function notify_users($id, $what = "updated", $contents = "") { global $priority_long; global $scope_long; global $status_long; global $PHP_URL, $PROJECT_EMAIL, $PROJECT_NAME; $result = db_query("SELECT * FROM str WHERE id = {$id}"); if ($result) { $contents = wordwrap($contents); $row = db_next($result); $prtext = $priority_long[$row['priority']]; $sttext = $status_long[$row['status']]; $sctext = $scope_long[$row['scope']]; if ($row['subsystem'] != "") { $subsystem = $row['subsystem']; } else { $subsystem = "Unassigned"; } if ($row['fix_version'] != "") { $fix_version = $row['fix_version']; } else { $fix_version = "Unassigned"; } if (eregi("[a-z0-9_.]+", $row['create_user'])) { $email = auth_user_email($row['create_user']); } else { $email = $row['create_user']; } if ($row['create_user'] != $row['modify_user'] && $row['create_user'] != $manager && $email != "") { mail($email, "{$PROJECT_NAME} STR #{$id} {$what}", "Your software trouble report #{$id} has been {$what}. You can check\n" . "the status of the report and add additional comments and/or files\n" . "at the following URL:\n" . "\n" . " {$PHP_URL}?L{$id}\n" . "\n" . " Summary: {$row['summary']}\n" . " Version: {$row['str_version']}\n" . " Status: {$sttext}\n" . " Priority: {$prtext}\n" . " Scope: {$sctext}\n" . " Subsystem: {$subsystem}\n" . "Fix Version: {$fix_version}\n" . "\n{$contents}" . "________________________________________________________________\n" . "Thank you for using the {$PROJECT_NAME} Software Trouble Report page!", "From: {$PROJECT_EMAIL}\r\n"); } $ccresult = db_query("SELECT email FROM carboncopy WHERE url = 'str.php_L{$id}'"); if ($ccresult) { while ($ccrow = db_next($ccresult)) { mail($ccrow['email'], "{$PROJECT_NAME} STR #{$id} {$what}", "Software trouble report #{$id} has been {$what}. You can check\n" . "the status of the report and add additional comments and/or files\n" . "at the following URL:\n" . "\n" . " {$PHP_URL}?L{$id}\n" . "\n" . " Summary: {$row['summary']}\n" . " Version: {$row['str_version']}\n" . " Status: {$sttext}\n" . " Priority: {$prtext}\n" . " Scope: {$sctext}\n" . " Subsystem: {$subsystem}\n" . "Fix Version: {$fix_version}\n" . "\n{$contents}" . "________________________________________________________________\n" . "Thank you for using the {$PROJECT_NAME} Software Trouble Report page!", "From: {$PROJECT_EMAIL}\r\n"); } db_free($ccresult); } if ($row['manager_email'] != "") { $manager = $row['manager_email']; } else { $manager = $PROJECT_EMAIL; } if ($row['modify_user'] != $manager) { mail($manager, "{$PROJECT_NAME} STR #{$id} {$what}", "The software trouble report #{$id} assigned to you has been {$what}.\n" . "You can manage the report and add additional comments and/or files\n" . "at the following URL:\n" . "\n" . " {$PHP_URL}?L{$id}\n" . "\n" . " Summary: {$row['summary']}\n" . " Version: {$row['str_version']}\n" . " Status: {$sttext}\n" . " Priority: {$prtext}\n" . " Scope: {$sctext}\n" . " Subsystem: {$subsystem}\n" . "Fix Version: {$fix_version}\n" . "\n{$contents}", "From: {$PROJECT_EMAIL}\r\n"); } db_free($result); } }
function updatelist() { global $runinit; if ($runinit['astream']) { $ids = array(); $res = db_list_processes(); while ($row = db_fetch_assoc($res)) { $ids[$row['Id']] = true; } db_free($res); $res = db_execquery('SELECT h_id, mid FROM ' . TBL_MHISTORY . ' WHERE active = 1'); if ($res) { while ($row = db_fetch_assoc($res)) { if (!isset($ids[$row['mid']])) { db_execquery('UPDATE ' . TBL_MHISTORY . ' SET active = 0 WHERE h_id = ' . $row['h_id']); } } } } }
function listing($base_query, $md5_get = false) { global $db_driver, $db_link; $md5_i = false; if ($md5_get) { preg_match('#_(\\d+)$#', $md5_get, $match); $md5_i = $match[1]; } $base_query = trim($base_query); $base_query = str_cut_end($base_query, ';'); $query = $base_query; $ret = array('msg' => '', 'error' => '', 'data_html' => false); $limit = 25; $offset = get('offset', 'int'); $page = floor($offset / $limit + 1); if ($query) { if (is_select($query) && !preg_match('#\\s+LIMIT\\s+\\d+#i', $query) && !preg_match('#into\\s+outfile\\s+#', $query)) { $query = db_limit($query, $offset, $limit); } else { $limit = false; } $time = time_start(); if (!db_is_safe($query, true)) { $ret['error'] = 'Detected UPDATE/DELETE without WHERE condition (put WHERE 1=1 if you want to execute this query)'; return $ret; } $rs = @db_query($query); if ($rs) { if ($rs === true) { if ('mysql' == $db_driver) { $affected = mysql_affected_rows($db_link); $time = time_end($time); $ret['data_html'] = '<b>' . $affected . '</b> rows affected.<br>Time: <b>' . $time . '</b> sec'; return $ret; } } else { if ('pgsql' == $db_driver) { $affected = @pg_affected_rows($rs); if ($affected || preg_match('#^\\s*(DELETE|UPDATE)\\s+#i', $query)) { $time = time_end($time); $ret['data_html'] = '<p><b>' . $affected . '</b> rows affected. Time: <b>' . $time . '</b> sec</p>'; return $ret; } } } $rows = array(); while ($row = db_row($rs)) { $rows[] = $row; if ($limit) { if (count($rows) == $limit) { break; } } } db_free($rs); if (is_select($base_query)) { $found = @db_one("SELECT COUNT(*) FROM ({$base_query}) AS sub"); if (!is_numeric($found) || count($rows) && !$found) { global $COUNT_ERROR; $COUNT_ERROR = ' (COUNT ERROR) '; $found = count($rows); } } else { if (count($rows)) { $found = count($rows); } else { $found = false; } } if ($limit) { $pages = ceil($found / $limit); } else { $pages = 1; } $time = time_end($time); } else { $ret['error'] = db_error(); return $ret; } } else { $ret['error'] = 'No query found.'; return $ret; } ob_start(); ?> <?php if (is_numeric($found)) { ?> <p> Found: <b><?php echo $found; ?> </b><?php echo isset($GLOBALS['COUNT_ERROR']) ? $GLOBALS['COUNT_ERROR'] : ''; ?> . Time: <b><?php echo $time; ?> </b> sec. <?php $params = array('md5' => $md5_get, 'offset' => get('offset', 'int')); if (get('only_marked') || post('only_marked')) { $params['only_marked'] = 1; } if (get('only_select') || post('only_select')) { $params['only_select'] = 1; } ?> / <a href="<?php echo url(self(), $params); ?> ">Refetch</a> / Export to CSV: <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode('|'); ?> &query=<?php echo base64_encode($base_query); ?> ">pipe</a> - <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode("\t"); ?> &query=<?php echo base64_encode($base_query); ?> ">tab</a> - <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode(','); ?> &query=<?php echo base64_encode($base_query); ?> ">comma</a> - <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode(';'); ?> &query=<?php echo base64_encode($base_query); ?> ">semicolon</a> </p> <?php } else { ?> <p>Result: <b>OK</b>. Time: <b><?php echo $time; ?> </b> sec</p> <?php } ?> <?php if (is_numeric($found)) { ?> <?php if ($pages > 1) { ?> <p> <?php if ($page > 1) { ?> <?php $ofs = ($page - 1) * $limit - $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if (get('only_marked') || post('only_marked')) { $params['only_marked'] = 1; } if (get('only_select') || post('only_select')) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> "><< Prev</a> <?php } ?> Page <b><?php echo $page; ?> </b> of <b><?php echo $pages; ?> </b> <?php if ($pages > $page) { ?> <?php $ofs = $page * $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if (get('only_marked') || post('only_marked')) { $params['only_marked'] = 1; } if (get('only_select') || post('only_select')) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> ">Next >></a> <?php } ?> </p> <?php } ?> <script> function mark_row(tr) { var els = tr.getElementsByTagName('td'); if (tr.marked) { for (var i = 0; i < els.length; i++) { els[i].style.backgroundColor = ''; } tr.marked = false; } else { tr.marked = true; for (var i = 0; i < els.length; i++) { els[i].style.backgroundColor = '#ddd'; } } } </script> <?php if ($found) { ?> <?php $edit_table = table_from_query($base_query); if ($edit_table) { $edit_pk = array_first_key($rows[0]); if (is_numeric($edit_pk)) { $edit_table = false; } } if ($edit_table) { $types = table_types2($edit_table); if ($types && count($types)) { if (in_array($edit_pk, array_keys($types))) { if (!array_col_match_unique($rows, $edit_pk, '#^\\d+$#')) { $edit_pk = guess_pk($rows); if (!$edit_pk) { $edit_table = false; } } } else { $edit_table = false; } } else { $edit_table = false; } } $edit_url = ''; if ($edit_table) { $edit_url = url(self(true), array('action' => 'editrow', 'table' => $edit_table, 'pk' => $edit_pk, 'id' => '%s')); } ?> <table class="ls" cellspacing="1"> <tr> <?php if ($edit_url) { ?> <th>#</th><?php } ?> <?php foreach ($rows[0] as $col => $v) { ?> <th><?php echo $col; ?> </th> <?php } ?> </tr> <?php foreach ($rows as $row) { ?> <tr ondblclick="mark_row(this)"> <?php if ($edit_url) { ?> <td><a href="javascript:void(0)" onclick="popup('<?php echo sprintf($edit_url, $row[$edit_pk]); ?> ', 620, 500)">Edit</a> </td> <?php } ?> <?php $count_cols = 0; foreach ($row as $v) { $count_cols++; } ?> <?php foreach ($row as $k => $v) { ?> <?php if (preg_match('#^\\s*<a[^>]+>[^<]+</a>\\s*$#iU', $v) && strlen(strip_tags($v)) < 50) { $v = strip_tags($v, '<a>'); $v = create_links($v); } else { $v = strip_tags($v); $v = str_replace(' ', ' ', $v); $v = preg_replace('#[ ]+#', ' ', $v); $v = create_links($v); if (!get('full_content') && strlen($v) > 50) { if (1 == $count_cols) { $v = truncate_html($v, 255); } else { $v = truncate_html($v, 50); } } // $v = html_once($v); - create_links() disabling } $nl2br = get('nl2br'); if (get('full_content')) { $v = str_wrap($v, 80, '<br>', true); } if (get('nl2br')) { $v = nl2br($v); } //$v = stripslashes(stripslashes($v)); if (@$types[$k] == 'int' && (preg_match('#time#i', $k) || preg_match('#date#i', $k)) && preg_match('#^\\d+$#', $v)) { $tmp = @date('Y-m-d H:i', $v); if ($tmp) { $v = $tmp; } } global $post; if (str_has($post['sql'], '@gethostbyaddr') && preg_match('#^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$#', $v)) { $v = $v . '<br>' . @gethostbyaddr($v); } ?> <td onclick="mark_col(this)" <?php echo $nl2br ? 'valign="top"' : ''; ?> nowrap><?php echo is_null($row[$k]) ? '-' : $v; ?> </td> <?php } ?> </tr> <?php } ?> </table> <?php } ?> <?php if ($pages > 1) { ?> <p> <?php if ($page > 1) { ?> <?php $ofs = ($page - 1) * $limit - $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if (get('only_marked') || post('only_marked')) { $params['only_marked'] = 1; } if (get('only_select') || post('only_select')) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> "><< Prev</a> <?php } ?> Page <b><?php echo $page; ?> </b> of <b><?php echo $pages; ?> </b> <?php if ($pages > $page) { ?> <?php $ofs = $page * $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if (get('only_marked') || post('only_marked')) { $params['only_marked'] = 1; } if (get('only_select') || post('only_select')) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> ">Next >></a> <?php } ?> </p> <?php } ?> <?php } ?> <?php $cont = ob_get_contents(); ob_end_clean(); $ret['data_html'] = $cont; return $ret; }
function show_poll($id) // I - Poll ID { global $PHP_SELF, $POLL_TYPE_PICKONE, $POLL_TYPE_PICKMANY; $result = db_query("SELECT * FROM poll WHERE is_published = 1 AND id = $id"); if (db_count($result) == 1) { $row = db_next($result); $id = $row['id']; $question = htmlspecialchars($row['question']); print("<p><form method='POST' action='poll.php?v$row[id]'>" ."<b>$question</b>\n"); if ($row['poll_type'] == $POLL_TYPE_PICKONE) print("(please pick one)\n"); else print("(pick all that apply)\n"); for ($i = 0; $i < 10; $i ++) { $answer = htmlspecialchars($row["answer$i"]); if ($answer != "") { if ($row['poll_type'] == $POLL_TYPE_PICKONE) print("<br /><input type='radio' name='ANSWER'"); else print("<br /><input type='checkbox' name='ANSWER$i'"); print(" value='$i'/>$answer\n"); } } $votes = $row['votes']; if ($votes == 1) $votes .= " vote"; else $votes .= " votes"; $ccount = count_comments("poll.php_r$id"); if ($ccount == 1) $ccount .= " comment"; else $ccount .= " comments"; print("<br /><input type='submit' value='Vote'/>\n" ."[ <a href='poll.php?r$id'>Results</a> ]\n"); print("<br />($votes, $ccount)</form></p>\n"); } db_free($result); }
$result = db_query("SELECT * FROM article WHERE is_published = 1 " ."ORDER BY modify_date DESC LIMIT 3"); $count = db_count($result); while ($row = db_next($result)) { $id = $row['id']; $title = htmlspecialchars($row['title']); $abstract = htmlspecialchars($row['abstract']); $date = date("H:i M d, Y", $row['modify_date']); $count = count_comments("articles.php_L$id"); if ($count == 1) $count .= " comment"; else $count .= " comments"; print("<p><a href='articles.php?L$id'>$title</a> - $abstract<br>\n" ."<span class='dateinfo'>$date, $count</span></p>\n"); } db_free($result); ?> </td></tr> </table> <? html_footer(); ?>
function listing($base_query, $md5_get = false) { // @listing GET("full_content", "bool"); GET("only_select", "bool"); GET("offset", "int"); POST("full_content", "bool"); POST("only_select", "bool"); global $db_driver, $db_link; $full_content = $_GET["full_content"] || $_POST["full_content"]; $md5_i = false; if ($md5_get) { preg_match('#_(\\d+)$#', $md5_get, $match); $md5_i = $match[1]; } $base_query = trim($base_query); if (";" == substr($base_query, -1)) { $base_query = substr($base_query, 0, -1); } $query = $base_query; $ret = array('msg' => '', 'error' => '', 'data_html' => false); $limit = 25; $offset = $_GET["offset"]; $page = floor($offset / $limit + 1); if ($query) { if (is_select($query) && !preg_match('#\\s+LIMIT\\s+\\d+#i', $query) && !preg_match('#into\\s+outfile\\s+#', $query)) { $query = db_limit($query, $offset, $limit); } else { $limit = false; } $time = time_start(); if (!db_is_safe($query, true)) { $ret['error'] = 'Detected UPDATE/DELETE without WHERE condition (put WHERE 1=1 if you want to execute this query)'; return $ret; } $rs = @db_query($query); if ($rs) { if ($rs === true) { if ('mysql' == $db_driver) { $affected = mysql_affected_rows($db_link); $time = time_end($time); $ret['data_html'] = '<b>' . $affected . '</b> rows affected.<br>Time: <b>' . $time . '</b> sec'; return $ret; } } else { if ('pgsql' == $db_driver) { $affected = @pg_affected_rows($rs); if ($affected || preg_match('#^\\s*(DELETE|UPDATE)\\s+#i', $query)) { $time = time_end($time); $ret['data_html'] = '<p><b>' . $affected . '</b> rows affected. Time: <b>' . $time . '</b> sec</p>'; return $ret; } } } $rows = array(); while ($row = db_row($rs)) { $rows[] = $row; if ($limit) { if (count($rows) == $limit) { break; } } } db_free($rs); if (is_select($base_query)) { $found = @db_one("SELECT COUNT(*) FROM ({$base_query}) AS sub"); if (!is_numeric($found) || count($rows) && !$found) { global $COUNT_ERROR; $COUNT_ERROR = ' (COUNT ERROR) '; $found = count($rows); } } else { if (count($rows)) { $found = count($rows); } else { $found = false; } } if ($limit) { $pages = ceil($found / $limit); } else { $pages = 1; } $time = time_end($time); } else { $ret['error'] = db_error(); return $ret; } } else { $ret['error'] = 'No query found.'; return $ret; } ob_start(); // ---------------------------------------------------------------- // @sqleditor LISTING HTML // ---------------------------------------------------------------- ?> <?php if (is_numeric($found)) { ?> <p> Found: <b><?php echo $found; ?> </b><?php echo isset($GLOBALS['COUNT_ERROR']) ? $GLOBALS['COUNT_ERROR'] : ''; ?> . Time: <b><?php echo $time; ?> </b> sec. <?php $params = array('md5' => $md5_get, 'offset' => $_GET["offset"]); if ($_GET['only_select'] || $_POST['only_select']) { $params['only_select'] = 1; } if ($_GET['full_content'] || $_POST['full_content']) { $params['full_content'] = 1; } ?> / <a href="<?php echo url(self(), $params); ?> ">Refetch</a> / Export to CSV: <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode('|'); ?> &query=<?php echo base64_encode($base_query); ?> ">pipe</a> - <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode("\t"); ?> &query=<?php echo base64_encode($base_query); ?> ">tab</a> - <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode(','); ?> &query=<?php echo base64_encode($base_query); ?> ">comma</a> - <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?export=csv&separator=<?php echo urlencode(';'); ?> &query=<?php echo base64_encode($base_query); ?> ">semicolon</a> </p> <?php } else { ?> <p>Result: <b>OK</b>. Time: <b><?php echo $time; ?> </b> sec</p> <?php } ?> <?php if (is_numeric($found)) { ?> <?php if ($pages > 1) { ?> <p> <?php if ($page > 1) { ?> <?php $ofs = ($page - 1) * $limit - $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if ($_GET['only_select'] || $_POST['only_select']) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> "><< Prev</a> <?php } ?> Page <b><?php echo $page; ?> </b> of <b><?php echo $pages; ?> </b> <?php if ($pages > $page) { ?> <?php $ofs = $page * $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if ($_GET['only_select'] || $_POST['only_select']) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> ">Next >></a> <?php } ?> </p> <?php } ?> <?php if ($found) { ?> <?php $edit_table = table_from_query($base_query); if ($edit_table) { $edit_pk = array_first_key($rows[0]); if (is_numeric($edit_pk)) { $edit_table = false; } } if ($edit_table) { $types = table_columns($edit_table); if ($types && count($types)) { if (in_array($edit_pk, array_keys($types))) { if (!array_col_match_unique($rows, $edit_pk, '#^\\d+$#')) { $edit_pk = guess_pk($rows); if (!$edit_pk) { $edit_table = false; } } } else { $edit_table = false; } } else { $edit_table = false; } } $edit_url = ''; if ($edit_table) { $edit_url = url(self(true), array('action' => 'editrow', 'table' => $edit_table, 'pk' => $edit_pk, 'id' => '%s')); } ?> <table class="ls" cellspacing="1"> <tr> <?php if ($edit_url) { ?> <th>#</th><?php } ?> <?php foreach ($rows[0] as $col => $v) { ?> <th><?php echo $col; ?> </th> <?php } ?> </tr> <?php foreach ($rows as $row) { ?> <tr onclick="mark_row(this, event)"> <?php if ($edit_url) { ?> <td valign=top><a href="javascript:void(0)" onclick="popup('<?php echo sprintf($edit_url, $row[$edit_pk]); ?> ', <?php echo EDITROW_POPUP_WIDTH; ?> , <?php echo EDITROW_POPUP_HEIGHT; ?> )">Edit</a> </td> <?php } ?> <?php $count_cols = 0; foreach ($row as $v) { $count_cols++; } ?> <?php foreach ($row as $k => $v) { ?> <?php if (preg_match('#^\\s*<a[^>]+>[^<]+</a>\\s*$#iU', $v) && strlen(strip_tags($v)) < 50) { $v = strip_tags($v, '<a>'); $v = create_links($v); } else { $v = strip_tags($v); $v = str_replace(' ', ' ', $v); $v = preg_replace('#[ ]+#', ' ', $v); $v = create_links($v); if (!$full_content && strlen($v) > 50) { if (1 == $count_cols) { $v = truncate_html($v, 255); } else { $v = truncate_html($v, 50); } } // $v = html_once($v); - create_links() disabling } if ($full_content) { $v = str_wrap($v, 80, '<br>', true); } if ($full_content) { $v = nl2br($v); } //$v = stripslashes(stripslashes($v)); if (isset($types[$k]) && $types && $types[$k] == 'int' && IsTimestampColumn($k, $v)) { // 100 000 000 == 1973-03-03 10:46:40 // Only big integers change to dates, so a low one like "1054" // does not get changed into a date, cause that would probably be wrong. $tmp = date('Y-m-d H:i', $v); if ($tmp) { $v = $tmp; } } ?> <td <?php echo $full_content ? 'valign="top"' : ''; ?> nowrap><?php echo is_null($row[$k]) ? '-' : $v; ?> </td> <?php } ?> </tr> <?php } ?> </table> <?php } ?> <?php if ($pages > 1) { ?> <p> <?php if ($page > 1) { ?> <?php $ofs = ($page - 1) * $limit - $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if ($_GET['only_select'] || $_POST['only_select']) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> "><< Prev</a> <?php } ?> Page <b><?php echo $page; ?> </b> of <b><?php echo $pages; ?> </b> <?php if ($pages > $page) { ?> <?php $ofs = $page * $limit; ?> <?php $params = array('md5' => $md5_get, 'offset' => $ofs); if ($_GET['only_select'] || $_POST['only_select']) { $params['only_select'] = 1; } ?> <a href="<?php echo url(self(), $params); ?> ">Next >></a> <?php } ?> </p> <?php } ?> <?php } ?> <?php $cont = ob_get_contents(); ob_end_clean(); $ret['data_html'] = $cont; return $ret; }
} else { $havedata = 0; } } else { $result = db_query("SELECT * FROM article WHERE id = {$id}"); if (db_count($result) != 1) { print "<p><b>Error:</b> Article #{$id} was not found!</p>\n"; html_footer(); exit; } $row = db_next($result); $is_published = $row["is_published"]; $title = $row["title"]; $abstract = $row["abstract"]; $contents = $row["contents"]; db_free($row); $havedata = 0; } if ($havedata) { $title = db_escape($title); $abstract = db_escape($abstract); $contents = db_escape($contents); $modify_date = time(); db_query("UPDATE article SET " . "is_published = {$is_published}, " . "title = '{$title}', " . "abstract = '{$abstract}', " . "contents = '{$contents}', " . "modify_date = {$modify_date}, " . "modify_user = '******' " . "WHERE id = {$id}"); if (!$is_published) { notify_users($id, "modified"); } header("Location: {$PHP_SELF}?L{$id}{$options}"); } else { html_header("Modify Article #{$id}"); html_start_links(1);
function // O - Number of comments show_comments($url, // I - URL for comment $path = "", // I - Path component $parent_id = 0, // I - Parent comment $heading = 3) // I - Heading level { global $_COOKIE, $LOGIN_LEVEL; $result = db_query("SELECT * FROM comment WHERE " ."url = '" . db_escape($url) ."' " ."AND parent_id = $parent_id " ."ORDER BY id"); if (array_key_exists("MODPOINTS", $_COOKIE)) $modpoints = $_COOKIE["MODPOINTS"]; else $modpoints = 5; if ($parent_id == 0 && $modpoints > 0) print("<P>You have $modpoints moderation points available.</P>\n"); if ($heading > 6) $heading = 6; $safeurl = urlencode($url); $num_comments = 0; $div = 0; while ($row = db_next($result)) { if ($row["status"] > 0) { if ($heading > 3 && !$div) { print("<div style='margin-left: 3em;'>\n"); $div = 1; } $num_comments ++; $create_date = date("H:i M d, Y", $row['create_date']); $create_user = sanitize_email($row['create_user']); $contents = format_text($row['contents']); print("<h$heading><a name='_USER_COMMENT_$row[id]'>From</a> " ."$create_user, $create_date (score=$row[status])</h$heading>\n" ."$contents\n"); html_start_links(); if ($LOGIN_LEVEL >= AUTH_DEVEL) { html_link("Edit", "${path}comment.php?e$row[id]+p$safeurl"); html_link("Delete", "${path}comment.php?d$row[id]+p$safeurl"); } html_link("Reply", "${path}comment.php?r$row[id]+p$safeurl"); if ($modpoints > 0) { if ($row['status'] > 0) html_link("Moderate Down", "${path}comment.php?md$row[id]+p$safeurl"); if ($row['status'] < 5) html_link("Moderate Up", "${path}comment.php?mu$row[id]+p$safeurl"); } html_end_links(); } $num_comments += show_comments($url, $path, $row['id'], $heading + 1); } db_free($result); if ($div) print("</div>\n"); return ($num_comments); }
function // O - Email address auth_user_email($username) // I - Username { $result = db_query("SELECT * FROM users WHERE " ."name = '" . db_escape($username) . "'"); if (db_count($result) == 1) { $row = db_next($result); $email = $row["email"]; } else $email = ""; db_free($result); return ($email); }