/** * * Function create folder loop * This function creates folders needed when duplicating a template * @param string $folder_name_id - the id of the new template * @param number $id_to_copy - the id of the old template * @param string $tutorial_id_from_post - The name of this tutorial type i.e Nottingham * @version 1.0 * @author Patrick Lockley */ function duplicate_template($folder_name_id, $id_to_copy, $tutorial_id_from_post) { global $dir_path, $new_path, $temp_dir_path, $temp_new_path, $xerte_toolkits_site; $database_id = database_connect("file_library database connect success", "file_library database connect fail"); $query_for_framework = "select template_framework from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails where template_name =\"" . $tutorial_id_from_post . "\""; $query_for_framework_response = mysql_query($query_for_framework); $row_framework = mysql_fetch_array($query_for_framework_response); $dir_path = $xerte_toolkits_site->users_file_area_full . $id_to_copy . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; /* * Get the id of the folder we are looking to copy into */ $new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; $path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; if (mkdir($path)) { if (@chmod($path, 0777)) { $d = opendir($dir_path); if (create_folder_loop($d, -1)) { if (file_exists($new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/lockfile.txt")) { unlink($new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/lockfile.txt"); } return true; } else { return false; } } else { receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set rights on parent folder for template", "Failed to set rights on parent folder " . $path); return false; } } else { receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICAL", "Failed to create parent folder for template", "Failed to create parent folder " . $path); return false; } }
function search_info_GO_terms($GO_terms) { if (!database_connect()) { return "DB_CONNECT_FAILURE"; } if (empty($GO_terms)) { return array(); } # Set up parameters $search = "*"; $table = $GLOBALS['TABLE_GO_NAMES']; #Build the where statement $where = "0 = 1"; if (!empty($GO_terms)) { $where = "pid IN " . build_IN_LIST($GO_terms); } #Do the search $result = database_select_distinct_search($search, $table, $where); # Throw the results into an array $resultArray = array(); while ($row = mysql_fetch_assoc($result)) { $row["searchType"] = "GO"; array_push($resultArray, $row); } #database dc database_disconnect(); #return the results array if (count($resultArray) == 0) { return "EMPTY"; } # Is the array empty? return $resultArray; }
function outputStudents() { $conn = database_connect(); //$conn = mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_HOME); $query = "SELECT seatNumber,name,md5hash FROM students"; $result = mysqli_query($conn, $query); if (mysqli_errno($conn)) { echo mysqli_error($conn); } echo '<pre>'; while ($row = mysqli_fetch_array($result)) { // print_r($row); if ($row['seatNumber'] == $_SESSION['runCounter']) { echo "CURRENT:\t"; } else { if ($row['seatNumber'] % 2 == 1) { echo "ODD:\t"; } else { echo "EVEN:\t"; } } echo $row['seatNumber'] . "\t" . $row['name'] . '<br>'; } echo '</pre>'; $numRows = mysqli_num_rows($result); if ($_SESSION['runCounter'] > $numRows) { $_SESSION['runCounter'] = 1; } database_disconnect($conn); }
/** * * Function move file * This function is used to move files and folders * @param array $files_to_move = an array of files and folders to move * @param string $destination = Name of the new folder * @version 1.0 * @author Patrick Lockley */ function move_file($files_to_move, $destination) { global $xerte_toolkits_site; $mysql_id = database_connect("Move file database connect success", "Move file database connect failure"); $new_files_array = explode(",", $files_to_move); /* * Files array can be complicated, and this thread can lock the system, so limit max files to 50 */ if (count($new_files_array) != 0 && count($new_files_array) <= 50) { /* * check their is a destination */ if ($destination != "") { for ($x = 0; $x != count($new_files_array); $x++) { // check there are files if ($new_files_array[$x] != "") { if ($new_files_array[$x + 1] == "file") { if ($new_files_array[$x + 2] == "folder_workspace") { $parent = get_user_root_folder(); } if ($destination == "folder_workspace") { $destination = get_user_root_folder(); } if ($destination == "recyclebin") { $destination = get_recycle_bin(); } /* * Move files in the database */ $query_file = "UPDATE " . $xerte_toolkits_site->database_table_prefix . "templaterights SET folder = \"" . $destination . "\" where (template_id=\"" . $new_files_array[$x] . "\" AND user_id =\"" . $_SESSION['toolkits_logon_id'] . "\")"; if (mysql_query($query_file)) { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } else { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } } else { /* * destination is the root folder */ if ($destination == "folder_workspace") { $destination = get_user_root_folder(); } $query_folder = "UPDATE " . $xerte_toolkits_site->database_table_prefix . "folderdetails SET folder_parent = \"" . $destination . "\" where (folder_id=\"" . $new_files_array[$x] . "\")"; if (mysql_query($query_folder)) { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "Folder " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } else { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "Folder " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } } $x += 2; } } } } mysql_close($mysql_id); }
function licence_list() { global $xerte_toolkits_site; $database_id = database_connect("licence list connected", "licence list failed"); echo "<p>" . MANAGEMENT_LIBRARY_NEW_LICENCE . "</p>"; echo "<p>" . MANAGEMENT_LIBRARY_NEW_LICENCE_DETAILS . "<form><textarea cols=\"100\" rows=\"2\" id=\"newlicense\">" . MANAGEMENT_LIBRARY_NEW_LICENCE_NAME . "</textarea></form></p>"; echo "<p><form action=\"javascript:new_license();\"><button type=\"submit\" class=\"xerte_button\" ><i class=\"fa fa-plus-circle\"></i> " . MANAGEMENT_LIBRARY_NEW_LABEL . "</button></form></p>"; echo "<p>" . MANAGEMENT_LIBRARY_MANAGE_LICENCES . "</p>"; $query = "select * from " . $xerte_toolkits_site->database_table_prefix . "syndicationlicenses"; $query_response = db_query($query); foreach ($query_response as $row) { echo "<p>" . $row['license_name'] . " - <button type=\"button\" class=\"xerte_button\" onclick=\"javascript:remove_licenses('" . $row['license_id'] . "')\"><i class=\"fa fa-minus-circle\"></i> " . MANAGEMENT_LIBRARY_REMOVE . " </button></p>"; } }
/** * Poorman's prepared statement emulation. Does not cope with named parameters - only ?'s. * @param string $sql - e.g. "SELECT * FROM users WHERE name = ? OR name = ?" * @param array $params - e.g. array('bob', "david's"); * @return mysql resultset. */ function db_query($sql, $params = array()) { $connection = database_connect('db_query ok', 'db_query fail'); foreach ($params as $key => $value) { if (isset($value)) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = "'" . mysql_real_escape_string($value) . "'"; } else { $value = 'NULL'; } // overwrite the $params data with the santised stuff. $params[$key] = $value; } // following code taken from php.net/mysql_query - axiak at mit dot edu - 24th october 2006 $curpos = 0; $curph = count($params) - 1; // start at the end of the string and replace things backwards; this avoids us replacing a replacement for ($i = strlen($sql) - 1; $i > 0; $i--) { if ($sql[$i] !== '?') { continue; } if ($curph < 0) { $sql = substr_replace($sql, 'NULL', $i, 1); } else { $sql = substr_replace($sql, $params[$curph], $i, 1); } $curph--; } _debug("Running : {$sql}", 1); $result = mysql_query($sql, $connection); if (!$result) { _debug("Failed to execute query : {$sql} : " . mysql_error()); return false; } if (preg_match("/^select/i", $sql)) { $rows = array(); while ($row = mysql_fetch_assoc($result)) { $rows[] = $row; } return $rows; } return $result; }
public static function init() { global $config; require_once "core/config.php"; // Libraries $libs = scandir("core/lib"); foreach ($libs as $file) { if (pathinfo($file, PATHINFO_EXTENSION) == "php") { require_once "core/lib/{$file}"; } } // Classes $classes = scandir("core/classes"); foreach ($classes as $file) { if (pathinfo($file, PATHINFO_EXTENSION) == "php") { require_once "core/classes/{$file}"; } } database_connect(); Site::init(); global $site; }
function search_infoTable($chemicals) { if (!database_connect()) { return "DB_CONNECT_FAILURE"; } if (empty($chemicals)) { return "NO_SEARCH"; } # Set up parameters of a basic chemicalSGA search $search = "chemicalConditions.*, chemicals.structure_pic"; $table = "chemicalConditions, chemicals"; #Build the where statement $andQueryArray = array(); if (!empty($chemicals)) { array_push($andQueryArray, "chemicalConditions.chemical_name IN " . build_IN_LIST($chemicals)); } //array_push($andQueryArray, build_OR($chemicals, "chemicalConditions.chemical_name='", "'"));} array_push($andQueryArray, 'chemicalConditions.chemical_name = chemicals.name'); $where = build_AND($andQueryArray); //echo($where); //print $where; #Do the search $result = database_select_distinct_search($search, $table, $where); # Throw the results into an array $resultArray = array(); while ($row = mysql_fetch_assoc($result)) { array_push($resultArray, $row); } #database dc database_disconnect(); #return the results array if (count($resultArray) == 0) { return "EMPTY"; } # Is the array empty? return $resultArray; }
/** * * duplicate_template, allows the template to be duplicated * * @author Patrick Lockley * @version 1.0 * @copyright Copyright (c) 2008,2009 University of Nottingham * @package */ require_once "../../../config.php"; include "../user_library.php"; include "../template_library.php"; include "../template_status.php"; _load_language_file("/website_code/php/templates/duplicate_template.inc"); $database_connect_id = database_connect("new_template database connect success", "new_template database connect fail"); /* * get the root folder for this user */ if (is_numeric($_POST['template_id'])) { if (is_user_creator(mysql_real_escape_string($_POST['template_id']))) { if ($_POST['folder_id'] == "workspace") { $folder_id = get_user_root_folder(); } else { $folder_id = $_POST['folder_id']; } /* * get the maximum id number from templates, as the id for this template */ $maximum_template_id = get_maximum_template_number(); //$query_for_root_folder = "select folder_id from " . $xerte_toolkits_site->database_table_prefix . "folderdetails where login_id = '" . $_SESSION['toolkits_logon_id'] . "' and folder_parent='0'";
trigger_error("You are running an unsupported version of PHP/XerteOnlineToolkits. Please run PHP v5.1 or above"); } require_once dirname(__FILE__) . '/functions.php'; require_once dirname(__FILE__) . '/library/autoloader.php'; if (!isset($xerte_toolkits_site)) { // create new generic object to hold all our config stuff in.... $xerte_toolkits_site = new StdClass(); /** * Access the database to get the variables */ if (!is_file(dirname(__FILE__) . '/database.php')) { header("Location: " . $_SERVER['REQUEST_URI'] . "setup/"); } require_once dirname(__FILE__) . '/database.php'; require_once dirname(__FILE__) . '/website_code/php/database_library.php'; if (!database_connect("", "")) { die("database.php isn't correctly configured; cannot connect to database; have you run /setup?"); } $row = db_query_one("SELECT * FROM {$xerte_toolkits_site->database_table_prefix}sitedetails"); /** * Access the database to get the variables * @version 1.0 * @author Patrick Lockley * @copyright 2008,2009 University of Nottingham */ /** * Include any script that is used for configuration - for moodle this might be e.g. '/xampp/htdocs/moodle/config.php'. */ if ($row['integration_config_path'] != "") { require_once $row['integration_config_path']; }
/** * * template close, code that runs when an editor window is closed to remove the lock file * * @author Patrick Lockley * @version 1.0 * @package */ require_once '../../../config.php'; if (empty($_SESSION) || !isset($_SESSION['toolkits_logon_id'])) { die("Session expired; please login again."); } _load_language_file("/website_code/php/versioncontrol/template_close.inc"); require '../template_status.php'; $temp_array = explode("-", $_POST['file_path']); database_connect("template close success", "template close fail"); if (file_exists($xerte_toolkits_site->users_file_area_full . $_POST['file_path'] . "lockfile.txt")) { /* * Code to delete the lock file */ $lock_file_data = file_get_contents($xerte_toolkits_site->users_file_area_full . $temp_array[0] . "-" . $temp_array[1] . "-" . $temp_array[2] . "/lockfile.txt"); $temp = explode("*", $lock_file_data); $lock_file_creator = $temp[0]; $template_id = explode("-", $_POST['file_path']); $row_template_name = db_query_one("Select template_name from {$xerte_toolkits_site->database_table_prefix}templatedetails WHERE template_id = ?", array($template_id[0])); $user_list = $temp[1]; $users = explode(" ", $user_list); /* * Email users in the lock file */ for ($x = 0; $x != count($users) - 1; $x++) {
<?php include "config/config.php"; include "functions/database.fn.php"; $link = database_connect($db); $sql = 'SELECT * FROM poney WHERE id=' . $_GET['id']; $result = mysql_query($sql); if (!$result) { die('erreur dans la requete : ' . mysql_error()); } while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { include "templates/html-opening.php"; $rate = $row["rate"]; echo '<img src="images/' . $row["image"] . '" alt="poney" class="imgprofile" /><br />'; if ($rate == 1) { echo '<img src="images/1star.gif" alt="stars" class="starsprofile" />'; } elseif ($rate == 2) { echo '<img src="images/2stars.gif" alt="stars" class="starsprofile" />'; } elseif ($rate == 3) { echo '<img src="images/3stars.gif" alt="stars" class="starsprofile" />'; } elseif ($rate == 4) { echo '<img src="images/4stars.gif" alt="stars" class="starsprofile" />'; } elseif ($rate == 5) { echo '<img src="images/5stars.gif" alt="stars" class="starsprofile" />'; } echo '<div id="details">'; echo '<h3>' . $row["nom"] . '</h3>'; echo '<ul>'; echo '<li>Age: ' . $row["age"] . '</li>'; echo '<li>Sex: ' . $row["sex"] . '</li>'; echo '<li>Color: ' . $row["color"] . '</li>';
$_SESSION['user_id'] = $user['userID']; $_SESSION['user'] = $_POST['user']; $_SESSION['permissions'] = $user['permissions']; $_SESSION['auth'] = true; } } else { sendError('Bad username or password.'); } } $dbHandle = null; } /** * If user is authorized, read settings and create user-specific temp dirs. */ if (isset($_SESSION['auth']) && isset($_POST['form'])) { database_connect(IL_USER_DATABASE_PATH, 'users'); $user_id_q = $dbHandle->quote($_SESSION['user_id']); // Session management. if ($ini_array['autosign'] == 0) { $session_id_q = $dbHandle->quote(session_id()); // Save this signin in db. $dbHandle->exec("DELETE FROM logins" . " WHERE sessionID={$session_id_q} AND userID={$user_id_q}"); $dbHandle->exec("INSERT INTO logins (userID, sessionID, logintime)" . " VALUES ({$user_id_q}, {$session_id_q},'" . time() . "')"); // Delete all other signed in devices for this user. $result = $dbHandle->query("SELECT sessionID FROM logins" . " WHERE sessionID!={$session_id_q} AND userID={$user_id_q}"); while ($oldsession = $result->fetch(PDO::FETCH_ASSOC)) { // Delete session file. @unlink(IL_TEMP_PATH . DIRECTORY_SEPARATOR . 'I,_Librarian_sessions' . DIRECTORY_SEPARATOR . 'sess_' . $oldsession['sessionID']); // Clen session temp dir. $clean_files = array(); $clean_files = glob(IL_TEMP_PATH . DIRECTORY_SEPARATOR . 'lib_' . $oldsession['sessionID'] . DIRECTORY_SEPARATOR . '*', GLOB_NOSORT);
protected function getSettingsPage() { if ($this->login->getUsername() == $this->settings->admin_username && $this->login->getPassword() == $this->settings->admin_password) { $_SESSION['toolkits_logon_id'] = "site_administrator"; $mysql_id = database_connect("management.php database connect success", "management.php database connect fail"); $this->page['isAdmin'] = true; } else { $this->getLoginPage(); return; } return $this->pageDisplayHelper(); }
<?php include_once 'data.php'; if (isset($_SESSION['auth']) && isset($_SESSION['permissions']) && ($_SESSION['permissions'] == 'A' || $_SESSION['permissions'] == 'U')) { include_once 'functions.php'; database_connect(IL_DATABASE_PATH, 'library'); if (!empty($_GET['details'])) { $dbHandle->sqliteCreateFunction('levenshtein', 'sqlite_levenshtein', 2); if (!empty($_GET['journal'])) { $journal_query = $dbHandle->quote($_GET['journal']); $result = $dbHandle->query("SELECT journal,count(*) FROM library WHERE levenshtein(upper(journal), upper({$journal_query})) < 4 GROUP BY journal"); print '<b>Possible variants:</b>'; while ($jour = $result->fetch(PDO::FETCH_ASSOC)) { if (!empty($jour['journal'])) { print '<br><button class="rename-journal-button" style="margin:1px"><i class="fa fa-pencil"></i></button> '; print '<span>' . htmlspecialchars($jour['journal']) . '</span> (' . $jour['count(*)'] . ')'; } } $result = null; $result = $dbHandle->query("SELECT secondary_title,count(*) FROM library WHERE journal={$journal_query} GROUP BY secondary_title"); print '<br><b>Associated secondary titles:</b>'; while ($jour = $result->fetch(PDO::FETCH_ASSOC)) { if (!empty($jour['secondary_title'])) { print '<br><button class="rename-secondary-title-button" style="margin:1px"><i class="fa fa-pencil"></i></button> '; print '<span>' . htmlspecialchars($jour['secondary_title']) . '</span> (' . $jour['count(*)'] . ')'; } } } if (!empty($_GET['secondary_title'])) { $journal_query = $dbHandle->quote($_GET['secondary_title']); $result = $dbHandle->query("SELECT secondary_title,count(*) FROM library WHERE levenshtein(upper(secondary_title), upper({$journal_query})) < 4 GROUP BY secondary_title");
<?php require_once '../mysql.php'; #Connect to the database if (!database_connect()) { echo "DB_CONNECT_FAILURE"; return false; } #Process the input $drug = safe($_POST['drug']); $gene = safe($_POST['gene']); $needAnd = false; $search = "*"; $table = "interactions"; $sortedBy = "chemgen_score"; $where = ""; if ($drug != "") { $where .= ($needAnd ? "AND " : "") . "drug_name = '{$drug}' "; $needAnd = true; } if ($gene != "") { $where .= ($needAnd ? "AND " : "") . "(orf_name = '{$gene}' OR common_name = '{$gene}') "; $needAnd = true; } //$where = "drug_name = '$drug' AND (orf_name = '$gene' OR common_name = '$gene')"; if ($drug != "" || $gene != "") { #Do a database search $result = database_select_search($search, $table, $where, $sortedBy); # Throw the results into an array $resultArray = array(); while ($row = mysql_fetch_assoc($result)) {
function move_folder($folder_id, $destination) { global $xerte_toolkits_site; $mysql_id = database_connect("Move file database connect success", "Move file database connect failure"); if ($destination != "") { /* * Move folder in database */ $prefix = $xerte_toolkits_site->database_table_prefix; $query_folder = "UPDATE {$prefix}folderdetails SET folder_parent = ? WHERE (folder_id = ? )"; $params = array($destination, $folder_id); $ok = db_query($query_folder, $params); if ($ok) { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "Folder " . $folder_id . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } else { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $folder_id . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "Folder " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } } }
<?php //results.php require_once 'functions.php'; require_once 'header.php'; database_connect($dbhost, $dbuser, $dbpass, $dbname); $query = 'SELECT * FROM nyitevents WHERE Event="' . sanitizeString($_GET['category']) . '"'; $result = queryMysql($query); if (!$result) { die('Database access failed: ' . mysql_error()); } $rows = mysql_num_rows($result); echo "<div class='container-fluid table-responsive'>"; echo "<table class='table table-striped table-hover table-bordered'>"; echo "<tr><th>Name</th><th>Description</th><th>Date</th><th>Time</th><th>Location</th></tr>"; for ($j = 0; $j < $rows; ++$j) { $row = mysql_fetch_row($result); echo "<tr>"; echo "<td>" . $row[0] . "</td>"; echo "<td>" . $row[1] . "</td>"; echo "<td>" . $row[2] . "</td>"; echo "<td>" . $row[3] . "</td>"; echo "<td>" . $row[4] . "</td></tr>"; } if ($rows == 0) { echo "<tr><td colspan='5'><img src='img/noFlexZone.png' />\n <h2>It ha no events dawg</h2></td></tr>"; } echo "</table></div>"; mysql_close(mysql_connect($dbhost, $dbuser, $dbpass)); ?>
* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * * public templates template page, used displays the User created * * @author Patrick Lockley * @version 1.0 * @package */ require_once "../../../config.php"; include "../display_library.php"; include "workspace_library.php"; /** * connect to the database */ workspace_templates_menu(); $prefix = $xerte_toolkits_site->database_table_prefix; $database_connect_id = database_connect("Folder_content_template.php connect success", "Folder_content_template.php connect failed"); $query_for_public_templates = "select * from {$prefix}templatedetails, {$prefix}templaterights where " . "access_to_whom = ? AND " . "user_id = ? and " . " {$prefix}templaterights.template_id = {$prefix}templatedetails.template_id ORDER BY template_name DESC"; $params = array('public', $_SESSION['toolkits_logon_id']); $query_public_response = db_query($query_for_public_templates, $params); workspace_menu_create(100); foreach ($query_public_response as $row_template_name) { echo "<div style=\"float:left; width:100%;\">" . str_replace("_", "", $row_template_name['template_name']) . "</div>"; } echo "</div>";
<?php /** * Licensed to The Apereo Foundation under one or more contributor license * agreements. See the NOTICE file distributed with this work for * additional information regarding copyright ownership. * The Apereo Foundation licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once "../../../config.php"; require "../user_library.php"; require "management_library.php"; if (is_user_admin()) { $database_id = database_connect("templates list connected", "template list failed"); $query = "delete from " . $xerte_toolkits_site->database_table_prefix . "syndicationlicenses where license_id=?"; db_query($query, array($_POST['remove'])); licence_list(); } else { management_fail(); }
/** * * name select template, displays usernames so people can choose to share a template * * @author Patrick Lockley * @version 1.0 * @copyright Copyright (c) 2008,2009 University of Nottingham * @package */ require_once "../../../config.php"; _load_language_file("/website_code/php/properties/name_select_template.inc"); if (is_numeric($_POST['template_id'])) { $search = mysql_real_escape_string($_POST['search_string']); $tutorial_id = mysql_real_escape_string($_POST['template_id']); $database_id = database_connect("Template name select share access database connect success", "Template name select share database connect failed"); /** * Search the list of user logins for user with that name */ if (strlen($search) != 0) { $query_for_names = "select login_id, firstname, surname from " . $xerte_toolkits_site->database_table_prefix . "logindetails WHERE ((firstname like \"" . $search . "%\") or (surname like \"" . $search . "%\")) and login_id not in( SELECT user_id from " . $xerte_toolkits_site->database_table_prefix . "templaterights where template_id=\"" . $tutorial_id . "\" ) ORDER BY firstname ASC"; $query_names_response = mysql_query($query_for_names); if (mysql_num_rows($query_names_response) != 0) { while ($row = mysql_fetch_array($query_names_response)) { echo "<p>" . $row['firstname'] . " " . $row['surname'] . " (" . $row['login_id'] . ") - <button type=\"button\" class=\"xerte_button\" onclick=\"share_this_template('" . $tutorial_id . "', '" . $row['login_id'] . "')\">" . NAME_SELECT_CLICK . "</button></p>"; } } else { echo "<p>" . NAME_SELECT_DETAILS_FAIL . "</p>"; } } }
/** * * folder rss page, used by the site to display a folder's rss settings * * @author Patrick Lockley * @version 1.0 * @package */ require_once "../../../config.php"; _load_language_file("/website_code/php/folderproperties/folder_rss_template.inc"); include "../url_library.php"; //connect to the database $parameters = explode("_", $_POST['folder_id']); if (count($parameters) != 1) { if (is_numeric($parameters[0]) && is_string($parameters[1])) { $database_connect_id = database_connect("Folder_rss_template.php database connect success", "Folder_rss_template.php database connect failed"); $prefix = $xerte_toolkits_site->database_table_prefix; $query_for_folder_name = "select folder_name from {$prefix}folderdetails where folder_id=?"; $params = array($_POST['folder_id']); $row_template_name = db_query_one($query_for_folder_name, $params); echo "<p class=\"header\"><span>" . FOLDER_RSS_FEEDS . "</span></p>"; echo "<p>" . FOLDER_RSS_PUBLIC . "</p>"; $query_for_name = "select firstname, surname from {$prefix}logindetails where login_id=?"; $params = array($_SESSION['toolkits_logon_id']); $row_name = db_query_one($query_for_name, $params); if ($xerte_toolkits_site->apache == "true") { echo "<p><a target=\"new\" href=\"" . $xerte_toolkits_site->site_url . "RSS/" . $row_name['firstname'] . "_" . $row_name['surname'] . "/" . str_replace(" ", "_", $row_template_name['folder_name']) . "/\">" . $xerte_toolkits_site->site_url . "RSS/" . $row_name['firstname'] . "_" . $row_name['surname'] . "/" . str_replace(" ", "_", $row_template_name['folder_name']) . "/</a></p>"; } else { echo "<p><a target=\"new\" href=\"" . $xerte_toolkits_site->site_url . "rss.php?username="******"_" . $row_name['surname'] . "&folder_name=" . str_replace(" ", "_", $row_template_name['folder_name']) . "\">" . $xerte_toolkits_site->site_url . "rss.php?username="******"_" . $row_name['surname'] . "&folder_name=" . str_replace(" ", "_", $row_template_name['folder_name']) . "</a></p>"; } }
$microtime = sprintf("%01.1f seconds", $microtime); print '<table class="top" style="margin-bottom:1px"><tr><td style="width: 13em">'; print '<div class="ui-state-highlight ui-corner-top' . ($from == 1 ? ' ui-state-disabled' : '') . '" style="float:left;margin-left:2px;width:26px">' . ($from == 1 ? '' : '<a class="navigation" href="' . htmlspecialchars('download_springer.php?' . $url_string . '&from=1') . '" style="display:block;width:26px">') . ' <i class="fa fa-caret-left"></i> <i class="fa fa-caret-left"></i> ' . ($from == 1 ? '' : '</a>') . '</div>'; print '<div class="ui-state-highlight ui-corner-top' . ($from == 1 ? ' ui-state-disabled' : '') . '" style="float:left;margin-left:2px;width:4em">' . ($from == 1 ? '' : '<a class="navigation" href="' . htmlspecialchars('download_springer.php?' . $url_string . '&from=' . ($from - 10)) . '" style="color:black;display:block;width:100%">') . '<i class="fa fa-caret-left"></i> Back' . ($from == 1 ? '' : '</a>') . '</div>'; print '</td><td class="top" style="text-align: center">'; print "Items " . $from . " - " . min($from + 9, $count) . " of " . $count . " in " . $microtime; print '</td><td class="top" style="width: 14em">'; $count % 10 == 0 ? $lastpage = $count - 9 : ($lastpage = $count - $count % 10 + 1); print '<div class="ui-state-highlight ui-corner-top' . ($count > $from + 9 ? '' : ' ui-state-disabled') . '" style="float:right;margin-right:2px;width:26px">' . ($count > $from + 9 ? '<a class="navigation" href="' . htmlspecialchars('download_springer.php?' . $url_string . '&from=' . $lastpage) . '" style="display:block;width:26px">' : '') . '<i class="fa fa-caret-right"></i> <i class="fa fa-caret-right"></i>' . ($count > $from + 9 ? '</a>' : '') . '</div>'; print '<div class="ui-state-highlight ui-corner-top' . ($count > $from + 9 ? '' : ' ui-state-disabled') . '" style="float:right;margin-right:2px;width:4em">' . ($count > $from + 9 ? '<a class="navigation" href="' . htmlspecialchars("download_springer.php?{$url_string}&from=" . ($from + 10)) . '" style="color:black;display:block;width:100%">' : '') . ' Next <i class="fa fa-caret-right"></i> ' . ($count > $from + 9 ? '</a>' : '') . '</div>'; print '<div class="ui-state-highlight ui-corner-top pgdown" style="float: right;width: 4em;margin-right:2px">PgDn</div>'; print '</td></tr></table>'; print '<div class="alternating_row">'; $id_range = join(',', range($from, $from + 9)); $result = $dbHandle2->query("SELECT * FROM items WHERE id IN (" . $id_range . ")"); database_connect($database_path, 'library'); while ($row = $result->fetch(PDO::FETCH_ASSOC)) { extract($row); if (!empty($title)) { ########## gray out existing records ############## $existing_id = ''; $doi_query = $dbHandle->quote($doi); $result_query = $dbHandle->query("SELECT id FROM library WHERE doi=" . $doi_query); $existing_id = $result_query->fetchColumn(); print '<div class="items" data-doi="' . htmlspecialchars($doi) . '" data-pdf="' . htmlspecialchars('http://link.springer.com/content/pdf/' . urlencode($doi) . '.pdf') . '" style="padding:0">'; print '<div class="ui-widget-header" style="border-left:0;border-right:0">'; print '<div class="titles brief" style="overflow:hidden;margin-right:10px'; if (is_numeric($existing_id)) { print ';color: #777'; } print '">' . $title . '</div>';
<?php include_once 'data.php'; include_once 'functions.php'; session_write_close(); // ONLY ADMIN CAN DO THIS if (!isset($_SESSION['auth']) || $_SESSION['permissions'] !== 'A') { die; } $allowed_databases = array('library', 'fulltext', 'users', 'discussions', 'history'); if (!empty($_GET['db']) && in_array($_GET['db'], $allowed_databases)) { if ($_GET['db'] == 'users') { database_connect($usersdatabase_path, 'users'); } else { database_connect($database_path, $_GET['db']); } $dbHandle->exec('VACUUM'); $dbHandle = null; if ($_GET['db'] == 'users') { $dbsize = filesize($usersdatabase_path . DIRECTORY_SEPARATOR . 'users.sq3'); } else { $dbsize = filesize($database_path . DIRECTORY_SEPARATOR . $_GET['db'] . '.sq3'); } if ($dbsize < 1048576) { $size = round($dbsize / 1024, 1) . ' kB'; } if ($dbsize >= 1048576) { $size = round($dbsize / 1048576, 1) . ' MB'; } if ($dbsize >= 1073741824) { $size = round($dbsize / 1073741824, 1) . ' GB';
include 'funzioni.php'; include "../mpdf60/mpdf.php"; global $_CONFIG; $utente = check_login(); if ($utente == -1) { die("LOGINPROBLEM"); } else { $user_level = get_user_level($utente); if ($user_level == 0) { die("LOGINPROBLEM"); } if ($user_level == 1) { die('LOGINPROBLEM'); } $ora = $_POST["ora"]; $db = database_connect(); $result = $db->query("SELECT utenti.nome, utenti.cognome from utenti where level = '0' and (SELECT COUNT(*) from iscrizioni where iscrizioni.idUtente = utenti.id and iscrizioni.ora = '{$ora}') = 0 ORDER by cognome, nome asc") or die($db->error); $file = array(); $code = "\n<style>td, th{border:1px solid; padding: 5px 30px;}</style> <h3 style='text-align:center; margin-bottom:0px;'>L. S. \"G. Galilei\" - \"Finestra tecnica\"</h3><h1 style='text-align:center;margin-bottom: 5px; margin-top:15px;'>" . getStringaOra($ora) . "</h1>"; $code .= "<table style='border-collapse:collapse; margin-top:20px;'><tbody><tr>\n <td style='width:230px;'><b>Cognome</b></td>\n <td style='width:230px;'><b>Nome</b> </td>\n <td style='width:250px; text-align:center;'><b>Firma</b> </td>\n</tr>"; while ($utente = $result->fetch_assoc()) { $code .= "<tr>\n <td>" . $utente["cognome"] . "</td>\n <td>" . $utente["nome"] . "</td>\n <td></td>\n </tr>"; } $code .= "</tbody></table>"; $mpdf = new mPDF('utf-8', "A4"); // , '' , '' , 50 , 1 , 1 , 1 , 1 , 1); $mpdf->SetDisplayMode('fullpage'); $mpdf->list_indent_first_level = 0; // 1 or 0 - whether to indent the first level of a list $mpdf->WriteHTML($code); chdir("./tmp/orebuche/");
* Password left empty */ } else { if (empty($_POST["password"])) { mgt_page($xerte_toolkits_site, MANAGEMENT_PASSWORD_EMPTY); /* * Password and username provided, so try to authenticate */ } else { global $authmech; if (!isset($authmech)) { $authmech = Xerte_Authentication_Factory::create($xerte_toolkits_site->authentication_method); } if ($_POST["login"] == $xerte_toolkits_site->admin_username && $_POST["password"] == $xerte_toolkits_site->admin_password) { $_SESSION['toolkits_logon_id'] = "site_administrator"; $mysql_id = database_connect("management.php database connect success", "management.php database connect fail"); /* * Password and username provided, so try to authenticate */ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?php echo $xerte_toolkits_site->site_title; ?> </title> <link href="website_code/styles/frontpage.css" media="screen" type="text/css" rel="stylesheet" /> <link href="website_code/styles/xerte_buttons.css" media="screen" type="text/css" rel="stylesheet" />
<?php include 'Base.php'; $dbhandle = database_connect(); mysqli_query($dbhandle, "USE u907917272_cs307"); //choose the database you want to use or you can ignore this line and do DATABASE.table inside the mysqli_query(); $username_ = $_POST["username"]; $SQLString = "SELECT * FROM account WHERE Username='******'"; //$hash = password_hash($passwod, PASSWORD_DEFAULT); //$SQLString = "SELECT * FROM account WHERE Username='******' AND Password='******'"; $result = mysqli_query($dbhandle, $SQLString); $count = mysqli_num_rows($result); if ($count == 0) { echo "No such User"; } else { echo $username_; $context = hash('md5', $username_); echo $context; $myfile = fopen('../' . $context . '.php', "w"); fwrite($myfile, "<?php \$"); fwrite($myfile, "username="******"username"]); fwrite($myfile, "?>"); $file = file_get_contents('../lostpwd.php', true); fwrite($myfile, $file); $file_email1 = file_get_contents('../htmlemail/lost_password_email1.html', true); $file_email2 = file_get_contents('../htmlemail/lost_password_email2.html', true); $to = '*****@*****.**'; $subject = 'Reset your password'; $message = $file_email1 . "<a href=" . '"' . "http://ticketvault.cu.cc/" . $context . ".php" . $file_email2; $headers = 'MIME-Version: 1.0' . "\r\n";
} } return $result; } //ADD TERTIARY_TITLE COLUMN TO TABLE LIBRARY AND UPGRADE EDITORS database_connect($database_path, 'library'); $dbHandle->sqliteCreateFunction('migrateauthors', 'migrate_authors', 1); $dbHandle->exec("BEGIN EXCLUSIVE TRANSACTION"); $dbHandle->exec("ALTER TABLE library ADD COLUMN tertiary_title TEXT NOT NULL DEFAULT ''"); $dbHandle->exec("ALTER TABLE library ADD COLUMN filehash TEXT NOT NULL DEFAULT ''"); $dbHandle->exec("ALTER TABLE projects ADD COLUMN active TEXT NOT NULL DEFAULT '1'"); $dbHandle->exec("UPDATE library SET editor=migrateauthors(editor) WHERE editor NOT LIKE '%L:\"%'"); $dbHandle->exec("COMMIT"); $dbHandle = null; //CONSOLIDATE DISCUSSIONS INTO ONE DATABASE database_connect($database_path, 'filediscussion'); $dbHandle->exec("BEGIN EXCLUSIVE TRANSACTION"); $dbHandle->exec("CREATE TABLE IF NOT EXISTS discussion (id INTEGER PRIMARY KEY," . " fileID INTEGER NOT NULL," . " user TEXT NOT NULL DEFAULT ''," . " timestamp TEXT NOT NULL DEFAULT ''," . " message TEXT NOT NULL DEFAULT '')"); $dbHandle->exec("ALTER TABLE discussion RENAME TO filediscussion"); $dbHandle->exec("CREATE TABLE projectdiscussion (id integer PRIMARY KEY," . " projectID integer NOT NULL," . " user text NOT NULL DEFAULT ''," . " timestamp text NOT NULL DEFAULT ''," . " message text NOT NULL DEFAULT '')"); $dbHandle->exec("COMMIT"); $dbs = glob($database_path . 'project*.sq3', GLOB_NOSORT); if (is_array($dbs)) { foreach ($dbs as $db) { $projID = substr(basename($db, '.sq3'), 7); $database_query = $dbHandle->quote($db); $dbHandle->exec("ATTACH DATABASE " . $database_query . " AS db2"); $dbHandle->exec("BEGIN EXCLUSIVE TRANSACTION"); $result = $dbHandle->query("SELECT user,timestamp,message FROM db2.discussion"); while ($row = $result->fetch(PDO::FETCH_NAMED)) { $projectID = intval($projID);
*/ /** * * share this template, gives a new user rights to a template * * @author Patrick Lockley * @version 1.0 * @package */ require_once "../../../config.php"; _load_language_file("/website_code/php/properties/share_this_template.inc"); $prefix = $xerte_toolkits_site->database_table_prefix; if (is_numeric($_POST['user_id']) && is_numeric($_POST['template_id'])) { $user_id = $_POST['user_id']; $tutorial_id = $_POST['template_id']; $database_id = database_connect("Share this template database connect success", "Share this template database connect success"); /** * find the user you are sharing with's root folder to add this template to */ $query_to_find_out_root_folder = "select folder_id from {$prefix}folderdetails where login_id = ? and folder_parent=? and folder_name!=?"; $params = array($user_id, '0', 'recyclebin'); $row_query_root = db_query_one($query_to_find_out_root_folder, $params); $query_to_insert_share = "INSERT INTO {$prefix}templaterights (template_id, user_id, role, folder) VALUES (?,?,?,?)"; $params = array($tutorial_id, $user_id, "editor", $row_query_root['folder_id']); if (db_query($query_to_insert_share, $params)) { /** * sort ouf the html to return to the screen */ $query_for_name = "select firstname, surname from {$prefix}logindetails WHERE login_id=?"; $params = array($user_id); $row = db_query_one($query_for_name, $params);
<?php include_once 'data.php'; include_once 'functions.php'; $text = ''; $filename = sprintf('%05d', intval($_GET['file'])) . '.pdf'; if (!empty($_GET['file'])) { database_connect(IL_DATABASE_PATH, 'fulltext'); $query = $dbHandle->quote($_GET['file']); $result = $dbHandle->query("SELECT full_text FROM full_text WHERE fileID={$query}"); $dbHandle = null; $text = $result->fetchColumn(); } if (!empty($text)) { $text_size = round(strlen(utf8_decode($text)) / 1024, 1); $pdf_size = round(filesize(IL_PDF_PATH . DIRECTORY_SEPARATOR . get_subfolder($filename) . DIRECTORY_SEPARATOR . $filename) / 1024, 1); } else { print '<h3>No text found.</h3>'; die; } include_once 'index.inc.php'; ?> <body style="padding:20px"> <h3>Extracted text from the file <?php print $filename; ?> :</h3> <div class="ui-corner-all alternating_row" style="float:left;width:75%;text-align:justify;padding:10px;text-shadow:none"> <?php print htmlspecialchars($text); ?>