function content() { if (!user_logged_in()) { return must_log_in(); } $user = fetch_one_or_none('users', 'id', user_logged_in()); if (!array_key_exists('token', $_GET) || !$_GET['token'] || $_GET['token'] != sha1($user->new_email_address)) { $errors[] = 'Invalid reset token'; } # This can happen if two accounts try to change address at similar times. if (count($errors) == 0 && count(fetch_all('users', 'email_address', $user->new_email_address))) { $errors[] = "A user with this email address already exists"; } if (count($errors) == 0) { update_all('users', array('email_address' => $user->new_email_address, 'new_email_address' => null), 'id', user_logged_in()); ?> <h2>Address changed</h2> <p>Your email address has been changed to <tt><?php esc($user->new_email_address); ?> </tt>.</p> <?php return; } page_header('Address verification failed'); show_error_list($errors); }
function do_login() { global $errors; $errors = array(); if (!array_key_exists('email', $_POST) || !$_POST['email'] || !array_key_exists('password', $_POST) || !$_POST['password']) { $errors[] = "Please provide both an email address and a password"; } if (count($errors)) { return; } $email = $_POST['email']; $password = $_POST['password']; error_log("Login attempt from <{$email}>"); $users = fetch_all('users', 'email_address', $email); if (count($users) > 1) { die('Multiple users with that address!'); } if (count($users) == 0) { $errors[] = 'Incorrect email address'; } elseif (crypt($password, $users[0]->password_crypt) != $users[0]->password_crypt) { $errors[] = 'Incorrect password'; } elseif (!$users[0]->date_verified) { $errors[] = 'Your account is not yet activated'; } elseif (!$users[0]->date_approved) { $errors[] = 'Your account is not yet approved'; } if (count($errors)) { return; } $forever = array_key_exists('forever', $_POST) && $_POST['forever']; set_login_cookie($uid = $users[0]->id, $forever ? 2147483647 : 0); error_log("Login succeeded from <{$email}>"); redirect_away(); }
function login_user($connection, $post) { $_SESSION['login_errors'] = array(); if (empty($post['user_name'])) { $_SESSION['login_errors'][] = 'User Name cannot be blank'; } if (empty($post['password'])) { $_SESSION['login_errors'][] = 'Password cannot be blank'; } if (count($_SESSION['login_errors']) > 0) { header('Location: login.php'); } else { $user_name = mysqli_real_escape_string($connection, $post['user_name']); $password = mysqli_real_escape_string($connection, $post['password']); $query = "SELECT * FROM users WHERE users.user_name = '{$user_name}'"; $result = fetch_all($query); if (!empty($result) && $result[0]['password'] == $password) { $_SESSION['user_name'] = $user_name; $_SESSION['user_id'] = $result[0]['id']; header('Location: success.php'); } else { $_SESSION['login_errors'][] = 'Login Failed'; header('Location: login.php'); } } }
function get_column_names_by_table_name($table) { $result_one_row = fetch_all(mysql_query("SELECT * FROM `{$table}` LIMIT 1")); $table_column_names = array(); for ($i = 0; $i < mysql_num_fields($result_one_row); ++$i) { $table_column_names[] = mysql_field_name($result_one_row, $i); } return $table_column_names; }
function content() { if (!user_logged_in()) { return must_log_in(); } $user = fetch_one_or_none('users', 'id', user_logged_in()); $errors = array(); if (array_key_exists('change', $_POST)) { if (!isset($_POST['email']) || !$_POST['email']) { $errors[] = "Please enter an email address"; } else { $email = $_POST['email']; if ($email && !validate_email_address($email)) { $errors[] = "Invalid email address"; } if (count($errors) == 0 && count(fetch_all('users', 'email_address', $email))) { $errors[] = "A user with this email address already exists"; } if (count($errors) == 0) { update_all('users', array('new_email_address' => $email), 'id', user_logged_in()); send_email_change_email($email, $user->name); ?> <p>We have sent an email to your new address requesting that you confirm that change of address.</p> <?php return; } } } $fields = array(); page_header('Change email address'); show_error_list($errors); ?> <form method="post" action="" accept-charset="UTF-8"> <div class="fieldrow"> <div class="field"> <label>Current address:</label> <div><tt><?php esc($user->email_address); ?> </tt></div> </div> </div> <div class="fieldrow"> <?php text_field($fields, 'email', 'New address'); ?> </div> <div class="fieldrow"> <input type="submit" name="change" value="Change"/> </div> </form> <?php }
function get_notes($user_id) { $mysql_link = connect(); $query = sprintf("SELECT * FROM note WHERE user_id='%s'", mysql_real_escape_string($user_id, $mysql_link)); $result = mysql_query($query, $mysql_link); $notes = fetch_all($result); disconnect($mysql_link); return $notes; }
function get_all_comments($message_id) { $query = "SELECT comment,\n\t\t\t\t users.first_name AS first_name,\n\t\t\t\t users.last_name AS last_name,\n\t\t\t\t comments.created_at AS created_at\n\t\t\t\t FROM comments\n\t\t\t\t LEFT JOIN messages\n\t\t\t\t ON comments.message_id = messages.id\n\t\t\t\t LEFT JOIN users\n\t\t\t\t ON comments.user_id = users.id\n\t\t\t\t WHERE message_id = '{$message_id}'"; $comments = fetch_all($query); if (count($comments) > 0) { $_SESSION["comments"] = $comments; } else { $_SESSION["comments"] = array(); } }
function register_user($post) { $_SESSION['errors'] = array(); // Assigning more secure variables to important fields using escape_this_string function $username = escape_this_string($post['username']); $email = escape_this_string($post['email']); $password = escape_this_string($post['password']); // Beginning of validation checks // Attempt at validating existing information $check_data_query = "SELECT users.username, users.email FROM users"; $existing_users = fetch_all($check_data_query); if (!empty($existing_users)) { foreach ($existing_users as $user) { if ($username == $user['username']) { $_SESSION['errors'][] = 'This username is already taken.'; } if ($email == $user['email']) { $_SESSION['errors'][] = 'This email is already in use.'; } } } // Validating non-existing information to make sure nothing is blank or invalid if (empty($username)) { $_SESSION['errors'][] = "Username cannot be blank."; } if (empty($post['first_name'])) { $_SESSION['errors'][] = "First name cannot be blank."; } if (empty($post['last_name'])) { $_SESSION['errors'][] = "Last name cannot be blank."; } if (empty($password)) { $_SESSION['errors'][] = "Password fields cannot be blank."; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = "Passwords must match."; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "Please use a valid email address."; } if (count($_SESSION['errors']) > 0) { header('Location: main.php'); exit; } else { // Here I am gonna encrypt both the email and password and then I'm going to make a query to insert that data into the database $salt = bin2hex(openssl_random_pseudo_bytes(22)); $encrypted_password = md5($password . '' . $salt); $query = "INSERT INTO users (username, first_name, last_name, email, password, salt, created_at, updated_at) \n\t\t\t \t\t VALUES ('{$username}', '{$post['first_name']}', '{$post['last_name']}', '{$email}', '{$encrypted_password}', '{$salt}', NOW(), NOW())"; run_mysql_query($query); $_SESSION['success'] = "User has been successfully created!"; header('Location: main.php'); exit; } }
function checkduplicate($text) { // if the last string is a forward slash, then remove the forward slash and re-evaluate if (substr($text, strlen($text) - 1, 1) !== '/') { $text = $text . '/'; } $query = 'SELECT * FROM scrapper WHERE ref_link = "' . $text . '"'; $query_result = fetch_all($query); if (count($query_result) == 0) { return true; } return false; }
function login_user($post) { $query = "SELECT * FROM users WHERE users.email = '{$post['email']}' AND users.password = '******'password']}'"; $user = fetch_all($query); if (count($user) > 0) { $_SESSION['user_id'] = $user[0]['id']; $_SESSION['f_name'] = $user[0]['first_name']; $_SESSION['logged_in'] = true; header('location: success.php'); } else { $_SESSION['errors'][] = 'check credentials'; header('location: index.php'); } }
function post_comment($post) { if (empty($post['comments'])) { $_SESSION['errors'][] = "Please submit a comment."; header("Location: success.php"); exit; } elseif (!empty($post['comments'])) { $query = "INSERT INTO comments (comment, created_at, updated_at, users_id, messages_id)\r\n\t\t\t\tVALUES ('{$post['comments']}', NOW(), NOW(), '{$post['user_id']}', '{$post['message_id']}')"; run_mysql_query($query); $query = "SELECT * FROM users\r\n\t\t\t\tLEFT JOIN comments\r\n\t\t\t\tON users.id = comments.users_id"; $_SESSION['comments'] = fetch_all($query); header("Location: success.php"); die; } }
function login_user($post) { $query = "SELECT * FROM users\n\t\t\t\t WHERE users.password = '******'password']}'\n\t\t\t\t AND users.email = '{$_POST['email']}'"; $user = fetch_all($query); if (count($user) > 0) { $_SESSION["user_id"] = $user[0]["id"]; $_SESSION["first_name"] = $user[0]["first_name"]; $_SESSION["logged_in"] = TRUE; header("Location: success.php"); die; } else { $_SESSION["errors"][] = "Can't find a user with those credentials!"; header("Location: index.php"); die; } }
function login_user($post) { $password = md5($post['password']); $email = escape_this_string($post['email']); $query = "SELECT * FROM users WHERE users.email = '{$email}' AND users.password = '******'"; $user = fetch_all($query); if (count($user) > 0) { $_SESSION['user_id'] = $user[0]['id']; $_SESSION['first_name'] = $user[0]['first_name']; $_SESSION['logged_in'] = true; header('location: wall.php'); } else { $_SESSION['errors'][] = 'Check your credentials'; header('location: login.php'); } }
function login_user($post) { $query = "SELECT * FROM users WHERE users.password = '******'password']}'\r\n\t\t\tAND users.email = '{$post['email']}'"; $user = fetch_all($query); $query = "SELECT * FROM users\r\n\t\t \t\t LEFT JOIN messages\r\n\t\t \t\t ON users.id = messages.users_id\r\n\t\t \t\t ORDER BY messages.created_at ASC"; $_SESSION['records'] = fetch_all($query); $query = "SELECT * FROM users \r\n\t\t\t\tLEFT JOIN comments\r\n\t\t\t\tON users.id = comments.users_id"; $_SESSION['comments'] = fetch_all($query); if (count($user) > 0) { $_SESSION['user_id'] = $user[0]['id']; $_SESSION['first_name'] = $user[0]['first_name']; $_SESSION['logged_in'] = TRUE; header("location: success.php"); } else { $_SESSION['errors'][] = "can't find a user with those credentials"; header("location: index.php"); die; } }
function login_user($post) { $query = "SELECT * FROM users WHERE users.password = '******'password']}' \n\t\t\t\t AND users.email = '{$post['email']}'"; $user = fetch_all($query); echo $user; if (count($user) > 0) { $_SESSION['user_id'] = $user[0]['id']; $_SESSION['first_name'] = $user[0]['first_name']; $_SESSION['logged_in'] = TRUE; header('location: success.php'); } else { // $_SESSION['errors'][] = array(); $_SESSION['errors'][] = "can't find a user with those credentials"; // header('location: index.php'); // die(); } echo $query; // die(); }
function np_character_from_blueprint($blueprint, $level = 1, $username = '******') { $this->level = intval($level); if ($level < 0) { $level = 1; echo "<p>bad level input for npc!</p>"; } //define main vars $this->id = -1; $this->name = $blueprint["name"]; $this->user = $username; $this->cclass = $blueprint["class"]; $this->race = $blueprint["race"]; $this->sex = rand(0, 1) ? 'Female' : 'Male'; $this->image = $blueprint["image_path"]; $this->age = $this->level * $this->level; $this->location = 0; //define attribute vars $this->strength = (int) ($blueprint["min_damage"] + 3 * ($this->level - 1)); $this->dexterity = (int) ($blueprint["max_damage"] - $blueprint["min_damage"] + 2 * $this->level + 2); $this->wisdom = (int) ($blueprint["xp_given"] / 2 + $this->level); //define changeable vars( well except constitution ) $this->hit_points = $blueprint["hit_points"] + rand(0, $this->level * 3); $this->constitution = (int) (($this->hit_points + 10) / 6); $this->stamina_points = ($this->constitution + $this->strength) * 5; $this->level = $this->level; //This are the most significant changes from 0.90 $ac_left = fairInt($blueprint['AC'] * sqrt($this->level * 0.25)); $this->xp = fairInt($blueprint["xp_given"] * (0.5 + sqrt($this->level * 0.25))); $this->gold = fairInt($blueprint["gold_given"] * (0.5 + sqrt($this->level * 0.25))); $this->stat_points = 0; //skills $this->fight = 4 + $this->level; $this->defence = (int) ($blueprint['AC'] / 4 + $this->level - 1); $this->lockpick = 1 + (int) ($this->wisdom / 4); $this->traps = 1 + (int) ($this->wisdom / 2); //define equipment vars $this->weapon = 0; $this->armor = 0; $this->boots = 0; $this->shield = 0; $this->gloves = 0; $this->helm = 0; //FIXME: we need natural armor to clothe e.g. dragons //FIXME: armor class needs to be spent more evenly among armor types if ($ac_left > 0) { $armors = fetch_all("select id, armor_class from phaos_armor where armor_class<={$ac_left} order by armor_class DESC LIMIT 1"); if (count($armors) > 0) { $this->armor = $armors[0]['id']; $this->armor_ac = $armors[0]['armor_class']; $ac_left -= $this->armor_ac; } } if ($ac_left > 0) { $boots = fetch_all("select id, armor_class from phaos_boots where armor_class<={$ac_left} order by armor_class DESC LIMIT 1"); if (count($boots) > 0) { $this->boots = $boots[0]['id']; $this->boots_ac = $boots[0]['armor_class']; $ac_left -= $this->boots_ac; } } //fill weapon: $blueprint['avg_damage'] = (int) (($blueprint["min_damage"] + $blueprint["max_damage"]) * 0.5); $weapons = fetch_all("select * from phaos_weapons where min_damage<={$blueprint['min_damage']} and {$blueprint['avg_damage']}<= 2*max_damage order by RAND() LIMIT 1"); if (count($weapons) > 0) { $this->weapon = $weapons[0]['id']; $this->weapon_min = $weapons[0]['min_damage']; $this->weapon_max = $weapons[0]['max_damage']; $this->weapon_name = $weapons[0]['name']; } else { $this->weapon_min = 0; $this->weapon_max = 0; $this->weapon_name = "natural weapon"; } $this->weaponless = $blueprint['avg_damage'] + 2 * (int) $this->level; //calculated stuff $this->available_points = $this->strength + $this->dexterity + $this->wisdom + $this->constitution; $this->max_hp = $this->constitution * 6; $this->max_stamina = ($this->constitution + $this->strength) * 10; $this->max_rep = 7; if ($this->hit_points > $this->max_hp) { $this->max_hp = $this->hit_points; } if ($this->stamina_points > $this->max_stamina) { $this->max_stamina = $this->stamina_points; } //other stuff $actTime = time(); $this->regen_time = $actTime; $this->stamina_time = $actTime; $this->rep_time = $actTime; $this->no_regen_hp = $blueprint["hit_points"]; //regeneration $this->time_since_regen = $actTime - $this->regen_time; $this->stamina_time_since_regen = $actTime - $this->stamina_time; $this->rep_time_since_regen = $actTime - $this->rep_time; //reputation $this->rep_points = rand(0, $this->level - 1); $this->rep_helpfull = rand(0, $this->level - 1); $this->rep_generious = rand(0, $this->level - 1); $this->rep_combat = rand(0, $this->level - 1); //weapon & fight Calculation $this->max_inventory = $this->strength * 5; if (!$this->image) { $this->image = "images/monster/forest_troll.gif"; } }
function asurvey() { global $prefix, $sqldbdb, $MySQL, $set, $langmessage; if (file_exists("addons/survey/lang/lang_" . $set['language'] . ".php")) { require_once "addons/survey/lang/lang_" . $set['language'] . ".php"; } else { require_once "addons/survey/lang/lang_en_US.php"; } // Check if table exists in the database if ($MySQL == 0) { if (!($aa = sqlite_fetch_column_types($prefix . "surveynames", $sqldbdb))) { dbquery("CREATE TABLE " . $prefix . "surveynames ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL)"); } if (!($aa = sqlite_fetch_column_types($prefix . "surveyvotes", $sqldbdb))) { dbquery("CREATE TABLE " . $prefix . "surveyvotes ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL)"); } } else { dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveynames ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL, PRIMARY KEY (id))"); dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveyvotes ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL, PRIMARY KEY (id))"); } if (isset($_POST['surveysubmit'])) { if ($_POST['surveysubmit'] == "New Survey" && $_POST['surveyname'] != "") { if (!is_intval($_POST['adminlevel'])) { die($langmessage[98]); } dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, 0, \"" . encode(sanitize($_POST['surveyname'])) . "\", 0, " . $_POST['adminlevel'] . ")"); } if ($_POST['surveysubmit'] == "Delete Survey" && $_POST['surveyid'] != "") { if (!is_intval($_POST['surveyid'])) { die($langmessage[98]); } dbquery("DELETE FROM " . $prefix . "surveynames WHERE (id=" . $_POST['surveyid'] . " AND surveyid=0) OR surveyid=" . $_POST['surveyid']); dbquery("DELETE FROM " . $prefix . "surveyvotes WHERE surveyid=" . $_POST['surveyid']); } if ($_POST['surveysubmit'] == "Add Option" && $_POST['option'] != "") { if (!is_intval($_POST['surveyid']) || !is_intval($_POST['place'])) { die($langmessage[98]); } dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, " . $_POST['surveyid'] . ", \"" . encode(sanitize($_POST['option'])) . "\", " . $_POST['place'] . ", 0)"); } } $out .= "<h2>{$surveymessage['15']}</h2>\n<hr />\n"; $out .= "<h3>{$surveymessage['1']}</h3>\n"; $out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n"; $out .= "<table>\n<tr><td>{$surveymessage['2']}: </td><td><input type=\"text\" name=\"surveyname\" value=\"\" size=\"50\" /></td></tr>\n"; $out .= "<tr><td>{$surveymessage['3']}: </td><td><SELECT name=\"adminlevel\">\n"; $out .= "<option value=\"0\">{$langmessage['161']}</option>\n"; $out .= "<option value=\"2\">{$langmessage['162']}</option>\n"; $out .= "<option value=\"3\">{$langmessage['29']}</option>\n"; $out .= "<option value=\"4\">{$langmessage['163']}</option>\n"; $out .= "</SELECT></td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"New Survey\" /></td>"; $out .= "<td><input type=\"submit\" value=\"{$surveymessage['1']}\" name=\"aaa\" /></td></tr>\n"; $out .= "</table>\n</form>\n"; $out .= "<hr /><h3>{$surveymessage['5']}</h3>\n"; $out .= "<form name=\"form2\" method=\"POST\" action=\"\">\n"; $out .= "<table>\n"; $out .= "<tr><td>{$surveymessage['5']}: </td><td><SELECT name=\"surveyid\">\n"; $output = dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0"); $row = fetch_all($output); $i = 0; while ($row[$i]['surveyname']) { $out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n"; $i++; } $out .= "</SELECT></td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Delete Survey\" /></td>"; $out .= "<td><input type=\"submit\" value=\"{$surveymessage['5']}\" name=\"aaa\" /></td></tr>\n"; $out .= "</table>\n</form>\n"; $out .= "<hr /><h3>{$surveymessage['6']}</h3>\n"; $out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n"; $out .= "<table>\n"; $out .= "<tr><td>{$surveymessage['2']}: </td><td><SELECT name=\"surveyid\">\n"; $row = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0")); $i = 0; while ($row[$i]['surveyname']) { $out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n"; $i++; } $out .= "</SELECT></td></tr>\n"; $out .= "<tr><td>{$surveymessage['7']}: </td><td><input type=\"text\" name=\"place\" size=\"2\" value=\"\" /></td></tr>\n"; $out .= "<tr><td>{$surveymessage['8']}: </td><td><input type=\"text\" name=\"option\" size=\"50\" value=\"\" /></td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Add Option\" /></td>"; $out .= "<td><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['9']}\" /></td></tr>\n"; $out .= "</table>\n</form>\n"; $out .= "<hr /><h3>{$surveymessage['4']}</h3>\n<ul>"; $i = 0; while ($row[$i]['id']) { $out .= "<li>" . $row[$i]['id'] . " - " . decode($row[$i]['surveyname']) . "</li>\n"; $row1 = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $row[$i]['id'])); $j = 0; $out .= "<ul>"; while ($row1[$j]['id']) { $out .= "<li>" . $row1[$j]['surveyname'] . "</li>\n"; $j++; } $out .= "</ul>\n"; $i++; } $out .= "</ul>\n"; return $out; }
// get the first record. // it will be assumed that the table will have an inital record which will contain the main site // only get the records that are tag for drilling : drill = 'Y'. // this will only loop(drill) 3times (or 3levels) just to be sure // anything after the 3rd level will be ignored // get the details of the site to determine how many levels to drill $query = "SELECT * FROM sites WHERE drill = 'Y' AND status = 'Pending'"; $results = fetch_record($query); // loop through the list for ($list_loop = 0; $list_loop <= count($results); $list_loop++) { // set runtime to only 10 minutes set_time_limit(600); for ($loopCounter = 0; $loopCounter <= $results['level']; $loopCounter++) { // get the first link $query = "SELECT * FROM scrapper WHERE main_site_id =" . $results['site_id'] . " AND drill = 'Y' AND drillStatus = 'Not Started'"; $query_results = fetch_all($query); if (count($query_results) == 0) { // update the site record $query = "UPDATE sites SET drill='N', status='Completed' WHERE main_site_id =" . $results['site_id']; run_mysql_query($query); $loopCounter = $results['level']; } else { foreach ($query_results as $listing) { grabAnchors($listing, $results['site_address']); } } } // update the site record $query = "UPDATE sites SET drill='N', status='Completed' WHERE main_site_id =" . $results['site_id']; run_mysql_query($query); }
} else { DB::insert('gongqiu_member', gpc('member_')); showmessage($_lang['edit_ok']); } } } elseif ($op == 'mycredit') { if (empty($gongqiu_config['extcredits'])) { showmessage($_lang['no_extcredits']); } else { $credit = DB::result_first("SELECT extcredits{$gongqiu_config['extcredits']} FROM " . DB::table('common_member_count') . " WHERE uid='{$_G['uid']}'"); $credit_log = fetch_all('gongqiu_up', " as su LEFT JOIN " . DB::table('gongqiu_goods') . " as sg ON su.goods_id = sg.goods_id WHERE sg.member_uid='{$_G['uid']}'"); } } elseif ($op == 'quiteup') { $goods_id = intval($_GET['goods_id']); DB::update('gongqiu_goods', array('goods_up' => ''), " goods_id='{$goods_id}'"); showmessage($_lang['edit_ok'], $gongqiu_config['root'] . "?mod=member&op=mypost"); } elseif ($op == 'setpostup') { $goods_id = intval($_GET['goods_id']); $goods = fetch_all('gongqiu_goods', " WHERE goods_id='{$goods_id}'", " goods_title,goods_id,member_uid "); $goods = $goods[0]; include template("gongqiu:{$style}/setpostup"); exit; } elseif ($op == 'jubao') { $goods_id = intval($_GET['goods_id']); $goods = fetch_all('gongqiu_goods', " WHERE goods_id='{$goods_id}'", " goods_title,goods_id,member_uid "); $goods = $goods[0]; include template("gongqiu:{$style}/jubao"); exit; } $navtitle = $_lang['member'] . " - " . $gongqiu_config['name']; include template("gongqiu:{$style}/member");
$op = !empty($_GET['op']) ? addslashes($_GET['op']) : 'post'; $uid = $_G['uid']; $goods = fetch_all('gongqiu_goods', " WHERE goods_id='{$goods_id}'"); $goods = $goods[0]; $goods['goods_text'] = stripslashes($goods['goods_text']); $cat = fetch_all("gongqiu_cat", " WHERE cat_status='1' ORDER BY cat_sort DESC "); if ($op == 'edit') { if ($goods['member_uid'] != $_G['uid'] && !is_gongqiu_admin()) { showmessage($_lang['no_quanxian']); } else { $uid = $goods['member_uid']; } } $member = fetch_all('gongqiu_member', " WHERE member_uid='{$uid}'"); $member = $member[0]; $my_credit = fetch_all("common_member_count", " WHERE uid='{$uid}'", " extcredits{$gongqiu_config['extcredits']} ", "0"); $my_credit = $my_credit["extcredits{$gongqiu_config['extcredits']}"]; if (submitcheck('post_submit') || submitcheck('edit_submit')) { if (empty($_GET['province']) && $op == 'post') { showmessage($_lang['must_province']); } if (empty($_GET['goods_text'])) { showmessage($_lang['must_goods_text']); } if (empty($_GET['member_username'])) { showmessage($_lang['must_member_username']); } if (empty($_GET['member_phone'])) { showmessage($_lang['must_member_phone']); } /* begin:发布积分消费 */
$errors = array(); $_SESSION['errors'] = $errors; $_SESSION['user_id'] = 0; if (isset($_POST['action']) && $_POST['action'] == 'register') { if (empty($_POST['first_name']) || !ctype_alpha($_POST['first_name'])) { $errors[] = "first name must contain only letters and no spaces"; } if (empty($_POST['last_name']) || !ctype_alpha($_POST['last_name'])) { $errors[] = "last name must contain only letters and no spaces"; } if (empty($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $errors[] = "please enter a valid email address (example@example.com)"; } else { $email = escape_this_string($_POST['email']); $query = "SELECT email\n\t\t\t\tFROM users\n\t\t\t\tWHERE email = '{$email}'"; if (!empty(fetch_all($query))) { $errors[] = "username is already taken, please select a new username"; } } if (empty($_POST['password']) || strlen($_POST['password']) < 6) { $errors[] = "password must be greater than 6 characters"; } if ($_POST['password_conf'] != $_POST['password']) { $errors[] = "password confirmation does not match"; } if (count($errors) > 0) { $_SESSION['errors'] = $errors; header('location: index.php'); die; } else { $_SESSION['errors'] = $errors;
function whos_here($locationids, $characterrole = 'phaos_npc') { global $PHP_PHAOS_CHARID; if (is_array($locationids)) { $locationset = makeList($locationids); $locwhere = "location IN {$locationset}"; } else { $locationid = intval($locationids); $locwhere = "location={$locationid}"; } $order = 'ORDER by wisdom ASC, gold/(strength+dexterity+hit_points) ASC'; $query = "SELECT id FROM phaos_characters WHERE {$locwhere} AND username LIKE '{$characterrole}' {$order}"; $list = project(fetch_all($query), 'id'); return $list; }
function markers($page) { global $prefix; $open = "%!\$"; $close = "\$!%"; while (strpos($page, $open)) { $pagearray = explode($open, $page, 2); $out .= $pagearray[0]; $pagearray1 = explode($close, $pagearray[1], 2); $token = explode(" ", $pagearray1[0], 2); switch ($token[0]) { case "plugin": $pluginame = "plugins/" . clean($token[1]) . "/"; if (file_exists($pluginame . "place.mod")) { $out .= file_get_contents($pluginame . "place.mod"); } if (file_exists($pluginame . "include.mod")) { include $pluginame . "include.mod"; } break; case "function": $bb = clean($token[1]); $aa = explode(" ", $bb); if ($aa[3] != "") { $out .= $aa[0]($aa[1], $aa[2], $aa[3]); } elseif ($aa[2] != "") { $out .= $aa[0]($aa[1], $aa[2]); } elseif ($aa[1] != "") { $out .= $aa[0]($aa[1]); } else { $out .= $aa[0](); } break; case "include": include clean($token[1]); break; case "place": $out .= clean(file_get_contents(trim($token[1]))); break; default: $addons = fetch_all(dbquery("SELECT * FROM " . $prefix . "addons WHERE active=1")); $found = false; foreach ($addons as $addon) { if ($pagearray1[0] == $addon['name']) { $found = true; require_once "addons/" . $addon['name'] . "/main.php"; $out .= $addon['fname'](); break; } elseif (substr($pagearray1[0], 0, strlen($addon['name'])) == $addon['name']) { $found = true; require_once "./addons/" . $addon['name'] . "/main.php"; $bb = clean(substr($pagearray1[0], strlen($addon['name']))); $aa = explode(" ", clean($bb)); if ($aa[3] != "") { $out .= $addon['fname'](clean($aa[0]), clean($aa[1]), clean($aa[2]), clean($aa[3])); } elseif ($aa[2] != "") { $out .= $addon['fname'](clean($aa[0]), clean($aa[1]), clean($aa[2])); } elseif ($aa[1] != "") { $out .= $addon['fname'](clean($aa[0]), clean($aa[1])); } else { $out .= $addon['fname'](clean($aa[0])); } break; } } if (substr($pagearray1[0], 0, 5) != "first" && substr($pagearray1[0], 0, 4) != "head" && !$found) { $out .= "\n" . clean($pagearray1[0]) . "\n"; } } $page = $pagearray1[1]; } if ($page != "") { $out .= $page; } return $out; }
header("location: index.php"); die; } } elseif (isset($_POST['action']) && $_POST['action'] == 'register') { //notifies user to complete all fields if (empty($_POST['first_name'])) { $_SESSION['error'][] = "Please fill in all fields."; } elseif (empty($_POST['last_name'])) { $_SESSION['error'][] = "Please fill in all fields."; } elseif (empty($_POST['password'])) { $_SESSION['error'][] = "Please fill in all fields."; } elseif (empty($_POST['email'])) { $_SESSION['error'][] = "Please fill in all fields."; } //prevents duplicate email addresses $users = fetch_all("SELECT * FROM users"); foreach ($users as $key => $value) { if ($_POST['email'] == $users[$key]['email']) { $_SESSION['error'][] = "That email address is already in use"; } } //additional criterion if (is_numeric($_POST['first_name'])) { $_SESSION['error'][] = "First name cannot contain numbers."; } if (is_numeric($_POST['last_name'])) { $_SESSION['error'][] = "Last name cannot contain numbers."; } if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['email'])) { $_SESSION['error'][] = "Please enter a valid email address."; }
<?php session_start(); require 'new_connection.php'; $query = "SELECT name, content, created_at FROM names\n\tORDER BY created_at DESC"; $quote_data = fetch_all($query); ?> <!DOCTYPE html> <html> <head> <title>BillBoard</title> <link rel="stylesheet" type="text/css" href="quoting_css.php"> </head> <body> <div id="container_billboard"> <div id="wrapper"> <h3>Here are the awesome quotes!</h3> <?php foreach ($quote_data as $quote) { ?> <div id="scroll"> <p>"<?php echo $quote['content']; ?> "</p> <p id="p_tag" >- <?php echo $quote['name']; ?> at <?php
<?php /** * 版权声明: 该程序为 [DiscuzCMS!] 独立自主开发, 依法拥有该产品知识产权,所有代码版权归[DiscuzCMS!]所有, 程序内均为商业代码, 仅为购买者提供使用授权. * 法律声明: 未经官方授权使用修改或者传播都是属于侵权和违法行为, 依法将追究一切相关法律责任. * 官方网站: http://www.DiscuzCMS.com **/ if (!defined('IN_ADMINCP')) { exit('Admin Login'); } if (!defined('IN_DISCUZ')) { exit('Access Denied'); } global $gongqiu_config, $_lang; require_once DISCUZ_ROOT . './source/plugin/gongqiu/include/config.inc.php'; require_once DISCUZ_ROOT . './source/plugin/gongqiu/include/function.class.php'; $mod = "admin_jubao"; $self_url = 'plugins&operation=config&identifier=gongqiu&pmod=' . $mod . "&do=" . $do; $cp_url = 'action=' . $self_url; if (!cloudaddons_getmd5("gongqiu.plugin")) { /* cpmsg(lang('admincp_msg','cloudaddons_genuine_message'),'','error',array('addonid' => "gongqiu.plugin"));*/ } if (isset($_GET['del'])) { $jubao_id = intval($_GET['del']); DB::delete('gongqiu_jubao', array('jubao_id' => $jubao_id)); } $jubao_array = fetch_all('gongqiu_jubao', " ORDER BY jubao_time DESC"); $style = 'default'; include template("gongqiu:admin/admin_jubao");
function alinks() { global $message, $linksmessage, $prefix; if (($_POST['submit'] == "Add Link" || $_POST['submit'] == "Edit Link") && $_POST['link'] != "" && $_POST['linkname'] != "") { if ($_POST['submit'] == "Add Link") { $query = "INSERT INTO " . $prefix . "links (id, link, name, descr, hits) VALUES (null, \"" . htmlentities($_POST['link']) . "\", \"" . encode($_POST['linkname']) . "\", \"" . encode($_POST['descr']) . "\", " . $_POST['cat'] . ")"; } else { $query = "UPDATE " . $prefix . "links SET link=\"" . htmlentities($_POST['link']) . "\", name=\"" . encode($_POST['linkname']) . "\", descr=\"" . encode($_POST['descr']) . "\", hits=" . $_POST['cat'] . " WHERE id=" . $_POST['id']; } if (!dbquery($query)) { die($linksmessage[132]); } unset($_GET['action']); } if ($_POST['linkcat'] == "Add Category" || $_POST['linkcat'] == "Edit Category") { // add category - edit category if ($_POST['linkcat'] == "Add Category") { $query = "INSERT INTO " . $prefix . "linkscat (id, nome, descr) VALUES (null, '" . encode($_POST['name']) . "', '" . encode($_POST['descr']) . "')"; } else { $query = "UPDATE " . $prefix . "linkscat SET nome=\"" . encode($_POST['name']) . "\", descr=\"" . encode($_POST['descr']) . "\" WHERE id=" . $_POST['id']; } if (!dbquery($query)) { die($linksmessage[106]); } } switch ($_GET['action']) { case "delete": dbquery("DELETE FROM " . $prefix . "links WHERE id=" . $_GET['id']); unset($_GET['action']); break; case "deletec": dbquery("DELETE FROM " . $prefix . "linkscat WHERE id=" . $_GET['id']); unset($_GET['action']); break; case "editc": $result = dbquery("SELECT * FROM " . $prefix . "linkscat WHERE id=" . $_GET['id']); $row = fetch_array($result); } $out = "<h2>{$linksmessage['40']}</h2>\n<hr />\n<div align=\"center\">\n<h3>{$linksmessage['66']}</h3>\n"; $out .= "<form method=\"post\" action=\"\"><fieldset style=\"border: 0;\"><table>\n"; $out .= "<tr><td>{$linksmessage['50']}</td><td><input type=\"text\" name=\"name\""; if ($_GET['action'] == "editc") { $out .= " value=\"" . decode($row[1]) . "\""; } $out .= " /></td></tr>\n"; $out .= "<tr><td>{$linksmessage['67']}</td><td><input type=\"text\" name=\"descr\""; if ($_GET['action'] == "editc") { $out .= " value=\"" . decode($row[2]) . "\""; } $out .= " /></td></tr>\n<tr><td>"; if ($_GET['action'] == "editc") { $out .= "<input type=\"hidden\" name=\"id\" value=" . $row[0] . " />"; } $out .= "</td>\n<td>"; $out .= "<input type=\"hidden\" name=\"linkcat\" "; if ($_GET['action'] == "editc") { $out .= "value=\"Edit Category\""; } else { $out .= "value=\"Add Category\""; } $out .= " />\n"; $out .= "<input type=\"submit\" name=\"\" "; if ($_GET['action'] == "editc") { $out .= "value=\"{$linksmessage['54']}\""; } else { $out .= "value=\"{$linksmessage['53']}\""; } $out .= " />\n"; $out .= "</td></tr>\n</table></div>\n"; $result = dbquery("SELECT * FROM " . $prefix . "linkscat ORDER BY nome"); $out .= "<table cellspacing=\"5\">"; $GETarray = $_GET; while ($row = fetch_array($result)) { $out .= "<tr><td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?"; if ($_GET['do'] != "") { $out .= "do=" . $_GET['do'] . "&"; } $out .= "id=" . $row[0] . "&action=editc\"><img src=\"images/edit.png\" style=\"align: left; border: 0;\" ></a></td>\n"; $out .= "<td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?"; if ($_GET['do'] != "") { $out .= "do=" . $_GET['do'] . "&"; } $out .= "id=" . $row[0] . "&action=deletec\"><img src=\"images/editdelete.png\" style=\"align: left; border: 0;\" ></a></td>\n"; $out .= "<td>" . decode($row['nome']) . "</td><td>" . decode($row['descr']) . "</td>\n"; $out .= "<td>" . $row['id'] . "</td></tr>\n"; } $out .= "</table>\n</form>\n"; if ($_GET['action'] == "edit") { $row = fetch_array(dbquery("SELECT * FROM " . $prefix . "links WHERE id=" . $_GET['id'])); } $out .= "<div align=\"center\"><h3>{$linksmessage['40']}</h3><form name=\"form1\" method=\"post\" action=\"\"><fieldset style=\"border: 0;\">\n<table>\n"; $out .= "<tr><td>{$linksmessage['68']}</td><td><input type=\"text\" name=\"linkname\""; if ($_GET['action'] == "edit") { $out .= " value=\"" . decode($row['name']) . "\""; } $out .= " /></td></tr>\n<tr><td>{$linksmessage['69']}</td><td><input type=\"text\" name=\"link\""; if ($_GET['action'] == "edit") { $out .= " value=\"" . $row['link'] . "\""; } $out .= " /></td></tr>\n"; $out .= "<tr><td valign=\"top\" >{$linksmessage['67']}</td><td><textarea name=\"descr\">"; if ($_GET['action'] == "edit") { $out .= decode($row['descr']); } $out .= "</textarea></td></tr>\n"; $out .= "<tr><td>{$linksmessage['52']}</td><td align=\"right\"><select name=\"cat\" >\n"; $result = dbquery("SELECT * FROM " . $prefix . "linkscat"); $cats = fetch_all($result); foreach ($cats as $cat) { $out .= '<option value="' . $cat['id'] . '"'; if ($_GET['action'] == "edit" && $row[4] == $cat['id']) { $out .= ' SELECTED'; } $out .= '>' . decode($cat['nome']) . " </option>\n"; } $out .= "</select></tr>\n<tr><td>"; if ($_GET['action'] == "edit") { $out .= "<input type=\"hidden\" name=\"id\" value=\"" . $row[0] . "\" />"; } $out .= "</td><td><input type=\"hidden\" name=\"submit\" "; if ($_GET['action'] == "edit") { $out .= "value=\"Edit Link\""; } else { $out .= "value=\"Add Link\""; } $out .= " />\n"; $out .= "<input type=\"submit\" name=\"aa\" "; if ($_GET['action'] == "edit") { $out .= "value=\"{$linksmessage['70']}\""; } else { $out .= "value=\"{$linksmessage['71']}\""; } $out .= " />\n"; $out .= "</td></tr></table></fieldset></form></div>\n"; $out .= "<table cellspacing=\"5\">"; $cat = 0; $result = dbquery("SELECT * FROM " . $prefix . "links ORDER BY hits ASC, name ASC"); while ($row = fetch_array($result)) { if ($row['hits'] != $cat) { $cat = $row['hits']; $cr = fetch_array(dbquery("SELECT * FROM " . $prefix . "linkscat WHERE id={$cat}")); $out .= "<tr><td colspan=\"3\" align=\"center\"><h3>" . decode($cr['nome']) . "</h3></td></tr>\n"; } $out .= "<tr><td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?"; if ($_GET['do'] != "") { $out .= "do=" . $_GET['do'] . "&"; } $out .= "id=" . $row[0] . "&action=edit\"><img src=\"images/edit.png\" style=\"align: left; border: 0;\" ></a></td>\n"; $out .= "<td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?"; if ($_GET['do'] != "") { $out .= "do=" . $_GET['do'] . "&"; } $out .= "id=" . $row[0] . "&action=delete\"><img src=\"images/editdelete.png\" style=\"align: left; border: 0;\" ></a></td>\n"; $out .= "<td>" . decode($row['name']) . "</td><td>" . $row['link'] . "</td></tr>\n"; } $out .= "</table>\n"; return $out; }
} elseif (!empty($has_apply)) { $tips = $info_lang['ajax_inc_php_1']; } else { $tips = $info_lang['ajax_inc_php_2']; } include template("info:{$style}/done"); exit; } elseif ($op == 'jubao') { if (!$_G['uid']) { showmessage($info_lang['login'], '', array(), array('login' => true)); } $post_id = intval($_GET['post_id']); $has_jubao = fetch_all('info_post_jubao', " WHERE post_id='{$post_id}'", 'jubao_id', 0); $has_jubao = $has_jubao['jubao_id']; if (empty($has_jubao)) { $post = fetch_all('info_post', " WHERE post_id='{$post_id}'", "post_id,post_title", 0); DB::insert("info_post_jubao", array('post_id' => $post['post_id'], 'post_title' => $post['post_title'], 'jubao_time' => time())); } $tips = $info_lang['ajax_inc_php_3']; include template("info:{$style}/done"); exit; } elseif ($op == 'changecity') { $area_keys = array(); foreach ($area_array as $a) { $area_keys[$a['area_key']] = $a['area_key']; } array_multisort($area_keys); include template("info:changecity"); dexit(); } include template("info:ajax");
} if (isset($_GET['del'])) { $del['cat_id'] = intval($_GET['del']); DB::delete('house_cat', $del); } if (isset($_GET['edit'])) { $edit = intval($_GET['edit']); $edit_array = array(); $edit_array = fetch_all('house_cat', ' WHERE cat_id=' . $edit . ' ORDER BY cat_pid DESC,cat_sort ASC', '*', 0); } if (isset($_GET['edit_submit'])) { $edit_array = array(); $edit_array = gpc('cat_'); DB::update('house_cat', $edit_array, array('cat_id' => $edit_array['cat_id'])); } $cat_array = array(); $cat_array = fetch_all('house_cat', ' ORDER BY cat_pid ASC,cat_sort ASC'); foreach ($cat_array as $k => $v) { if ($v['cat_pid'] == '0') { $sum = fetch_all('house_cat', " WHERE cat_pid='{$v['cat_id']}' ", ' count(cat_id) as sum ', 0); $cat_array[$k] = array_merge($cat_array[$k], $sum); } } $cat_array_field .= "\$cat_array = " . arrayeval($cat_array) . ";\n"; writetocache('house_cat_array', $cat_array_field); if (!cloudaddons_getmd5("house.plugin")) { cpmsg(lang('admincp_msg', 'cloudaddons_genuine_message'), '', 'error', array('addonid' => "house.plugin")); } $pid_cat_array = array(); $pid_cat_array = fetch_all("house_cat", " WHERE cat_id='{$cat_pid}' ", "*", 0); include template("house:admin/admin_cat");
</form> </div> <h2>Step 1: Choose your Name</h2> <h5><b>Ajax now used--reload page to see your name appear</b></h5> <h4>After you are clocked in, update again to bring up Clock out sheet. Thanks</h4> <h5>(Will appear below)</h5> <form action="process.php" method="post"> <input type="hidden" name="update_action" value="update"> <select name="id"> <?php $query = "SELECT id, first_name, last_name FROM students"; $students = fetch_all($query); foreach ($students as $student) { $full_name = $student['first_name'] . " " . $student['last_name']; echo "<option value = " . $student['id'] . ">" . $full_name . "</option>"; } ?> <!-- key="id" value="foreach" --> </select> <input type="submit" value="Update"> </form> </div><!-- end of top --> <div id="bottom"> <?php