/** * widget function * works for select menus and some input fields * @param string $title * @param string $function * @param string $name * @param string $value * @param string $attr * @param string $type * @param string $subtitle * @param string $req * @param string $tag * @param string $tag_attr * @param string $extra * @param string $afterwards * @return string * @author edited by Peng Wang <*****@*****.**> */ function ips($title, $function, $name, $value = '', $attr = '', $type = '', $subtitle = '', $req = '', $tag = '', $tag_attr = '', $extra = '', $afterwards = '') { $OBJ =& get_instance(); global $error_msg, $go; // set a default // we might want div later if (!$tag) { $tag = 'label'; } $tag_attr ? $tag_attr = "{$tag_attr}" : ($tag_attr = ''); $OBJ->access->prefs['user_help'] == 1 ? $help = showHelp($title) : ($help = ''); $afterwards ? $afterwards = $afterwards : ($afterwards = ''); if (isset($error_msg[$name])) { $msg = span($error_msg[$name], "class='error'"); } else { $msg = null; } $subtitle ? $subtitle = span($subtitle, "class='small-txt'") : ($subtitle = ''); $title ? $title = label($title . ' ' . $subtitle . ' ' . $help . $msg) : ($title = ''); $req ? $req = showerror($msg) : ($req = ''); $extra ? $add = $extra : ($add = ''); $value = showvalue($name, $value); if ($function === 'input') { $function = input($name, $type, attr($attr), $value); } else { $function ? $function = $function($value, $name, attr($attr), $add) : ($function = null); } return $title . "\n" . $function; }
function selectDistinct($connection, $tableName, $attributeName, $pulldownName, $defaultValue) { $defaultWithinResultSet = FALSE; // Query to find distinct values of $attributeName in $tableName $distinctQuery = "SELECT DISTINCT {$attributeName} FROM\n {$tableName}"; // Run the distinctQuery on the databaseName if (!($resultId = @mysql_query($distinctQuery, $connection))) { showerror(); } // Start the select widget print "\n<select name=\"{$pulldownName}\">"; // Retrieve each row from the query while ($row = @mysql_fetch_array($resultId)) { // Get the value for the attribute to be displayed $result = $row[$attributeName]; // Check if a defaultValue is set and, if so, is it the // current database value? if (isset($defaultvalue) && $result == $defaultValue) { // Yes, show as selected print "\n\t<option selected value=\"{$result}\">{$result}"; } else { // No, just show as an option print "\n\t<option value=\"{$result}\">{$result}"; } print "</option>"; } print "\n</select>"; }
public function sendmail($to, $subject, $message) { global $wsn; global $debug; try { global $smtpCfg; $smtpHost = $smtpCfg['servers']; $smtpFrom = $smtpCfg['from']; $smtpUsername = $smtpCfg['username']; $smtpPassword = $smtpCfg['password']; } catch (Exception $e) { echo "Email not properly configured. Contact the site owner to report this problem. <br />"; showerror(); return false; } // mail($to,$subject,$message); $mail = new PHPMailer(); //$mail->SMTPDebug = 3; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = $smtpHost; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = $smtpUsername; // SMTP username $mail->Password = $smtpPassword; // SMTP password $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 587; // TCP port to connect to $mail->From = $smtpFrom; $mail->FromName = $wsn; $mail->addAddress($to); // Add a recipient /* $mail->addAddress('*****@*****.**'); $mail->addReplyTo('*****@*****.**', 'Information'); $mail->addCC('*****@*****.**'); // Optional recipients. $mail->addBCC('*****@*****.**'); */ $mail->WordWrap = 80; // Set word wrap to 50 characters $mail->isHTML(true); // Set email format to HTML $mail->Subject = "{$wsn} Account Activation"; $mail->Body = $message; $mail->AltBody = strip_tags($message); // Plain text alternative if (!$mail->send()) { echo 'Email could not be sent.'; if ($debug) { echo 'Mailer Error: ' . $mail->ErrorInfo; } showerror(); return false; } return true; }
function displayWinesList($connection, $query, $regionName) { // Run the query on the server if (!($result = @mysql_query($query, $connection))) { showerror(); } // Find out how many rows are available $rowsFound = @mysql_num_rows($result); // If the query has results ... if ($rowsFound > 0) { // ... print out a header print "Wines of {$regionName}<br>"; // and start a <table>. print "\n<table>\n<tr>" . "\n\t<th>Wine ID</th>" . "\n\t<th>Wine Name</th>" . "\n\t<th>Year</th>" . "\n\t<th>Winery</th>" . "\n\t<th>Description</th>\n</tr>"; // Fetch each of the query rows while ($row = @mysql_fetch_array($result)) { // Print one row of results print "\n<tr>\n\t<td>{$row["wine_id"]}</td>" . "\n\t<td>{$row["wine_name"]}</td>" . "\n\t<td>{$row["year"]}</td>" . "\n\t<td>{$row["winery_name"]}</td>" . "\n\t<td>{$row["description"]}</td>\n</tr>"; } // end while loop body // Finish the <table> print "\n</table>"; } // end if $rowsFound body // Report how many rows were found print "{$rowsFound} records found matching your criteria<br>"; }
function delete_avatar() { global $ttf; $sql = "SELECT avatar_type FROM ttf_user WHERE user_id='{$ttf["uid"]}'"; if (!($result = mysql_query($sql))) { showerror(); } list($ext) = mysql_fetch_row($result); // if the user has an avatar if (!empty($ext)) { // delete the avatar if (!unlink("avatars/" . $ttf["uid"] . "." . $ext)) { // it wasn't deleted return FALSE; } else { // if successful, remove it from the user row $sql = "UPDATE ttf_user SET avatar_type=NULL " . "WHERE user_id='{$ttf["uid"]}' "; if (!($result = mysql_query($sql))) { // we couldn't reflect the deletion in the db showerror(); } else { // everything worked return TRUE; } } } else { // there was no avatar to delete, // so we are still happy people return TRUE; } }
function authenticateUserNav($connection, $username, $password) { include '../paths.php'; require CONFIG . 'config.php'; require INCLUDES . 'url_variables.inc.php'; require INCLUDES . 'db_tables.inc.php'; // Test the username and password parameters if (!isset($username) || !isset($password)) { return false; } if (NHC) { // Place NHC SQL calls below } else { $query = "SELECT password FROM {$users_db_table} WHERE user_name = '{$username}' AND password = '******'"; } // Execute the query if (!($result = @mysql_query($query, $connection))) { showerror(); } // Is the returned result exactly one row? If so, then we have found the user if (mysql_num_rows($result) != 1) { return false; } else { return true; } }
public function changepass($newpass, $username) { global $mysqli; $username = $mysqli->real_escape_string($username); $hashpass = $this->hash($newpass); $qr = "UPDATE auth SET password='******' WHERE username='******';"; $e = $mysqli->query($qr) or showerror(); return true; }
function user_link_table_length($current_user) { global $mysqli; $current_user = $mysqli->real_escape_string($current_user); $result = $mysqli->query("SELECT COUNT(`rurl`) FROM `redirinfo` WHERE `user` = '{$current_user}';") or showerror(); $count = $result->fetch_assoc(); $count = (double) $count["COUNT(`rurl`)"]; $pages = $count / 30; return ceil($pages); }
/** * @brief Constructor */ function __construct() { includeeasyhelper('logger'); includeeasyhelper('showerror'); includeeasylibrary('easyinireaderwriter'); log_message(LOGGER_DEBUG, 'called function: ' . $this->getlibraryname() . '.' . __FUNCTION__ . ' begin'); //log_message ( LOGGER_SYSTEM, $this->getlibraryname () . ' library is inited. version:' . $this->getversion () ); adddependency($this->getlibraryname(), $this->getversion(), COMPONENT_LIBRARY, 'logger', '1.0.0.2', COMPONENT_HELPER); adddependency($this->getlibraryname(), $this->getversion(), COMPONENT_LIBRARY, 'easyinireaderwriter', '1.0.0.5', COMPONENT_LIBRARY); $this->acturl = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $this->segments = array(); $this->controller = ''; $this->functionname = ''; $tacturl = $this->acturl; $tbaseurl = substr(geteasy()->getbaseurl(), strpos(geteasy()->getbaseurl(), '://') + 3); if (substr($tacturl, 0, strlen($tbaseurl)) == $tbaseurl) { $tacturl = substr($tacturl, strlen($tbaseurl)); // Find parameters $poz = strpos($tacturl, '?'); if ($poz !== FALSE) { $arr = explode('&', substr($tacturl, $poz + 1)); foreach ($arr as $item) { $par = explode('=', $item); $this->parameters[] = array('name' => isset($par[0]) ? urldecode($par[0]) : '', 'value' => isset($par[1]) ? urldecode($par[1]) : ''); } log_message(LOGGER_INFO, 'found parameters=' . print_r($this->parameters, true)); $tacturl = substr($tacturl, 0, strpos($tacturl, '?')); } else { $this->parameters = array(); } if (!$tacturl || strtoupper($tacturl) == 'INDEX.PHP') { // Not found method getinivalue('config', 'config.ini', 'routes', 'default', 'default/index'); // Create if not exists $tacturl = 'default'; } else { // remove index.php $tacturl = str_replace('index.php/', '', $tacturl); $tacturl = str_replace('index.php', '', $tacturl); } if (!$this->parsemethod($tacturl)) { /*Show error*/ $arr = explode('/', $tacturl); log_message(LOGGER_SYSTEM, print_r($arr[0], true) . ' method not found!'); showerror('Hiba', 'A ' . $arr[0] . ' metódus nem található', ''); exit; } } else { /*Show error*/ log_message(LOGGER_SYSTEM, print_r($tbaseurl, true) . ' is not set in config file\'s baseurl entry!'); showerror('Hiba', 'A megadott URL nem felel meg a config fájlban beállított baseurl értékének.', ''); exit; } log_message(LOGGER_DEBUG, 'called function: ' . $this->getlibraryname() . '.' . __FUNCTION__ . ' end'); }
function showgifts($connection, $delete, $user) { // If we're showing the available gifts, then set up // a query to show all unreserved gifts (where people IS NULL) if ($delete == false) { $query = "SELECT * \n FROM presents\n WHERE people_id IS NULL\n ORDER BY present"; } else { // Otherwise, set up a query to show all gifts reserved by // this user $query = "SELECT * \n FROM presents\n WHERE people_id = \"{$user}\"\n ORDER BY present"; } // Run the query if (!($result = @mysql_query($query, $connection))) { showerror(); } // Did we get back any rows? if (@mysql_num_rows($result) != 0) { // Yes, so show the gifts as a table echo "\n<table border=1 width=100%>"; // Create some headings for the table echo "\n<tr>" . "\n\t<th>Quantity</th>" . "\n\t<th>Gift</th>" . "\n\t<th>Colour</th>" . "\n\t<th>Available From</th>" . "\n\t<th>Price</th>" . "\n\t<th>Action</th>" . "\n</tr>"; // Fetch each database table row of the results while ($row = @mysql_fetch_array($result)) { // Display the gift data as a table row echo "\n<tr>" . "\n\t<td>{$row["quantity"]}</td>" . "\n\t<td>{$row["present"]}</td>" . "\n\t<td>{$row["colour"]}</td>" . "\n\t<td>{$row["shop"]}</td>" . "\n\t<td>{$row["price"]}</td>"; // Should we offer the chance to remove the gift? if ($delete == true) { // Yes. So set up an embedded link that the user can click // to remove the gift to their shopping list by running // action.php with action=delete echo "\n\t<td><a href=\"action.php?action=delete&" . "present_id={$row["present_id"]}\">Delete from Shopping list</a>"; } else { // No. So set up an embedded link that the user can click // to add the gift to their shopping list by running // action.php with action=insert echo "\n\t<td><a href=\"action.php?action=insert&" . "present_id={$row["present_id"]}\">Add to Shopping List</a>"; } } echo "\n</table>"; } else { // No data was returned from the query. // Show an appropriate message if ($delete == false) { echo "\n<h3><font color=\"red\">No gifts left!</font></h3>"; } else { echo "\n<h3><font color=\"red\">Your Basket is Empty!</font></h3>"; } } }
function smallbiz_tax_form($id, $street, $po_box, $city, $state, $zipcode, $total_income, $small_biz, $num_of_employees, $refund, $signature, $date) { if ($GLOBALS['connected'] == False) { connect_to_db(); } $tax_rate = get_company_tax_rate($total_income); $tax_rate = $tax_rate / 100; $amount_due = $tax_rate * $total_income; $query = "INSERT INTO individual_forms VALUES ('{$id}', '{$street}', '{$po_box}', '{$city}', '{$state}', '{$zipcode}', '{$total_income}', '{$small_biz}', '{$num_of_employees}', '{$refund}', '{$signature}', '{$date}')"; if (!($result = @mysql_query($query, $GLOBALS['$connection']))) { showerror(); } header("Location: http://project.patthickey.com"); die; }
function __construct() { global $db_host, $db_username, $db_password, $db_name, $flickr_key, $flickr_secret; $this->mysqli = new mymysqli($db_host, $db_username, $db_password, $db_name); // Decide which user we're viewing. ?displayuser= will override everything else. Assume userid = 1 if nothing is specified. session_start(); if (preg_match('/\\/badge.jpg$/', $_REQUEST['user'])) { $split = preg_split('/\\//', $_REQUEST['user']); $_REQUEST['user'] = $split[0]; require_once 'badge.php'; exit; } if (preg_match('/index.php$/', $_SERVER['SCRIPT_FILENAME']) and $_REQUEST['user'] == '') { $_SESSION['user'] = "******"; $this->username = "******"; } elseif ($_REQUEST['user'] == '' and $_SESSION['user'] != '') { $this->username = $_SESSION['user']; } elseif ($_SESSION['user'] != '') { $_SESSION['user'] = $_REQUEST['user']; $this->username = $_REQUEST['user']; } else { $this->username = "******"; } // Get information about the displayed user. $sql = "SELECT id, username, password, startlat, startlong, title, foursquare, last_check, flickr_user, flickr_token, keyword FROM users WHERE LOWER(username) = ?"; $stmt = $this->mysqli->prepare($sql); $stmt->bind_param('s', strtolower($this->username)); $stmt->execute(); $stmt->bind_result($this->displayuser, $this->username, $this->password, $this->startLat, $this->startLong, $this->title, $this->foursquare, $this->last_check, $this->flickr_user, $this->flickr_token, $this->keyword); $stmt->fetch(); if (!$this->displayuser) { showerror("User was not found."); } // Check to see if the user is authorized to make changes $this->authenticated = 0; if (isset($_COOKIE['auth'])) { $this->authuserid = $_COOKIE['auth']['userid']; $hash = $_COOKIE['auth']['hash']; if ($this->authuserid == $this->displayuser) { if ($hash == md5($this->password . $this->authuserid . $_SERVER['HTTP_USER_AGENT'])) { $this->authenticated = 1; } } } }
function displayList($connection, $query, $wine_name) { if (!($result = @mysql_query($query, $connection))) { showerror(); } $rowsFound = @mysql_num_rows($result); if ($rowsFound > 0) { print "Wines of {$regionName}<br>"; print "\n<table>\n<tr>\n\t" . "<th>Wine Name</th>\n\t" . "<th>Variety</th>\n\t" . "<th>Year</th>\n\t" . "<th>Winery</th>\n\t" . "<th>Region</th>\n\t" . "<th>Cost</th>\n\t" . "<th>Quantity</th>\n\t" . "\n\t\t\t<th>Stock Sold</th>\n\t" . "\n\t<th>Sales Revenue</th>\n\t"; while ($row = @mysql_fetch_array($result)) { echo "\n<tr>\n\t<td>{$row["wine_name"]}</td>" . "\n\t<td>{$row["variety"]}</td>" . "\n\t<td>{$row["year"]}</td>" . "\n\t<td>{$row["winery_name"]}</td>" . "\n\t<td>{$row["region_name"]}</td>" . "\n\t<td>{$row["cost"]}</td>" . "\n\t<td><div align = 'center'>{$row["on_hand"]}</div></td>" . "\n\t<td><div align = 'center'>{$row["sum(qty)"]}</div></td>" . "\n\t<td><div align = 'center'>{$row["sum(price)"]}</div></td>\n"; } echo "\n</table>"; print "{$rowsFound}"; } else { echo "\n\n Your search criteria did not match any data in the database"; } }
function authenticateUserNav($connection, $username, $password) { // Test the username and password parameters if (!isset($username) || !isset($password)) { return false; } // Formulate the SQL find the user $query = "SELECT password FROM users WHERE user_name = '{$username}'\r\n AND password = '******'"; // Execute the query if (!($result = @mysql_query($query, $connection))) { showerror(); } // Is the returned result exactly one row? If so, then we have found the user if (mysql_num_rows($result) != 1) { return false; } else { return true; } }
function authenticateUser($connection, $username, $password) { $username = strtolower($username); include '../paths.php'; require CONFIG . 'config.php'; require INCLUDES . 'url_variables.inc.php'; require INCLUDES . 'db_tables.inc.php'; // Test the username and password parameters if (!isset($username) || !isset($password)) { return false; } // Formulate the SQL find the user $password = md5($password); $query = "SELECT password FROM {$users_db_table} WHERE user_name = '{$username}' AND password = '******'"; mysql_real_escape_string($query); $result = mysql_query($query, $connection); /* if(!$result || (mysql_numrows($result) < 1)){ return false; //Indicates username failure } // Retrieve password from result $dbarray = mysql_fetch_array($result); // Validate that password is correct if($password == $dbarray['password']){ return true; //Success! Username and password confirmed } else{ return false; //Indicates password failure } */ // Execute the query if (!($result = @mysql_query($query, $connection))) { showerror(); } // Is the returned result exactly one row? If so, then we have found the user if (mysql_num_rows($result) != 1) { return false; } else { return true; } }
function getWines($regionName) { // Connect to the server if (!($connection = @mysql_connect(DB_HOST, DB_USER, DB_PW))) { showerror(); } if (!mysql_select_db(DB_NAME, $connection)) { showerror(); } // manually clean data $regionName = substr($regionName, 0, 30); $regionName = mysql_real_escape_string($regionName, $connection); // Start a query ... $query = "SELECT wine_id, wine_name, description, year, winery_name\n FROM winery, region, wine\n WHERE winery.region_id = region.region_id\n AND wine.winery_id = winery.winery_id"; // ... then, if the user has specified a region, add the regionName // as an AND clause ... if (isset($regionName) && $regionName != "All") { $query .= " AND region_name = '{$regionName}'"; } // ... and then complete the query. $query .= " ORDER BY wine_name"; // Run the query on the server if (!($result = @mysql_query($query, $connection))) { showerror(); } // Find out how many rows are available $rowsFound = @mysql_num_rows($result); $wines = array(); // If the query has results ... if ($rowsFound > 0) { // Fetch each of the query rows while ($row = @mysql_fetch_assoc($result)) { $wines[$row['wine_id']] = $row; } // end while loop body } // end if $rowsFound body return $wines; }
function display_table($connection, $query) { // Run the query on the server if (!($result = @mysql_query($query, $connection))) { showerror(); echo "<br>"; } // Find out how many rows are available $rowFound = @mysql_num_rows($result); if ($rowFound > 0) { echo "Search Result as below"; echo "<br>"; echo $rowFound . " datas found in database"; echo "<table width='1250' cellpadding='5' cellspacing='5' border='2'>"; echo "<tr><td width = '150'><b>Name</b></td>\n\t\t\t\t <td width = '100'><b>Variety</b></td>\n\t\t\t\t <td width = '100'><b>Year</b></td>\n\t\t\t\t <td width = '200'><b>Winery</b></td>\n\t\t\t\t <td width = '200'><b>Region</b></td>\n\t\t\t\t <td width = '100'><b>Cost</b></td>\n\t\t\t\t <td width = '150'><b>Total number</b></td>\n\t\t\t\t <td width = '100'><b>Total stock</b></td>\n\t\t\t\t <td width = '150'><b>Total revenue</b></td></tr>"; while ($row = @mysql_fetch_array($result)) { echo "<tr><td width = '150'>{$row["wine_name"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["variety"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["year"]}</td>\n\t\t\t\t\t\t <td width = '200'>{$row["winery_name"]}</td>\n\t\t\t\t\t\t <td width = '200'>{$row["region_name"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["cost"]}</td>\n\t\t\t\t\t\t <td width = '150'>{$row["sum(qty)"]}</td>\n\t\t\t\t\t\t <td width = '100'>{$row["on_hand"]}</td>\n\t\t\t\t\t\t <td width = '150'>{$row["sum(price)"]}</td>\n\t\t\t\t\t\t </tr>"; } echo "</table>"; } else { echo " No matched record"; } }
function getRegions() { // Connect to the server if (!($connection = @mysql_connect(DB_HOST, DB_USER, DB_PW))) { showerror(); } if (!mysql_select_db(DB_NAME, $connection)) { showerror(); } // Query to find distinct values of $attributeName in $tableName $distinctQuery = "SELECT DISTINCT region_id, region_name FROM region"; // Run the distinctQuery on the databaseName if (!($resultId = @mysql_query($distinctQuery, $connection))) { showerror(); } $regions = array(); // Retrieve each row from the query while ($row = @mysql_fetch_array($resultId)) { // Get the value for the attribute to be displayed $regions[$row['region_name']] = $row['region_name']; } return $regions; }
function authenticateUser($connection, $username, $password) { // Test the username and password parameters if (!isset($username) || !isset($password)) { return false; } // Formulate the SQL find the user $password = md5($password); $query = "SELECT password FROM users WHERE user_name = '{$username}'\n AND password = '******'"; /* $result = mysql_query($query, $connection); if(!$result || (mysql_numrows($result) < 1)){ return false; //Indicates username failure } // Retrieve password from result $dbarray = mysql_fetch_array($result); // Validate that password is correct if($password == $dbarray['password']){ return true; //Success! Username and password confirmed } else{ return false; //Indicates password failure } */ // Execute the query if (!($result = @mysql_query($query, $connection))) { showerror(); } // Is the returned result exactly one row? If so, then we have found the user if (mysql_num_rows($result) != 1) { return false; } else { return true; } }
/* Redirect to target URL. */ require_once 'lib-core.php'; if (is_string($_GET['u'])) { $val = $mysqli->real_escape_string($_GET['u']); } else { echo "Sorry. You didn't enter a valid ending."; die; } if (strstr($val, "t-")) { $query = "SELECT `rurl` FROM `redirinfo-temp` WHERE baseval='{$val}'"; } else { $query = "SELECT `rurl`,`lkey` FROM `redirinfo` WHERE baseval='{$val}'"; } $result = $mysqli->query($query) or showerror(); $row = mysqli_fetch_assoc($result); if (!isset($row['rurl']) || strlen($row['rurl']) < 1) { header("Location: 404.php", true, 302); die; } if (strtolower($row['rurl']) == "disabled") { require_once 'layout-headerlg.php'; echo "<h2>The link you are trying to reach has been disabled.</h2><br>" . "Sorry for the inconvienience."; require_once 'layout-footerlg.php'; die; } $lkey = @$row['lkey']; if (strlen($lkey) > 1) { // check for key $sent_lkey = isset($_GET[$lkey]);
public function mudaPassword() { if( validaUtilizador($user, $pass) ) { if (strcmp($newPassword1, $newPassword2) == 0) { $digest = $this->codificaSenha($newPassword1); //$update_query = "UPDATE users SET password = '******' WHERE user_name = '{$_SESSION["loginUsername"]}'"; $this->pass = $digest; if (!$result = @ mysql_query ($update_query, $connection)){ showerror(); $_SESSION["passwordMessage"] = "Password changed for '{$_SESSION["loginUsername"]}'"; } else { $_SESSION["passwordMessage"] = "Could not change password for '{$_SESSION["loginUsername"]}'"; } } } }
$uc_authcode = getgpc('uc_authcode', 'C'); if (empty($uc_authcode) || authcode($uc_authcode, 'DECODE', UC_KEY) != UC_FOUNDERPW) { $uc_founderpw = getgpc('uc_founderpw'); if (empty($uc_founderpw) || UC_FOUNDERPW != md5(md5($uc_founderpw) . UC_FOUNDERSALT)) { echo '<form method="post">'; echo '请输入UCenter创始人密码:<input type="password" name="uc_founderpw" /> <input type="submit" value="提交" />'; exit; } else { setcookie('uc_authcode', authcode(UC_FOUNDERPW, 'ENCODE', UC_KEY)); header("Location: upgrade2.php?action=upgsecques"); exit; } } if (!is_dir(UC_ROOT . './data/upgsecques')) { showheader(); showerror('请先将论坛下 ./forumdata/upgsecques 目录上传到UCenter 目录 ./data/ 下,之后<a href="javascript:location.reload();" target="_self">刷新此页面</a>'); } $num = getgpc('num'); $num = $num ? intval($num) : 1; $random = getgpc('random'); if (empty($random)) { $dir = UC_ROOT . './data/upgsecques'; $directory = dir($dir); while ($entry = $directory->read()) { if (preg_match('/^secques_(\\w+)_\\d+/', $entry, $match)) { break; } } $random = $match[1]; } $dump_file = UC_ROOT . './data/upgsecques/secques_' . $random . '_' . $num . '.sql';
} else { switchConnection("characters", REALM_NAME); // The arenateam ID was set.. Now, get information on the arenateam // $arenateamId = (int) $_GET["arenateamid"]; $arenateamquery = execute_query("SELECT * FROM `arena_team`,`arena_team_stats` WHERE `arena_team`.`arenateamid` = `arena_team_stats`.`arenateamid` AND `arena_team_stats`.`arenateamid` = " . $arenateamId . " LIMIT 1"); // If there were no results, the arenateam did not exist // if (!($arenateam = mysql_fetch_assoc($arenateamquery))) { showerror("Arena does not exist", "The arenateam with ID "" . $arenateamId . "" does not exist."); $do_query = 0; } else { // The arenateam exists // // Basic Information on Arena Team // // Get the arenateam captain if it exists // if (!$arenateam["captainguid"]) { // Arena Team has no master? err // showerror("<Arena Team has no captain>", "The arenateam with the ID "" . $arenateamId . "" has no captain."); $do_query = 0; } else { $do_query = 1; } } } if ($do_query) { // Return the captain of the arenateam // $captaindata = mysql_fetch_assoc(execute_query("SELECT `name`, `race`, `class`, `data` FROM `characters` WHERE `guid` = " . $arenateam["captainguid"] . " LIMIT 1")); $char_data = explode(" ", $captaindata["data"]); $captaindata["level"] = $char_data[$defines["LEVEL"][CLIENT]]; $captain_gender = dechex($char_data[$defines["GENDER"][CLIENT]]); unset($char_data); $captain_gender = str_pad($captain_gender, 8, 0, STR_PAD_LEFT); $captaindata["gender"] = $captain_gender[3];
//prevent user from registering } $opts = array('cost' => 10, 'salt' => $salt); $hashed = password_hash($reg['password'], PASSWORD_BCRYPT, $opts); $reg['password'] = $hashed; if ($regtype == "free") { $active = "1"; } else { $active = "0"; } //$qr = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES ('{$reg['username']}','{$reg['email']}','{$hashed}','{$reg['rkey']}','{$active}', '{$ip}');"; //$rr = $mysqli->query($qr) or showerror(); $qp = "INSERT INTO `auth` (username,email,password,rkey,valid,ip) VALUES (?,?,?,?,?,?)"; $st = $mysqli->prepare($qp) or showerror(); $st->bind_param('ssssss', $reg['username'], $reg['email'], $hashed, $reg['rkey'], $active, $ip) or showerror(); $st->execute() or showerror(); if ($regtype == 'email') { $sglink = "http://{$wsa}/activate.php?key=" . $reg['rkey'] . '&user='******'username']; $sgmsg = "Please validate your {$wsn} Account by clicking the link below or pasting it into your browser:<br>" . '<a href="' . $sglink . '">' . $sglink . '</a>' . "<br><br>If you did not register at {$wsn} (<a href='//{$wsa}'>{$wsn}</a>), please disregard this email." . "<br>"; $to = $reg['email']; $sm = $sgmail->sendmail($to, 'Polr Account Validation', $sgmsg); require_once 'layout-headerlg.php'; echo "Thanks for registering. Check your email for an activation link. You must activate your account before logging in (top right corner)"; require_once 'layout-footerlg.php'; die; } else { require_once 'layout-headerlg.php'; echo "Thanks for registering. You may now login (top right corner)"; require_once 'layout-footerlg.php'; die; }
echo _ADMIN_GOBACK; ?> </A> <IMG SRC="images/icon/arrow_wap.gif" BORDER="0" ALIGN="absmiddle"> <a href="?name=admin&file=member"><?php echo _ADMIN_MEMBER_MENU_TITLE; ?> </a> <IMG SRC="images/icon/arrow_wap.gif" BORDER="0" ALIGN="absmiddle"> <a href="?name=admin&file=member_mail"><?php echo _ADMIN_MEMBER_MENU_MAILTO_MEM; ?> </a></B> <BR> <?php if ($result) { echo "<center><font size='3' face='MS Sans Serif'>" . _ADMIN_MEMBER_MESSAGE_DEL_MEM_OK . " {$member_id} " . _ADMIN_MEMBER_MESSAGE_DEL_MEM_OK1 . ""; echo "<br><br>" . _ADMIN_MEMBER_MESSAGE_DEL_MEM_WAIT . "</font></center>"; echo "<meta http-equiv='refresh' content='2;url=?name=admin&file=member'>"; //exit() ; } else { $showmsg = "<br><br><center><font size='3' face='MS Sans Serif'><b>" . _ADMIN_MEMBER_MESSAGE_NO_DEL . "</b></font><br><br>\n<input type='button' value='" . _ADMIN_MEMBER_MESSAGE_NO_DEL_GOBACK . "' onclick='history.back();'></center>"; showerror($showmsg); } ?> </TD> </TR> </TABLE></td> </tr> </table> </TD> </TR> </TABLE> <?php } }
} else { switchConnection("characters", REALM_NAME); // The guild ID was set.. Now, get information on the guild // $guildId = (int) $_GET["guildid"]; $guildquery = execute_query("SELECT * FROM `guild` WHERE `guildid` = " . $guildId . " LIMIT 1"); // If there were no results, the guild did not exist // if (!($guild = mysql_fetch_assoc($guildquery))) { showerror("Guild does not exist", "The guild with ID "" . $guildId . "" does not exist."); $do_query = 0; } else { // The guild exists // // Basic Information on Guild // // Get the guild leader if it exists // if (!$guild["leaderguid"]) { // Guild has no master? err // showerror("<Guild has no leader>", "The guild with the ID "" . $guildId . "" has no leader."); $do_query = 0; } else { $do_query = 1; } } } if ($do_query) { // Return the leader of the guild // $gleader = execute_query("SELECT `name`, `race`, `class`, `data` FROM `characters` WHERE `guid` = " . $guild["leaderguid"] . " LIMIT 1"); $gmdata = mysql_fetch_assoc($gleader); $char_data = explode(" ", $gmdata["data"]); $gmdata["level"] = $char_data[$defines["LEVEL"][CLIENT]]; $gm_gender = dechex($char_data[$defines["GENDER"][CLIENT]]); unset($char_data); $gm_gender = str_pad($gm_gender, 8, 0, STR_PAD_LEFT);
function remote_install() { global $family; $token = ''; $pars = array(); $pars['host'] = $_SERVER['HTTP_HOST']; $pars['version'] = '0.7'; $pars['release'] = ''; $pars['type'] = 'install'; $pars['product'] = ''; $url = 'http://v2.addons.we7.cc/gateway.php'; $ch = curl_init($url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $pars); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADERFUNCTION, '__remote_install_headers'); $content = curl_exec($ch); curl_close($ch); $sign = __remote_install_headers(); $ret = array(); if (empty($content)) { return showerror(-1, '获取安装信息失败,可能是由于网络不稳定,请重试。'); } $ret = unserialize($content); if ($sign != md5($ret['data'] . $token)) { return showerror(-1, '发生错误: 数据校验失败,可能是传输过程中网络不稳定导致,请重试。'); } $ret['data'] = unserialize($ret['data']); return $ret['data']; }
ALTER TABLE uc_applications CHANGE ip ip varchar(15) NOT NULL default ''; ALTER TABLE uc_applications CHANGE viewprourl viewprourl varchar(255) NOT NULL default ''; ALTER TABLE uc_applications CHANGE apifilename apifilename varchar(128) NOT NULL default 'uc.php'; ALTER TABLE uc_applications CHANGE charset charset varchar(16) NOT NULL default ''; ALTER TABLE uc_applications CHANGE dbcharset dbcharset varchar(16) NOT NULL default ''; ALTER TABLE uc_applications CHANGE extra extra text NOT NULL; ALTER TABLE uc_applications CHANGE tagtemplates tagtemplates text NOT NULL; REPLACE INTO uc_settings (k, v) VALUES ('privatepmthreadlimit','25'); REPLACE INTO uc_settings (k, v) VALUES ('chatpmthreadlimit','30'); REPLACE INTO uc_settings (k, v) VALUES ('chatpmmemberlimit','35'); REPLACE INTO uc_settings (k, v) VALUES ('version','1.6.0'); EOT; if (file_exists($lock_file)) { showheader(); showerror('Upgrade is locked!<br>For continue the upgrade you need to remove the ' . str_replace(UC_ROOT, '', $lock_file) . ' file, and then restart the operation'); showfooter(); } if (!$action) { showheader(); ?> <p>This procedure is used to upgrade UCenter 1.5.2 to UCenter 1.6.0</p> <p>Before running the upgrade process, make sure you have uploaded UCenter 1.6.0 all files and directories</p> <p>Strongly recommended to backup the UCenter database before upgrade!</p> <p>If you confirm completion of the above step, <a href="<?php echo $PHP_SELF; ?> ?action=db">please click here to start upgrade</a></p> <?php
// if there isn't exactly one match, we have serious problems. ABORT! if (mysql_num_rows($result) !== 1) { message($ttf_label, $ttf_msg["fatal_error"], $ttf_msg["passkeydne"]); die; } // otherwise, grab the infos list($user_id, $password) = mysql_fetch_array($result); // use the information to change the active password $sql = "UPDATE ttf_user " . "SET password='******' " . "WHERE user_id='{$user_id}' "; if (!($result = mysql_query($sql))) { showerror(); } // get rid of the recovery record $sql = "DELETE FROM ttf_recover WHERE passkey='{$passkey}'"; if (!($result = mysql_query($sql))) { showerror(); } // tell the user it worked, kill the agent message($ttf_label, $ttf_msg["successtitl"], $ttf_msg["pwdchanged"]); die; } echo <<<EOF <div class="contenttitle">activate your password</div> <div class="contentbox"> <form action="activate.php" method="post"> <div> enter your passkey to activate your new password.<br /><br /> <input type="text" name="passkey" size="36" /><br /><br /> <input type="submit" value="activate" /> </div> </form>
function demoinfo() { showerror($caption = 'Info', $errormessage = 'Info message', $this->getbaseurl(), 'defaulterror', 'info'); }