} else { if ($_POST) { //sanitize post value $group_number = filter_var($_POST["group_no"], FILTER_SANITIZE_NUMBER_INT, FILTER_FLAG_STRIP_HIGH); $album_id = filter_var($_POST["album_id"], FILTER_SANITIZE_NUMBER_INT, FILTER_FLAG_STRIP_HIGH); $items_per_group = filter_var($_POST["images_per_group"], FILTER_SANITIZE_NUMBER_INT, FILTER_FLAG_STRIP_HIGH); //throw HTTP error if group number is not valid if (!is_numeric($group_number)) { if (!$phpunit['isTest']) { header('HTTP/1.1 400 Bad Request'); die; } } //get current starting point of records $position = $group_number * $items_per_group; $result = $db->query("select distinct images.id, images.filename, images.extension from imagesToAlbums, albums,\n images left join metadata on (images.id = metadata.imageId) where images.id = imagesToAlbums.imageId and\n albums.id = imagesToAlbums.albumId and albums.ownerId = '" . $currentUser['id'] . "' " . (mysql_real_escape_string($album_id) != '' ? "\n and albums.id = '" . mysql_real_escape_string($album_id) . "'" : "") . " and (" . get_search_cols($_POST["keywords"], array('albums', 'images', 'metadata'), false) . ") order by id desc LIMIT {$position}, {$items_per_group}"); $i = 0; if (!$phpunit['isTest']) { while ($row = mysql_fetch_assoc($result)) { ?> <a id="image_<?php echo $row['id']; ?> " href="photoView.html?id=<?php echo $row['id']; ?> " data-id="<?php echo $row['id']; ?> " class="draggablePhoto ui-draggable ui-draggable-handle" style="position: relative;"><div title="<?php echo $row['filename'];
| <form method="get" action="" class="searchForm"><b>Search:</b> <input type="text" name="keywords" value="<?php echo $_GET['keywords']; ?> " /> <input type="submit" name="search" value="search..." /></form> <table width="100%"class="administrationTable"> <tr> <td>ID</td> <td>Registered</td> <td>Firstname</td> <td>Lastname</td> <td>eMail</td> <td></td> </tr> <?php $result = $db->query("select * from users where " . ($_GET['keywords'] != '' ? "(" . get_search_cols($_GET['keywords'], array('users')) . ") and " : "") . " 1=1 " . (($_GET['id'] != '' and $_GET['action'] != 'delete') ? " and id = '" . mysql_real_escape_string($_GET['id']) . "'" : "") . " order by id desc limit " . $v . ",30"); $i = 0; while ($row = mysql_fetch_assoc($result)) { ?> <tr class="<?php echo $row['enabled'] != '1' ? 'disabled' : ($i % 2 == 0 ? 'even' : 'odd'); ?> "> <td><b><?php echo $row['id']; ?> </b></td> <td><?php echo date("d.m.Y H:i", $row['registered']); ?> </td>