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=4&id=" . $_POST["id"]);
die;
} else {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=1&id=" . $_POST["id"]);
die;
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$db->rawData("UPDATE terminos_condiciones " . "SET terminos='" . addslashes($_POST["texto"]) . "' WHERE" . " idioma_id=" . $_SESSION["idioma_gestor"]);
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=3");
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
$_SESSION["campos"] = $_POST;
if (validarMail($_POST["email"])) {
$db->rawData("UPDATE parametros_sitio " . "SET domicilio='" . addslashes($_POST["domicilio"]) . "',email='" . addslashes($_POST["email"]) . "',telefono='" . addslashes($_POST["telefono"]) . "'" . ",descripcion='" . addslashes($_POST["descripcion"]) . "',mapa='" . addslashes($_POST["google_map"]) . "',palabras_clave='" . addslashes($_POST["palabras_clave"]) . "'" . ",skype='" . addslashes($_POST["skype"]) . "',facebook='" . addslashes($_POST["facebook"]) . "'" . ",twitter='" . addslashes($_POST["twitter"]) . "',google_plus='" . addslashes($_POST["google_plus"]) . "',youtube='" . addslashes($_POST["youtube"]) . "' WHERE" . " idioma_id=" . $_SESSION["idioma_gestor"]);
unset($_SESSION["campos"]);
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=3");
} else {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=1");
die;
}
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "" && trim($_POST["curso"]) != "") {
$db->rawData("UPDATE archivo_curso SET ac_descripcion='" . addslashes($_POST["descripcion"]) . "'," . "curso_id=" . $_POST["curso"] . ",ac_nombre='" . addslashes($_POST["nombre"]) . "' " . "WHERE ac_id=" . $_POST["id"]);
if ($_FILES["archivo"]["size"] > max_upload_file_size()) {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["archivo"]["name"] != "") {
$ext = obtenerExtension($_FILES["archivo"]["name"]);
move_uploaded_file($_FILES["archivo"]["tmp_name"], $conf->getRoot() . "/archivos/curso/" . $_POST["id"] . "." . $ext);
$db->rawData("UPDATE archivo_curso SET ac_archivo='" . $_POST["id"] . "." . $ext . "' WHERE ac_id=" . $_POST["id"]);
} else {
if ($_FILES["archivo"]["name"] != "") {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=2&id=" . $_POST["id"]);
die;
}
}
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=4&id=" . $_POST["id"]);
die;
} else {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=1&id=" . $_POST["id"]);
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE modelo SET modelo_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE modelo_id=" . $_GET["id"]);
$rs = $db->consulta("SELECT * FROM modelo WHERE modelo_id=" . $_GET["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/modelo/" . $rs[0]["modelo_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/modelo/" . $rs[0]["modelo_foto"]);
}
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("DELETE FROM que_desea_hacer WHERE qdh_id=" . $_GET["id"]);
header("Location:../../index.php?acc=" . $_GET["acc"] . "&msg=6");
}
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "" && trim($_POST["video"]) != "" && trim($_POST["curso"]) != "") {
$db->rawData("UPDATE video_curso SET vc_codigo='" . addslashes($_POST["video"]) . "',vc_descripcion='" . addslashes($_POST["descripcion"]) . "'," . "curso_id=" . $_POST["curso"] . ",vc_titulo='" . addslashes($_POST["nombre"]) . "' " . "WHERE vc_id=" . $_POST["id"]);
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=4&id=" . $_POST["id"]);
die;
} else {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=1&id=" . $_POST["id"]);
die;
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
$_SESSION["campos"] = $_POST;
if (trim($_POST["nombre"]) != "" && $_POST["marca"] != "") {
$db->rawData("INSERT INTO modelo (modelo_nombre,marca_id,modelo_eliminado) VALUES ('" . addslashes($_POST["nombre"]) . "'," . $_POST["marca"] . ",0)");
$id_max = $db->consulta("SELECT * FROM modelo WHERE modelo_eliminado=0 ORDER BY modelo_id DESC LIMIT 1");
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/modelo/" . $id_max[0]["modelo_id"] . "." . $ext);
$db->rawData("UPDATE modelo SET modelo_foto='" . $id_max[0]["modelo_id"] . "." . $ext . "' WHERE modelo_id=" . $id_max[0]["modelo_id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=2");
die;
}
}
unset($_SESSION["campos"]);
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=3");
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "" && trim($_POST["curso"]) != "") {
$db->rawData("UPDATE imagen_curso SET ic_descripcion='" . addslashes($_POST["descripcion"]) . "'," . "curso_id=" . $_POST["curso"] . ",ic_titulo='" . addslashes($_POST["nombre"]) . "' " . "WHERE ic_id=" . $_POST["id"]);
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/curso/" . $_POST["id"] . "." . $ext);
$db->rawData("UPDATE imagen_curso SET ic_imagen='" . $_POST["id"] . "." . $ext . "' WHERE ic_id=" . $_POST["id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=2&id=" . $_POST["id"]);
die;
}
}
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=4&id=" . $_POST["id"]);
die;
} else {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=1&id=" . $_POST["id"]);
<?php
include_once '/functions/inc/mydb.inc.php';
$nombre_fichero = "provincias.html";
$fichero_texto = fopen($nombre_fichero, "r");
$contenido_fichero = fread($fichero_texto, filesize($nombre_fichero));
$contenido = explode("</option>", $contenido_fichero);
$db = new mydb();
//die(print_r($contenido));
for ($i = 0; $i < count($contenido); $i++) {
$nombre = explode(">", $contenido[$i]);
//die(print_r($nombre));
if (isset($nombre[1]) && trim($nombre[1]) != "") {
$nombre = addslashes($nombre[1]);
$db->rawData("INSERT INTO provincia (prov_nombre) VALUES ('{$nombre}')");
}
}
die(print_r($contenido));
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "" && trim($_POST["apellido"]) != "" && $_POST["estado"] != 0 && trim($_POST["email"]) != "") {
if (!validarMail($_POST["email"])) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=8&id=" . $_POST["id"]);
die;
}
if (!validarPass($_POST["password"]) && $_POST["password"] != "") {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=9&id=" . $_POST["id"]);
die;
}
$existe_mail = $db->consulta("SELECT * FROM usuario_sitio WHERE usw_eliminado=0 AND usw_id!=" . $_POST["id"] . " AND usw_email='" . $_POST["email"] . "'");
if (count($existe_mail)) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=6&id=" . $_POST["id"]);
die;
}
if (trim($_POST["scanycar"]) != "") {
$existe_scanycar = $db->consulta("SELECT * FROM usuario_sitio WHERE usw_eliminado=0 AND usw_id!=" . $_POST["id"] . " AND usw_scanycar='" . trim(addslashes($_POST["scanycar"])) . "'");
if (count($existe_scanycar)) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=7&id=" . $_POST["id"]);
die;
}
<?php
session_start();
include dirname(dirname(__FILE__)) . "/functions/inc/util.inc.php";
include dirname(dirname(__FILE__)) . "/functions/inc/mydb.inc.php";
include dirname(__FILE__) . "/scripts_de_utilidades/check_date.php";
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
if (!isset($_SESSION["idioma_gestor"])) {
$_SESSION["idioma_gestor"] = 1;
}
if (isset($_GET["acc"])) {
$acc = $_GET["acc"];
} else {
$acc = 0;
}
//phpinfo();
if (isset($_SESSION["usuario_gestor"])) {
inicializar($template, dirname(__FILE__) . "/interfaces/inicial.html");
$template->setVariable("usuario", $_SESSION["usuario_gestor"]["us_nombre"] . " " . $_SESSION["usuario_gestor"]["us_apellido"]);
if (isset($_SESSION["acc_prev"]) && $acc != $_SESSION["acc_prev"]) {
borrar_sesiones();
}
unset($_SESSION["acc_prev"]);
$_SESSION["acc_prev"] = $acc;
armarMenu($db, $template, $_SESSION["usuario_gestor"]["perfil_id"], $acc, $_SESSION["idioma_gestor"]);
} else {
inicializar($template, dirname(__FILE__) . "/interfaces/login.html");
if (isset($_SESSION["mensaje_error"])) {
$template->setVariable("mensaje_error", $_SESSION["mensaje_error"]);
unset($_SESSION["mensaje_error"]);
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
$_SESSION["campos"] = $_POST;
//die(print_r($_POST));
if (trim($_POST["nombre"]) != "" && trim($_POST["previa"]) != "" && trim($_POST["contenido"]) != "" && trim($_POST["tipo"]) != "") {
$db->rawData("INSERT INTO curso (curso_nombre,curso_texto,curso_requiere_validacion,idioma_id,curso_eliminado,curso_publicado,curso_descripcion,curso_keywords" . ",curso_destacado,curso_preview)" . " VALUES ('" . addslashes($_POST["nombre"]) . "','" . addslashes($_POST["contenido"]) . "'," . $_POST["tipo"] . "," . $_SESSION["idioma_gestor"] . ",0," . $_POST["publicada"] . "" . ",'" . addslashes($_POST["descripcion"]) . "','" . addslashes($_POST["palabras_clave"]) . "'," . $_POST["destacada"] . ",'" . addslashes($_POST["previa"]) . "')");
unset($_SESSION["campos"]);
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=3");
die;
} else {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=1");
die;
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE producto SET prod_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE prod_id=" . $_GET["id"]);
$rs = $db->consulta("SELECT * FROM producto WHERE prod_id=" . $_GET["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/producto/" . $rs[0]["prod_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/producto/" . $rs[0]["prod_foto"]);
}
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("UPDATE pagina SET pagina_eliminado={$_SESSION["usuario_gestor"]["us_id"]} WHERE pagina_id=" . $_GET["id"]);
$rs = $db->consulta("SELECT * FROM pagina WHERE pagina_id=" . $_GET["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/pagina/" . $rs[0]["pagina_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/pagina/" . $rs[0]["pagina_foto"]);
}
header("Location:../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
if (trim($_POST["nombre"]) != "" && trim($_POST["resumen"]) != "" && trim($_POST["texto"]) != "") {
$img_del = "";
if ($_POST["elim_img"] == 1) {
$img_del = ",pagina_foto='' ";
$rs = $db->consulta("SELECT * FROM pagina WHERE pagina_id=" . $_POST["id"]);
if (file_exists(dirname(dirname(dirname(__FILE__))) . "/img/pagina/" . $rs[0]["pagina_foto"])) {
unlink(dirname(dirname(dirname(__FILE__))) . "/img/pagina/" . $rs[0]["pagina_foto"]);
}
}
$db->rawData("UPDATE pagina SET pagina_titulo='" . addslashes($_POST["nombre"]) . "',pagina_resumen='" . addslashes($_POST["resumen"]) . "',pagina_contenido='" . addslashes($_POST["texto"]) . "'," . "pagina_destacada=" . $_POST["destacada"] . ",pagina_keywords='" . addslashes($_POST["palabras_clave"]) . "',pagina_publicada=" . addslashes($_POST["publicada"]) . " " . $img_del . " " . "WHERE pagina_id=" . $_POST["id"]);
if ($_FILES["imagen"]["size"] > max_upload_file_size()) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["imagen"]["name"] != "" && in_array($_FILES["imagen"]["type"], $formatos_img)) {
$ext = obtenerExtension($_FILES["imagen"]["name"]);
move_uploaded_file($_FILES["imagen"]["tmp_name"], $conf->getRoot() . "/img/pagina/" . $_POST["id"] . "." . $ext);
$db->rawData("UPDATE pagina SET pagina_foto='" . $_POST["id"] . "." . $ext . "' WHERE pagina_id=" . $_POST["id"]);
} else {
if ($_FILES["imagen"]["name"] != "") {
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$db->rawData("DELETE FROM video_curso WHERE vc_id=" . $_GET["id"]);
header("Location:../../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
$_SESSION["campos"] = $_POST;
if (trim($_POST["nombre"]) != "") {
$db->rawData("INSERT INTO categoria_producto (catp_nombre,catp_descripcion,catp_keywords,idioma_id,catp_publicado,catp_eliminado)" . " VALUES ('" . addslashes($_POST["nombre"]) . "','" . addslashes($_POST["descripcion"]) . "','" . addslashes($_POST["palabras_clave"]) . "'," . $_SESSION["idioma_gestor"] . "," . "" . $_POST["publicada"] . ",0)");
unset($_SESSION["campos"]);
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=3");
} else {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=1");
die;
}
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
$db = new mydb();
if (is_numeric($_GET["id"])) {
$rs = $db->consulta("SELECT * FROM imagen_curso WHERE ic_id=" . $_GET["id"]);
$db->rawData("DELETE FROM imagen_curso WHERE ic_id=" . $_GET["id"]);
if (file_exists(dirname(dirname(dirname(dirname(__FILE__)))) . "/img/curso/" . $rs[0]["ic_imagen"])) {
unlink(dirname(dirname(dirname(dirname(__FILE__)))) . "/img/curso/" . $rs[0]["ic_imagen"]);
}
header("Location:../../index.php?acc=" . $_GET["acc"] . "&msg=1");
}
<?php
session_start();
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(__FILE__))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
$_SESSION["campos"] = $_POST;
if (trim($_POST["nombre"]) != "" && trim($_POST["apellido"]) != "" && $_POST["estado"] != 0 && trim($_POST["email"]) != "" && trim($_POST["password"]) != "") {
if (!validarMail($_POST["email"])) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=8");
die;
}
if (!validarPass($_POST["password"])) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=9");
die;
}
$existe_mail = $db->consulta("SELECT * FROM usuario_sitio WHERE usw_eliminado=0 AND usw_email='" . $_POST["email"] . "'");
if (count($existe_mail)) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=6");
die;
}
if (trim($_POST["scanycar"]) != "") {
$existe_scanycar = $db->consulta("SELECT * FROM usuario_sitio WHERE usw_eliminado=0 AND usw_scanycar='" . trim(addslashes($_POST["scanycar"])) . "'");
if (count($existe_scanycar)) {
header("Location:../index.php?acc=" . $_POST["acc"] . "&msg=7");
die;
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$_SESSION["campos"] = $_POST;
if (trim($_POST["nombre"]) != "" && trim($_FILES["archivo"]["name"]) != "" && trim($_POST["curso"]) != "") {
$db->rawData("INSERT INTO archivo_curso (ac_archivo,ac_descripcion,curso_id,ac_nombre)" . " VALUES ('','" . addslashes($_POST["descripcion"]) . "'," . $_POST["curso"] . ",'" . addslashes($_POST["nombre"]) . "')");
$id_max = $db->consulta("SELECT * FROM archivo_curso WHERE 1 ORDER BY ac_id DESC LIMIT 1");
if ($_FILES["archivo"]["size"] > max_upload_file_size()) {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=5");
die;
}
if ($_FILES["archivo"]["name"] != "") {
$ext = obtenerExtension($_FILES["archivo"]["name"]);
move_uploaded_file($_FILES["archivo"]["tmp_name"], $conf->getRoot() . "/archivos/curso/" . $id_max[0]["ac_id"] . "." . $ext);
$db->rawData("UPDATE archivo_curso SET ac_archivo='" . $id_max[0]["ac_id"] . "." . $ext . "' WHERE ac_id=" . $id_max[0]["ac_id"]);
} else {
if ($_FILES["archivo"]["name"] != "") {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=2");
die;
}
}
unset($_SESSION["campos"]);
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=3");
die;
<?php
session_start();
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/util.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/mydb.inc.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/inc/seguridad.php";
include dirname(dirname(dirname(dirname(__FILE__)))) . "/functions/conf/conf.php";
$conf = new conf();
$db = new mydb();
$db->rawData("SET NAMES 'utf8'");
$formatos_img = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/jpg');
$_SESSION["campos"] = $_POST;
if (trim($_POST["nombre"]) != "") {
$db->rawData("INSERT INTO que_desea_hacer (qdh_titulo,qdh_eliminado,idioma_id)" . " VALUES ('" . addslashes($_POST["nombre"]) . "',0," . $_SESSION["idioma_gestor"] . ")");
unset($_SESSION["campos"]);
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=3");
} else {
header("Location:../../index.php?acc=" . $_POST["acc"] . "&msg=1");
die;
}