Exemplo n.º 1
0
function register_vote(&$options, $poll_id, $opt_id, $mid)
{
    /* invalid option or previously voted */
    if (!isset($options[$opt_id]) || q_singleval('SELECT id FROM phpgw_fud_poll_opt_track WHERE poll_id=' . $poll_id . ' AND user_id=' . _uid)) {
        return;
    }
    if (db_li('INSERT INTO phpgw_fud_poll_opt_track(poll_id, user_id, poll_opt) VALUES(' . $poll_id . ', ' . _uid . ', ' . $opt_id . ')', $a)) {
        q('UPDATE phpgw_fud_poll_opt SET count=count+1 WHERE id=' . $opt_id);
        q('UPDATE phpgw_fud_poll SET total_votes=total_votes+1 WHERE id=' . $poll_id);
        poll_cache_rebuild($opt_id, $options);
        q('UPDATE phpgw_fud_msg SET poll_cache=' . strnull(addslashes(@serialize($options))) . ' WHERE id=' . $mid);
    }
    return 1;
}
Exemplo n.º 2
0
function logaction($user_id, $res, $res_id = 0, $action = null)
{
    q('INSERT INTO phpgw_fud_action_log (logtime, logaction, user_id, a_res, a_res_id)
		VALUES(' . __request_timestamp__ . ', ' . strnull($action) . ', ' . $user_id . ', ' . strnull($res) . ', ' . (int) $res_id . ')');
}
Exemplo n.º 3
0
 function sync()
 {
     $this->post_stamp = __request_timestamp__;
     $this->ip_addr = get_ip();
     $this->host_name = $GLOBALS['FUD_OPT_1'] & 268435456 ? "'" . addslashes(get_host($this->ip_addr)) . "'" : 'NULL';
     list($this->foff, $this->length) = write_pmsg_body($this->body);
     q("UPDATE phpgw_fud_pmsg SET\n\t\t\tto_list=" . strnull(addslashes($this->to_list)) . ",\n\t\t\ticon=" . strnull($this->icon) . ",\n\t\t\touser_id=" . $this->ouser_id . ",\n\t\t\tduser_id=" . $this->ouser_id . ",\n\t\t\tpost_stamp=" . $this->post_stamp . ",\n\t\t\tsubject='" . addslashes($this->subject) . "',\n\t\t\tip_addr='" . $this->ip_addr . "',\n\t\t\thost_name=" . $this->host_name . ",\n\t\t\tattach_cnt=" . (int) $this->attach_cnt . ",\n\t\t\tfldr=" . $this->fldr . ",\n\t\t\tfoff=" . (int) $this->foff . ",\n\t\t\tlength=" . (int) $this->length . ",\n\t\t\tpmsg_opt=" . $this->pmsg_opt . "\n\t\tWHERE id=" . $this->id);
     if ($this->fldr == 3) {
         $this->send_pmsg();
     }
 }
Exemplo n.º 4
0
<?php 
                exit;
            } else {
                if (isset($_POST['btn_yes'])) {
                    q('UPDATE ' . $DBHOST_TBL_PREFIX . 'users SET users_opt=(users_opt & ~ 524288) | 1048576 WHERE id=' . $usr_id);
                    $u->users_opt |= 1048576;
                }
            }
        }
        break;
}
$search_error = $login_error = '';
if ($usr_id) {
    /* deal with custom tags */
    if (!empty($_POST['c_tag'])) {
        q('INSERT INTO ' . $DBHOST_TBL_PREFIX . 'custom_tags (name, user_id) VALUES(' . strnull(addslashes($_POST['c_tag'])) . ', ' . $usr_id . ')');
    } else {
        if (!empty($_GET['deltag'])) {
            q('DELETE FROM ' . $DBHOST_TBL_PREFIX . 'custom_tags WHERE id=' . (int) $_GET['deltag']);
        } else {
            $nada = 1;
        }
    }
    if (!isset($nada) && db_affected()) {
        ctag_rebuild_cache($usr_id);
    }
} else {
    if (!empty($_POST['usr_email']) || !empty($_POST['usr_login'])) {
        /* user searching logic */
        $item = !empty($_POST['usr_email']) ? $_POST['usr_email'] : $_POST['usr_login'];
        $field = !empty($_POST['usr_email']) ? 'email' : ($FUD_OPT_2 & 128 ? 'alias' : 'login');
Exemplo n.º 5
0
 function sync($id, $frm_id, $message_threshold, $perm)
 {
     if (!db_locked()) {
         db_lock('phpgw_fud_poll_opt WRITE, phpgw_fud_forum WRITE, phpgw_fud_msg WRITE, phpgw_fud_thread WRITE, phpgw_fud_thread_view WRITE');
         $ll = 1;
     }
     $file_id = write_body($this->body, $length, $offset);
     /* determine if preview needs building */
     if ($message_threshold && $message_threshold < strlen($this->body)) {
         $thres_body = trim_html($this->body, $message_threshold);
         $file_id_preview = write_body($thres_body, $length_preview, $offset_preview);
     } else {
         $file_id_preview = $offset_preview = $length_preview = 0;
     }
     poll_cache_rebuild($this->poll_id, $poll_cache);
     $poll_cache = $poll_cache ? @serialize($poll_cache) : null;
     q("UPDATE phpgw_fud_msg SET\n\t\t\tfile_id=" . $file_id . ",\n\t\t\tfoff=" . (int) $offset . ",\n\t\t\tlength=" . (int) $length . ",\n\t\t\tmlist_msg_id=" . strnull(addslashes($this->mlist_msg_id)) . ",\n\t\t\tfile_id_preview=" . $file_id_preview . ",\n\t\t\toffset_preview=" . $offset_preview . ",\n\t\t\tlength_preview=" . $length_preview . ",\n\t\t\tupdated_by=" . $id . ",\n\t\t\tmsg_opt=" . $this->msg_opt . ",\n\t\t\tattach_cnt=" . (int) $this->attach_cnt . ",\n\t\t\tpoll_id=" . (int) $this->poll_id . ",\n\t\t\tupdate_stamp=" . __request_timestamp__ . ",\n\t\t\ticon=" . strnull(addslashes($this->icon)) . " ,\n\t\t\tpoll_cache=" . strnull(addslashes($poll_cache)) . ",\n\t\t\tsubject=" . strnull(addslashes($this->subject)) . "\n\t\tWHERE id=" . $this->id);
     /* determine wether or not we should deal with locked & sticky stuff
      * current approach may seem a little redundant, but for (most) users who
      * do not have access to locking & sticky this eliminated a query.
      */
     $th_data = db_saq('SELECT orderexpiry, thread_opt, root_msg_id FROM phpgw_fud_thread WHERE id=' . $this->thread_id);
     $locked = (int) isset($_POST['thr_locked']);
     if (isset($_POST['thr_ordertype'], $_POST['thr_orderexpiry']) || ($th_data[1] ^ $locked) & 1) {
         $thread_opt = (int) $th_data[1];
         $orderexpiry = isset($_POST['thr_orderexpiry']) ? (int) $_POST['thr_orderexpiry'] : 0;
         /* confirm that user has ability to change lock status of the thread */
         if ($perm & 4096) {
             if ($locked && !($thread_opt & $locked)) {
                 $thread_opt |= 1;
             } else {
                 if (!$locked && $thread_opt & 1) {
                     $thread_opt &= ~1;
                 }
             }
         }
         /* confirm that user has ability to change sticky status of the thread */
         if ($th_data[2] == $this->id && isset($_POST['thr_ordertype'], $_POST['thr_orderexpiry']) && $perm & 64) {
             if (!$_POST['thr_ordertype'] && $thread_opt > 1) {
                 $orderexpiry = 0;
                 $thread_opt &= ~6;
             } else {
                 if ($thread_opt < 2 && (int) $_POST['thr_ordertype']) {
                     $thread_opt |= $_POST['thr_ordertype'];
                 } else {
                     if (!($thread_opt & (int) $_POST['thr_ordertype'])) {
                         $thread_opt = $_POST['thr_ordertype'] | $thread_opt & 1;
                     }
                 }
             }
         }
         /* Determine if any work needs to be done */
         if ($thread_opt != $th_data[1] || $orderexpiry != $th_data[0]) {
             q("UPDATE phpgw_fud_thread SET thread_opt=" . $thread_opt . ", orderexpiry=" . $orderexpiry . " WHERE id=" . $this->thread_id);
             /* Avoid rebuilding the forum view whenever possible, since it's a rather slow process
              * Only rebuild if expiry time has changed or message gained/lost sticky status
              */
             $diff = $thread_opt ^ $th_data[1];
             if ($diff > 1 && !($diff & 6) || $orderexpiry != $th_data[0]) {
                 rebuild_forum_view($frm_id);
             }
         }
     }
     if (isset($ll)) {
         db_unlock();
     }
     if ($GLOBALS['FUD_OPT_1'] & 16777216) {
         delete_msg_index($this->id);
         index_text(preg_match('!^Re: !i', $this->subject) ? '' : $this->subject, $this->body, $this->id);
     }
 }
Exemplo n.º 6
0
function rebuildmodlist()
{
    $tbl =& $GLOBALS['DBHOST_TBL_PREFIX'];
    $lmt =& $GLOBALS['SHOW_N_MODS'];
    $c = uq('SELECT u.id, u.alias, f.id FROM ' . $tbl . 'mod mm INNER JOIN ' . $tbl . 'users u ON mm.user_id=u.id INNER JOIN ' . $tbl . 'forum f ON f.id=mm.forum_id ORDER BY f.id,u.alias');
    while ($r = db_rowarr($c)) {
        $u[] = $r[0];
        if (isset($ar[$r[2]]) && count($ar[$r[2]]) >= $lmt) {
            continue;
        }
        $ar[$r[2]][$r[0]] = $r[1];
    }
    q('UPDATE ' . $tbl . 'forum SET moderators=NULL');
    if (isset($ar)) {
        foreach ($ar as $k => $v) {
            q('UPDATE ' . $tbl . 'forum SET moderators=' . strnull(addslashes(@serialize($v))) . ' WHERE id=' . $k);
        }
    }
    q('UPDATE ' . $tbl . 'users SET users_opt=users_opt & ~ 524288 WHERE users_opt>=524288 AND (users_opt & 524288) > 0');
    if (isset($u)) {
        q('UPDATE ' . $tbl . 'users SET users_opt=users_opt|524288 WHERE id IN(' . implode(',', $u) . ') AND (users_opt & 1048576)=0');
    }
}
Exemplo n.º 7
0
function rebuild_stats_cache($last_msg_id)
{
    $tm_expire = __request_timestamp__ - $GLOBALS['LOGEDIN_TIMEOUT'] * 60;
    list($obj->last_user_id, $obj->user_count) = db_saq('SELECT MAX(id), count(*)-1 FROM phpgw_fud_users');
    $obj->online_users_anon = q_singleval('SELECT count(*) FROM phpgw_fud_ses s WHERE time_sec>' . $tm_expire . ' AND user_id>2000000000');
    $obj->online_users_hidden = q_singleval('SELECT count(*) FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id WHERE s.time_sec>' . $tm_expire . ' AND (u.users_opt & 32768) > 0');
    $obj->online_users_reg = q_singleval('SELECT count(*) FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id WHERE s.time_sec>' . $tm_expire . ' AND (u.users_opt & 32768)=0');
    $c = uq('SELECT u.id, u.alias, u.users_opt, u.custom_color FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id WHERE s.time_sec>' . $tm_expire . ' AND (u.users_opt & 32768)=0 ORDER BY s.time_sec DESC LIMIT ' . $GLOBALS['MAX_LOGGEDIN_USERS']);
    while ($r = db_rowarr($c)) {
        $obj->online_users_text[$r[0]] = draw_user_link($r[1], $r[2], $r[3]);
    }
    q('UPDATE phpgw_fud_stats_cache SET
		cache_age=' . __request_timestamp__ . ',
		last_user_id=' . (int) $obj->last_user_id . ',
		user_count=' . (int) $obj->user_count . ',
		online_users_anon=' . (int) $obj->online_users_anon . ',
		online_users_hidden=' . (int) $obj->online_users_hidden . ',
		online_users_reg=' . (int) $obj->online_users_reg . ',
		online_users_text=' . strnull(addslashes(@serialize($obj->online_users_text))));
    $obj->last_user_alias = q_singleval('SELECT alias FROM phpgw_fud_users WHERE id=' . $obj->last_user_id);
    $obj->last_msg_subject = q_singleval('SELECT subject FROM phpgw_fud_msg WHERE id=' . $last_msg_id);
    return $obj;
}
Exemplo n.º 8
0
    list($mime_descr, $mime_mime_hdr, $mime_fl_ext, $mime_icon) = db_saq('SELECT descr, mime_hdr, fl_ext, icon FROM ' . $tbl . 'mime WHERE id=' . (int) $_GET['edit']);
    $edit = (int) $_GET['edit'];
} else {
    $mime_icon = $edit = $mime_descr = $mime_mime_hdr = $mime_fl_ext = '';
}
if (isset($_FILES['icoul']) && $_FILES['icoul']['size'] && preg_match('!\\.(jpg|jpeg|gif|png)$!i', $_FILES['icoul']['name'])) {
    move_uploaded_file($_FILES['icoul']['tmp_name'], $GLOBALS['WWW_ROOT_DISK'] . 'images/mime/' . $_FILES['icoul']['name']);
    if (empty($_POST['mime_icon'])) {
        $_POST['mime_icon'] = $_FILES['icoul']['name'];
    }
}
if (isset($_POST['btn_update'], $_POST['edit'])) {
    q('UPDATE ' . $tbl . 'mime SET descr=' . strnull(addslashes($_POST['mime_descr'])) . ', mime_hdr=' . strnull(addslashes($_POST['mime_mime_hdr'])) . ', fl_ext=' . strnull(addslashes($_POST['mime_fl_ext'])) . ', icon=' . strnull(addslashes($_POST['mime_icon'])) . ' WHERE id=' . (int) $_POST['edit']);
} else {
    if (isset($_POST['btn_submit'])) {
        q('INSERT INTO ' . $tbl . 'mime (descr, mime_hdr, fl_ext, icon) VALUES (' . strnull(addslashes($_POST['mime_descr'])) . ', ' . strnull(addslashes($_POST['mime_mime_hdr'])) . ', ' . strnull(addslashes($_POST['mime_fl_ext'])) . ', ' . strnull(addslashes($_POST['mime_icon'])) . ')');
    }
}
require $WWW_ROOT_DISK . 'adm/admpanel.php';
?>
<h2>MIME Management System</h2>
<table class="datatable solidtable">
<form action="admmime.php" name="frm_mime" method="post" enctype="multipart/form-data">
<?php 
echo _hs;
if (@is_writeable($GLOBALS['WWW_ROOT_DISK'] . 'images/mime/')) {
    ?>
<tr class="fieldtopic">
	<td colspan=2><b>MIME Icon Upload (upload mime icons into the system)</td>
</tr>
<tr class="field">
Exemplo n.º 9
0
function check_ppost_form($msg_subject)
{
    if (!strlen(trim($msg_subject))) {
        set_err('msg_subject', 'Subject required');
    }
    if (post_check_images()) {
        set_err('msg_body', 'Maximum ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' images are allowed per post, please decrease the number of images');
    }
    $list = explode(';', $_POST['msg_to_list']);
    foreach ($list as $v) {
        $v = trim($v);
        if (strlen($v)) {
            if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) {
                set_err('msg_to_list', 'There is no user named "' . htmlspecialchars($v) . '" this forum');
                break;
            }
            if (!empty($obj->ignore_id)) {
                set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is ignoring you.');
                break;
            } else {
                if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) {
                    set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is not accepting private messages.');
                    break;
                } else {
                    $GLOBALS['recv_user_id'][] = $obj->id;
                }
            }
        }
    }
    if (empty($_POST['msg_to_list'])) {
        set_err('msg_to_list', 'Cannot send a message, missing recipient');
    }
    return $GLOBALS['__error__'];
}
Exemplo n.º 10
0
function ses_update_status($ses_id, $str = null, $forum_id = 0, $ret = '')
{
    q('UPDATE phpgw_fud_ses SET forum_id=' . $forum_id . ', time_sec=' . __request_timestamp__ . ', action=' . ($str ? "'" . addslashes($str) . "'" : 'NULL') . ', returnto=' . (!is_int($ret) ? strnull(addslashes($_SERVER['QUERY_STRING'])) : 'returnto') . ' WHERE id=' . $ses_id);
}
Exemplo n.º 11
0
* $Id: admlevel.php,v 1.2 2003/12/18 16:42:31 iliaa Exp $
*
* This program is free software; you can redistribute it and/or modify it 
* under the terms of the GNU General Public License as published by the 
* Free Software Foundation; either version 2 of the License, or 
* (at your option) any later version.
***************************************************************************/
require './GLOBALS.php';
fud_egw();
fud_use('adm.inc', true);
fud_use('widgets.inc', true);
if (isset($_POST['lev_submit'])) {
    q("INSERT INTO " . $DBHOST_TBL_PREFIX . "level (name, img, level_opt, post_count) VALUES ('" . addslashes($_POST['lev_name']) . "', " . strnull(addslashes($_POST['lev_img'])) . ", " . (int) $_POST['lev_level_opt'] . ", " . (int) $_POST['lev_post_count'] . ")");
} else {
    if (isset($_POST['edit'], $_POST['lev_update'])) {
        q("UPDATE " . $DBHOST_TBL_PREFIX . "level SET name='" . addslashes($_POST['lev_name']) . "', img=" . strnull(addslashes($_POST['lev_img'])) . ", level_opt=" . (int) $_POST['lev_level_opt'] . ", post_count=" . (int) $_POST['lev_post_count'] . " WHERE id=" . (int) $_POST['edit']);
    }
}
if (isset($_GET['edit'])) {
    $edit = (int) $_GET['edit'];
    list($lev_name, $lev_img, $lev_level_opt, $lev_post_count) = db_saq('SELECT name, img, level_opt, post_count FROM ' . $DBHOST_TBL_PREFIX . 'level WHERE id=' . (int) $_GET['edit']);
} else {
    $edit = $lev_name = $lev_img = $lev_level_opt = $lev_post_count = '';
}
if (isset($_GET['del'])) {
    q('DELETE FROM ' . $DBHOST_TBL_PREFIX . 'level WHERE id=' . (int) $_GET['del']);
}
if (isset($_GET['rebuild_levels'])) {
    $pl = 2000000000;
    $c = q('SELECT id, post_count FROM ' . $DBHOST_TBL_PREFIX . 'level ORDER BY post_count DESC');
    while ($r = db_rowarr($c)) {
Exemplo n.º 12
0
function check_ppost_form($msg_subject)
{
    if (!strlen(trim($msg_subject))) {
        set_err('msg_subject', 'Oggetto necessario');
    }
    if (post_check_images()) {
        set_err('msg_body', 'Sono consentite un massimo di ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' immagini per messaggio; per cortesia, riduci il numero di immagini');
    }
    $list = explode(';', $_POST['msg_to_list']);
    foreach ($list as $v) {
        $v = trim($v);
        if (strlen($v)) {
            if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) {
                set_err('msg_to_list', 'Non c&#39;è alcun utente "' . htmlspecialchars($v) . '" in questo forum');
                break;
            }
            if (!empty($obj->ignore_id)) {
                set_err('msg_to_list', 'Non puoi spedire un messaggio personale a "' . htmlspecialchars($v) . '", perchè questo utente ha deciso di ignorarti.');
                break;
            } else {
                if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) {
                    set_err('msg_to_list', 'Non puoi inviare un messaggio privato a "' . htmlspecialchars($v) . '", perchè non accetta messaggi privati.');
                    break;
                } else {
                    $GLOBALS['recv_user_id'][] = $obj->id;
                }
            }
        }
    }
    if (empty($_POST['msg_to_list'])) {
        set_err('msg_to_list', 'Non è possibile inviare il messaggio, manca il destinatario');
    }
    return $GLOBALS['__error__'];
}
Exemplo n.º 13
0
$oldu = '';
$ir = array();
$c = q('SELECT ignore_id, user_id FROM ' . $tbl . 'user_ignore ORDER BY user_id');
while ($r = db_rowarr($c)) {
    if ($oldu != $r[1]) {
        if ($oldu) {
            q('UPDATE ' . $tbl . 'users SET ignore_list=' . strnull(addslashes(@serialize($ir))) . ' WHERE id=' . $oldu);
            $bi = array();
        }
        $oldu = $r[1];
    }
    $ir[$r[0]] = 1;
}
unset($c);
if (count($ir)) {
    q('UPDATE ' . $tbl . 'users SET ignore_list=' . strnull(addslashes(@serialize($ir))) . ' WHERE id=' . $oldu);
    unset($ir);
}
draw_stat('Done: Rebuilding ignore list cache');
draw_stat('Rebuilding ip filter cache');
ip_cache_rebuild();
draw_stat('Done: Rebuilding ip filter cache');
draw_stat('Rebuilding login filter cache');
login_cache_rebuild();
draw_stat('Done: Rebuilding login filter cache');
draw_stat('Rebuilding email filter cache');
email_cache_rebuild();
draw_stat('Done: Rebuilding email filter cache');
draw_stat('Rebuilding extension filter cache');
ext_cache_rebuild();
draw_stat('Done: Rebuilding extension filter cache');
Exemplo n.º 14
0
} else {
    $edit = $sml_code = $sml_img = $sml_descr = '';
}
if (isset($_FILES['icoul']) && $_FILES['icoul']['size'] && preg_match('!\\.(jpg|jpeg|gif|png)$!i', $_FILES['icoul']['name'])) {
    move_uploaded_file($_FILES['icoul']['tmp_name'], $GLOBALS['WWW_ROOT_DISK'] . 'images/smiley_icons/' . $_FILES['icoul']['name']);
    if (empty($_POST['avt_img'])) {
        $_POST['avt_img'] = $_FILES['icoul']['name'];
    }
    $sml_img = $_FILES['icoul']['name'];
}
if (isset($_POST['btn_update'], $_POST['edit']) && !empty($_POST['sml_img']) && !empty($_POST['sml_code'])) {
    q('UPDATE ' . $tbl . 'smiley SET code=' . strnull(addslashes($_POST['sml_code'])) . ', img=' . strnull(addslashes($_POST['sml_img'])) . ', descr=' . strnull(addslashes($_POST['sml_descr'])) . ' WHERE id=' . (int) $_POST['edit']);
} else {
    if (isset($_POST['btn_submit']) && !empty($_POST['sml_img']) && !empty($_POST['sml_code'])) {
        $view_order = q_singleval('SELECT MAX(vieworder) FROM ' . $tbl . 'smiley') + 1;
        q('INSERT INTO ' . $tbl . 'smiley (code, img, descr, vieworder) VALUES(' . strnull(addslashes($_POST['sml_code'])) . ', ' . strnull(addslashes($_POST['sml_img'])) . ', ' . strnull(addslashes($_POST['sml_descr'])) . ', ' . $view_order . ')');
    }
}
if (isset($_GET['chpos'], $_GET['chdest'])) {
    $oldp = (int) $_GET['chpos'];
    $newp = (int) $_GET['chdest'];
    if ($oldp != $newp && $newp) {
        db_lock($GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley WRITE');
        q('UPDATE ' . $GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley SET vieworder=2147483647 WHERE vieworder=' . $oldp);
        if ($oldp < $newp) {
            q('UPDATE ' . $GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley SET vieworder=vieworder-1 WHERE vieworder<=' . $newp . ' AND vieworder>' . $oldp);
            $maxp = q_singleval('SELECT MAX(vieworder) FROM ' . $GLOBALS['DBHOST_TBL_PREFIX'] . 'smiley WHERE  vieworder!=2147483647');
            if ($newp > $maxp) {
                $newp = $maxp + 1;
            }
        } else {
Exemplo n.º 15
0
    move_uploaded_file($_FILES['icoul']['tmp_name'], $GLOBALS['WWW_ROOT_DISK'] . 'images/avatars/' . $_FILES['icoul']['name']);
    if (empty($_POST['avt_img'])) {
        $_POST['avt_img'] = $_FILES['icoul']['name'];
    }
}
if (isset($_POST['btn_update'], $_POST['edit']) && !empty($_POST['avt_img'])) {
    $old_img = q_singleval('SELECT img FROM ' . $tbl . 'avatar WHERE id=' . (int) $_POST['edit']);
    q('UPDATE ' . $tbl . 'avatar SET img=' . strnull(addslashes($_POST['avt_img'])) . ', descr=' . strnull(addslashes($_POST['avt_descr'])) . ' WHERE id=' . (int) $_POST['edit']);
    if (db_affected() && $old_img != $_POST['avt_img']) {
        $size = getimagesize($GLOBALS['WWW_ROOT_DISK'] . 'images/avatars/' . $_POST['avt_img']);
        $new_loc = '<img src="' . $GLOBALS['WWW_ROOT'] . 'images/avatars/' . $_POST['avt_img'] . '" ' . $size[3] . ' />';
        q('UPDATE ' . $tbl . 'users SET avatar_loc=\'' . $new_loc . '\' WHERE avatar=' . (int) $_POST['edit']);
    }
} else {
    if (isset($_POST['btn_submit']) && !empty($_POST['avt_img'])) {
        q('INSERT INTO ' . $tbl . 'avatar (img, descr) VALUES (' . strnull(addslashes($_POST['avt_img'])) . ', ' . strnull(addslashes($_POST['avt_descr'])) . ')');
    }
}
require $WWW_ROOT_DISK . 'adm/admpanel.php';
?>
<h2>Avatar Management System</h2>

<form name="frm_avt" method="post" action="admavatar.php" enctype="multipart/form-data">
<?php 
echo _hs;
?>
<table class="datatable solidtable">
	<?php 
if (@is_writeable($GLOBALS['WWW_ROOT_DISK'] . 'images/avatars')) {
    ?>
		<tr class="field">