function index()
{
if($this->login_lib->pos_check_not_login() == false){
$data['title'] = 'Login';
$data['keyword'] = 'Login';
$data['description'] = 'Login';
$this->template->set_params($data);
$this->template->set_layout('blankpage',config_item('modulename_login'));
/* proses data */
if($this->input->post('do_login')){ #break;
$user=$this->input->post('username');
$pass=$this->input->post('password');
if($data=$this->login_model->check_admin($user)){
if($data->password==$pass){
$this->login_lib->pos_sess_login($data);
redirect('admin');
}else{
errorMsg($this->lang->line('invalid_pass'));
}
}else{
errorMsg($this->lang->line('invalid_user'));
}
} #break;
$this->template->set_view('form_login_poseidon',false,config_item('modulename_login'));
}else{
$this->lang->load('home');
$this->template->set_view ('home',false,config_item('modulename'));
}
}
function parseProducts($products)
{
$chaprBTAssembledPKID = 1;
$chaprProgrammerPKID = 5;
$chaprKitPKID = 3;
// this pattern will match on our format for item identification
// including wild spaces thrown in accidentally
$targetPattern = "/ *(.) *\\( *([0-9][0-9]*) *\\)/";
$retItems = array();
$items = explode(",", $products);
foreach ($items as $item) {
if (!preg_match($targetPattern, $item, $matches)) {
errorMsg("didn't match on an item - Yikes!");
continue;
}
$keyLetter = $matches[1];
$quantity = $matches[2];
switch ($keyLetter) {
case "P":
$retItems[] = array("PKID" => $chaprProgrammerPKID, "Quantity" => $quantity, "Personality" => null, "Price" => null);
$retItems[] = array("PKID" => $chaprBTAssembledPKID, "Quantity" => $quantity, "Personality" => null, "Price" => null);
break;
case "C":
$retItems[] = array("PKID" => $chaprBTAssembledPKID, "Quantity" => $quantity, "Personality" => null, "Price" => null);
break;
case "K":
$retItems[] = array("PKID" => $chaprKitPKID, "Quantity" => $quantity, "Personality" => null, "Price" => null);
break;
}
}
return $retItems;
}
private function getModuleReturn($module, $action)
{
//标识符
$key = $module . '#' . $action;
if (!isset($this->moduleReturn[$key])) {
if (method_exists(M($module), $action)) {
$string = M($module)->{$action}();
if ($string === null) {
errorMsg("[错误标签:<b>{{{{$module}.{$action}}}}</b>] [调用方法:<b>{$module}Module->{$action}()</b>] 这个模型中的函数没有返回值或返回值为空!", E_USER_NOTICE);
}
$this->moduleReturn[$key] = $string;
} else {
errorMsg("[错误标签:<b>{{{{{$module}.{$action}}}}}</b>] [调用方法:<b>{$module}Module->{$action}()</b>] 这个模型中的函数不存在!", E_USER_NOTICE);
$this->moduleReturn[$key] = false;
}
}
return $this->moduleReturn[$key];
}
$tableName = $row['tableName'];
$pkValue = $row['pkValue'];
$memberID = strtolower($row['memberID']);
$dateAdded = @date($adminConfig['PHPDateTimeFormat'], $row['dateAdded']);
$dateUpdated = @date($adminConfig['PHPDateTimeFormat'], $row['dateUpdated']);
$groupID = $row['groupID'];
} else {
// no such record exists
die("<div class=\"status\">{$Translation["record not found error"]}</div>");
}
}
// get pk field name
$pkField = getPKFieldName($tableName);
// get field list
if (!($res = sql("show fields from `{$tableName}`", $eo))) {
errorMsg(str_replace("<TABLENAME>", $tableName, $Translation["could not retrieve field list"]));
}
while ($row = db_fetch_assoc($res)) {
$field[] = $row['Field'];
}
$res = sql("select * from `{$tableName}` where `{$pkField}`='" . makeSafe($pkValue, false) . "'", $eo);
if ($row = db_fetch_assoc($res)) {
?>
<h2><?php
echo str_replace("<TABLENAME>", $tableName, $Translation["table name"]);
?>
</h2>
<table class="table table-striped">
<tr>
<td class="tdHeader"><div class="ColCaption"><?php
echo $Translation["field name"];
redirect('phar_allergic.php', $msg);
exit;
}elseif( $action === 'delete' ){
$id = input_get('id');
$db = Mysql::load();
$sql = "DELETE FROM `allergic_list`
WHERE `id` = :item_id LIMIT 1";
$data = array(':item_id' => $id);
$delete = $db->delete($sql, $data);
$msg = 'ź���������º����';
if( $delete !== true ){
$msg = errorMsg('delete', $delete['id']);
}
redirect('phar_allergic.php', $msg);
exit;
}elseif( $action === 'search_from_code' ){
$dcode = input_post('dcode');
$db = Mysql::load();
$sql = "SELECT `drugcode`, `genname`
FROM `druglst`
WHERE ( `drugcode` LIKE :drug_code OR `genname` LIKE :gen_name ) ";
$data = array(':drug_code' => "%$dcode%", ':gen_name' => "%$dcode%");
goto endaction;
}
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
//CARGAR ACTIVIDADES
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
if ($action == "loadact") {
if ($result = mysqlCmd("select * from Actividades where actid='{$actid}'")) {
foreach (array_keys($ACTIVIDADES_FIELDS) as $field) {
${$field} = $result["{$field}"];
}
$fecha_actividad = array("start" => $fechaini, "end" => $fechafin);
statusMsg("Actividad {$actid} cargada");
$mode = "agregar";
} else {
$mode = "lista";
errorMsg("La actividad no existe");
}
goto endaction;
}
endaction:
} else {
}
////////////////////////////////////////////////////////////////////////
//MODOS
////////////////////////////////////////////////////////////////////////
if (!isset($mode)) {
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
//PRINCIPAL
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
$content .= <<<C
<p>
function checkUserValidity($login, $password, $clientApplication, $cp, &$id, &$reason, &$priv, &$extended, &$domainId, $lang)
{
global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser;
setMsgLanguage($lang);
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
// we map the client application to the domain name
$domainName = mysqli_real_escape_string($link, $clientApplication);
// retreive the domain id
$query = "SELECT domain_id FROM domain WHERE domain_name='{$domainName}'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0) {
// unrecoverable error, we must giveup
$reason = errorMsg(3007, $domainName);
mysqli_close($link);
return false;
}
$row = mysqli_fetch_array($result);
$domainId = $row[0];
// retreive the domain info
$domainInfo = getDomainInfo($domainId);
// convert the domain status enum into the privilege access set
$accessPriv = strtoupper(substr($domainInfo['status'], 3));
// now, retrieve the user infos
$login = mysqli_real_escape_string($link, $login);
$query = "SELECT * FROM user where Login='******'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0) {
if ($AcceptUnknownUser) {
// login doesn't exist, create it
$password = mysqli_real_escape_string($link, $password);
$query = "INSERT INTO user (Login, Password) VALUES ('{$login}', '{$password}')";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
// get the user to have his UId
$query = "SELECT * FROM user WHERE Login='******'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 1) {
$reason = errorMsg(3008, $login);
$row = mysqli_fetch_assoc($result);
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
// add the default permission
$query = "INSERT INTO permission (UId, DomainId, AccessPrivilege) VALUES ('{$id}', '{$domainId}', '{$accessPriv}')";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$res = false;
} else {
$reason = errorMsg(3009, $login);
$res = false;
}
} else {
$reason = errorMsg(2001, $login, 'checkUserValidity');
}
} else {
$row = mysqli_fetch_assoc($result);
$salt = get_salt($row["Password"]);
if ($cp && $row["Password"] == $password || !$cp && $row["Password"] == crypt($password, $salt)) {
// Store the real login (with correct case)
$_GET['login'] = $row['Login'];
// check if the user can use this application
$clientApplication = mysqli_real_escape_string($link, $clientApplication);
$query = "SELECT * FROM permission WHERE UId='" . $row["UId"] . "' AND DomainId='{$domainId}'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0) {
if ($AcceptUnknownUser) {
// add default permission
$query = "INSERT INTO permission (UId, DomainId, ShardId, AccessPrivilege) VALUES ('" . $row["UId"] . "', '{$domainId}', -1, '{$domainStatus}')";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3010);
$res = false;
} else {
// no permission
$reason = errorMsg(3011, $clientApplication, $domainName);
$res = false;
}
} else {
// check that the access privilege for the domain
$permission = mysqli_fetch_assoc($result);
if (!strstr($permission['AccessPrivilege'], $accessPriv)) {
// no right to connect
if ($AcceptUnknownUser) {
// set an additionnal privilege for this player
$query = "UPDATE permission set AccessPrivilege='" . $permission['AccessPrivilege'] . ",{$accessPriv}' WHERE PermissionId=" . $permission['PermissionId'];
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3012, $accessPriv);
$res = false;
} else {
// no permission
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
$res = false;
}
} else {
// // check if the user not already online
//
// if ($row["State"] != "Offline")
// {
// $reason = "$login is already online and ";
// // ask the LS to remove the client
// if (disconnectClient ($row["ShardId"], $row["UId"], $tempres))
// {
// $reason = $reason."was just disconnected. Now you can retry the identification (error code 54)";
//
// $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"];
// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
//
// $query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"];
// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
// }
// else
// {
// $reason = $reason."can't be disconnected: $tempres (error code 55)";
// }
// $res = false;
// }
// else
// {
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
$res = true;
// }
}
}
} else {
$reason = errorMsg(2004, 'user');
$res = false;
}
}
mysqli_close($link);
return $res;
}
<?php
$currDir = dirname(__FILE__);
require "{$currDir}/incCommon.php";
// validate input
$groupID = intval($_GET['groupID']);
// make sure group has no members
if (sqlValue("select count(1) from membership_users where groupID='{$groupID}'")) {
errorMsg($Translation["can not delete group remove members"]);
include "{$currDir}/incFooter.php";
}
// make sure group has no records
if (sqlValue("select count(1) from membership_userrecords where groupID='{$groupID}'")) {
errorMsg($Translation["can not delete group transfer records"]);
include "{$currDir}/incFooter.php";
}
sql("delete from membership_groups where groupID='{$groupID}'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}'", $eo);
if ($_SERVER['HTTP_REFERER']) {
redirect($_SERVER['HTTP_REFERER'], TRUE);
} else {
redirect("admin/pageViewGroups.php");
}
static function getTableInfo($dbName, $tableName)
{
//生成缓存Key [tableSys#库名#表名]
$memKey = 'tableSys#' . $dbName . '#' . $tableName;
//DEBUG模式下不记录缓存
$info = DEBUG ? false : \SysFactory::memcache()->get($memKey);
if ($info === false) {
$res = self::getConnect($dbName)->query('DESC ' . $tableName);
$res or errorMsg('<b>' . $tableName . '</b> 这个表在数据库中不存在!', E_USER_ERROR);
$info = array();
$info['list'] = array();
foreach ($res->fetchAll(\PDO::FETCH_ASSOC) as $item) {
//记录字段列表
array_push($info['list'], $item['Field']);
//记录主键
if ($item['Key'] == 'PRI') {
$info['pri'] = $item['Field'];
}
}
//如里没有主键则第一具字段填充
empty($info['pri']) and $table['pri'] = reset($table['list']);
//加入缓存
\SysFactory::memcache()->set($memKey, $info, 3600);
}
return $info;
}
$moveMembers = intval($_GET['moveMembers']);
// transfer operations
if ($sourceGroupID && $sourceMemberID && $destinationGroupID && ($destinationMemberID || $moveMembers) && $_GET['beginTransfer'] != '') {
/* validate everything:
1. Make sure sourceMemberID belongs to sourceGroupID
2. if moveMembers is false, make sure destinationMemberID belongs to destinationGroupID
*/
if (!sqlValue("select count(1) from membership_users where lcase(memberID)='{$sourceMemberID}' and groupID='{$sourceGroupID}'")) {
if ($sourceMemberID != -1) {
errorMsg("Invalid source member selected.");
include "{$currDir}/incFooter.php";
}
}
if (!$moveMembers) {
if (!sqlValue("select count(1) from membership_users where lcase(memberID)='{$destinationMemberID}' and groupID='{$destinationGroupID}'")) {
errorMsg("Invalid destination member selected.");
include "{$currDir}/incFooter.php";
}
}
// get group names
$sourceGroup = sqlValue("select name from membership_groups where groupID='{$sourceGroupID}'");
$destinationGroup = sqlValue("select name from membership_groups where groupID='{$destinationGroupID}'");
// begin transfer
echo "<br /><br /><br />";
if ($moveMembers && $sourceMemberID != -1) {
echo "Moving member '{$sourceMemberID}' and his data from group '{$sourceGroup}' to group '{$destinationGroup}' ...";
// change source member group
sql("update membership_users set groupID='{$destinationGroupID}' where lcase(memberID)='{$sourceMemberID}' and groupID='{$sourceGroupID}'", $eo);
$newGroup = sqlValue("select name from membership_users u, membership_groups g where u.groupID=g.groupID and lcase(u.memberID)='{$sourceMemberID}'");
// change group of source member's data
sql("update membership_userrecords set groupID='{$destinationGroupID}' where lcase(memberID)='{$sourceMemberID}' and groupID='{$sourceGroupID}'", $eo);
}
if ($cplanid == "--") {
errorMsg("Debe escoger un plan de estudios del que salió");
$mode = "edit";
}
if ($action == "Revisado") {
if (isBlank($responsables)) {
errorMsg("Debe proveer un nombre o lista de nombres de responsables");
$mode = "edit";
} else {
$status = 1;
}
}
if ($action == "Aprobado" or $action == "Entregado" or $action == "Confirmado") {
if (isBlank($acto)) {
errorMsg("Debe proveer un acto administrativo");
$mode = "edit";
} else {
$status = 2;
}
}
if ($action == "Rechazado") {
$status = 4;
//SEND A NOTIFICATION MESSAGE
$subject = "[SInfIn] Reconocimiento de Materias '{$recid}' Rechazado";
$message = <<<M
<p>
Señor(a) Estudiante,
</p>
<p>
Su solicitud de reconocimiento radicada en {$SINFIN} y presentada a nombre de <b>{$nombre}</b>
<?php
$currDir = dirname(__FILE__);
require "{$currDir}/incCommon.php";
// validate input
$groupID = intval($_GET['groupID']);
// make sure group has no members
if (sqlValue("select count(1) from membership_users where groupID='{$groupID}'")) {
errorMsg("Can't delete this group. Please remove members first.");
include "{$currDir}/incFooter.php";
}
// make sure group has no records
if (sqlValue("select count(1) from membership_userrecords where groupID='{$groupID}'")) {
errorMsg("Can't delete this group. Please transfer its data records to another group first..");
include "{$currDir}/incFooter.php";
}
sql("delete from membership_groups where groupID='{$groupID}'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}'", $eo);
if ($_SERVER['HTTP_REFERER']) {
redirect($_SERVER['HTTP_REFERER'], TRUE);
} else {
redirect("admin/pageViewGroups.php");
}
/**
* Will read data from dmoz, or the local cache (if enabled)
*/
function readData( $odpurl, $enable_cache ) {
global $cache_folder, $cache_timeout;
if($enable_cache) {
$filename = md5($odpurl);
$fullpath = $cache_folder."/".$filename;
if(file_exists($fullpath)) { // already cached
if($cache_timeout == 0) {
$odpurl = $fullpath;
} else {
$diff = time()-filemtime($fullpath);
if($diff > $cache_timeout) {
$savecache = true;
} else {
$odpurl = $fullpath;
}
}
} else {
$savecache = true;
}
}
if((@$fp = fopen( $odpurl, "r" )) != false) {
$html = join( "", file( $odpurl ) );
fclose ( $fp );
if($html != "" && $savecache) {
if(strpos($html, $donotcache) === false) { // don't cache if this is the 'ODP under heavy load' message
if((@$cf = fopen( $fullpath, "w" )) != false) {
fwrite($cf, $html);
fclose( $cf );
} else {
errorMsg("Error writing to cache!<br>Make sure the cache folder exists and is writeable by this script (you may also disable the cache)");
}
}
}
} else {
errorMsg("Error reading data from dmoz. This may be caused by the fact that you do not have access to use fopen() in this way.<br>Or it may be because the dmoz url is incorrect.<br><br>See <a href='http://www.bie.no/forum/index.php?act=ST&f=2&t=53'>discussion here</a> for more info!");
}
return $html;
}
/**
* Purpose: guess a letter in this word
* Preconditions: a game has started
* Postconditions: the game data is updated
**/
function guessLetter($letter)
{
if ($this->isOver()) {
return;
}
if (!is_string($letter) || strlen($letter) != 1 || !$this->isLetter($letter)) {
return errorMsg("Oops! Please enter a letter.");
}
//check if they've already guessed the letter
if (in_array($letter, $this->letters)) {
return errorMsg("Oops! You've already guessed this letter.");
}
//only allow lowercase letters
$letter = strtolower($letter);
//if the word contains this letter
if (!(strpos($this->wordList[$this->wordIndex], $letter) === false)) {
//increase their score based on how many guesses they've used so far
if ($this->health > 100 / ceil($this->guesses / 5)) {
$this->setScore(5);
} else {
if ($this->health > 100 / ceil($this->guesses / 4)) {
$this->setScore(4);
} else {
if ($this->health > 100 / ceil($this->guesses / 3)) {
$this->setScore(3);
} else {
if ($this->health > 100 / ceil($this->guesses / 2)) {
$this->setScore(2);
} else {
$this->setScore(1);
}
}
}
}
//add the letter to the letters array
array_push($this->letters, $letter);
//if they've found all the letters in this word
if (implode(array_intersect($this->wordLetters, $this->letters), "") == str_replace($this->punctuation, "", strtolower($this->wordList[$this->wordIndex]))) {
$this->won = true;
} else {
return successMsg("Good guess, that's correct!");
}
} else {
//reduce their health
$this->setHealth(ceil(100 / $this->guesses) * -1);
//add the letter to the letters array
array_push($this->letters, $letter);
if ($this->isOver()) {
return;
} else {
return errorMsg("There are no letter {$letter}'s in this word.");
}
}
}
$moveMembers = intval($_GET['moveMembers']);
// transfer operations
if ($sourceGroupID && $sourceMemberID && $destinationGroupID && ($destinationMemberID || $moveMembers) && $_GET['beginTransfer'] != '') {
/* validate everything:
1. Make sure sourceMemberID belongs to sourceGroupID
2. if moveMembers is false, make sure destinationMemberID belongs to destinationGroupID
*/
if (!sqlValue("select count(1) from membership_users where lcase(memberID)='{$sourceMemberID}' and groupID='{$sourceGroupID}'")) {
if ($sourceMemberID != -1) {
errorMsg($Translation['invalid source member']);
include "{$currDir}/incFooter.php";
}
}
if (!$moveMembers) {
if (!sqlValue("select count(1) from membership_users where lcase(memberID)='{$destinationMemberID}' and groupID='{$destinationGroupID}'")) {
errorMsg($Translation['invalid destination member']);
include "{$currDir}/incFooter.php";
}
}
// get group names
$sourceGroup = sqlValue("select name from membership_groups where groupID='{$sourceGroupID}'");
$destinationGroup = sqlValue("select name from membership_groups where groupID='{$destinationGroupID}'");
// begin transfer
echo "<br><br><br>";
if ($moveMembers && $sourceMemberID != -1) {
$originalValues = array('<MEMBERID>', '<SOURCEGROUP>', '<DESTINATIONGROUP>');
$replaceValues = array($sourceMemberID, $sourceGroup, $destinationGroup);
echo str_replace($originalValues, $replaceValues, $Translation['moving member']);
// change source member group
sql("update membership_users set groupID='{$destinationGroupID}' where lcase(memberID)='{$sourceMemberID}' and groupID='{$sourceGroupID}'", $eo);
$newGroup = sqlValue("select name from membership_users u, membership_groups g where u.groupID=g.groupID and lcase(u.memberID)='{$sourceMemberID}'");
<td><input type="password" name="pass1" placeholder="Contraseña nueva"></td>
</tr>
<tr class="newpass">
<td>Repita su contraseña:</td>
<td><input type="password" name="pass2" placeholder="Contraseña nueva otra vez"></td>
</tr>
<tr>
<td colspan=2>
<input type="submit" name="action" value="Cambiar">
</td>
</tr>
</table>
</form>
C;
} else {
errorMsg("Contraseña no reconocida");
$content .= "<i>Fallo de autenticación</i>";
}
} else {
}
}
}
}
}
////////////////////////////////////////////////////////////////////////
//FOOTER AND RENDER
////////////////////////////////////////////////////////////////////////
end:
$content .= "</div>";
$content .= getMessages();
$content .= getFooter();
errorMsg("File does not exist!");
}
$resizedFile = $config['rootPath'] . 'cache' . DS . 'img' . DS . $theme_name . DS . $module . DS . $preset . DS . $filename;
$resizedPath = dirname($resizedFile);
if (!recursive_mkdir($resizedPath, 0777)) {
errorMsg("Can not create dir! Path: {$resizedPath}");
}
if (!file_exists($resizedFile) || time() - filemtime($resizedFile) >= (int) $config['cache.power.time']) {
$img = new rad_gd_image();
if ($img->set($originalFile, $resizedFile, $preset)) {
$r = $img->resize();
if (!$r) {
errorMsg($img->getError());
}
} else {
errorMsg($img->getError());
}
}
switch (rad_gd_image::getFileExtension($resizedFile)) {
case 'jpg':
case 'jpeg':
case 'jpe':
header('Content-type: image/jpeg');
break;
case 'png':
header('Content-type: image/png');
break;
case 'gif':
header('Content-type: image/gif');
break;
case 'gd':
} else {
if (sizeof($databases) > 0) {
$DBFilename = $databases[0];
} else {
errorMsg($errorMessages[6], true);
}
if (isset($_POST['database_switch'])) {
$_SESSION['DBFilename'] = $_POST['database_switch'];
$DBFilename = $_POST['database_switch'];
}
if (isset($_SESSION['DBFilename'])) {
$DBFilename = $_SESSION['DBFilename'];
}
//First, check that the right classes are available
if (!class_exists("PDO") && !class_exists("SQLite3") && !class_exists("SQLite")) {
errorMsg($errorMessages[0], true);
}
/*
if($DBFilename!="") //these errors only apply when the file is specified - so if it isn't, don't check for the errors
{
//Second, check to see that the database file is intact and can be used
if(!file_exists($DBFilename))
errorMsg($errorMessages[1], true);
//Check the permissions of the database file
$perms = substr(decoct(fileperms($DBFilename)),4);
if(intval($perms)<44)
errorMsg($errorMessages[2], true);
else if(intval($perms)>=44 && intval($perms)<66)
errorMsg($errorMessages[3], false); // non-fatal error.
}
}
//set $str to be trimmed and continue
$str = ltrim($str, "word=");
//check for errrrrrrros
//if not enough or too many numbers
if (strlen($str) < 4 || strlen($str) > 7 || $str == "") {
//if data after word= is empty
if ($str == "") {
errorMsg("variable word is empty.");
exit;
}
errorMsg("words must be at least four and at most seven letters long.<br />\n");
exit;
} else {
if (!preg_match('/^[A-z]+$/', $str)) {
errorMsg("words must be only letters.");
exit;
}
}
//unJumbler, if no errors occured
writeBeginningHTML(NAME . " - " . COURSE . " - Lab " . LAB_NO . " Jumble Word Solver Results");
$word = strtoupper($str);
$perms = permute($word);
$data = file_get_contents("/usr/dict/words");
$data = strtoupper($data);
$lines = explode(PHP_EOL, $data);
$matches = array_intersect($perms, $lines);
$word = strtoupper($str);
$matches = array_unique($matches);
$count = count($matches);
$test = count($matches);
function parseYesNo($data, $tag)
{
// $pattern = "/ *([YyNn]) */";
// had to update the pattern to deal with NO and YES
//
$pattern = "/^ *(y)e*s* *\$|^ *(n)o* *\$/i";
// empty data is considered "no" and doesn't throw an error
if ($data == "") {
return false;
}
if (!preg_match($pattern, $data, $matches)) {
errorMsg("bad Y/N data in {$tag}");
return false;
// default to false for bad data, but throw error
}
$match = strtolower($matches[1]);
switch ($match) {
case 'y':
return true;
case 'n':
return false;
}
}
errorMsg("La solicitud '{$movilid}' no existe");
}
$mode = "lista";
}
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
//LOAD DATA
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
if ($action == "loadmovil") {
if ($result = mysqlCmd("select * from Movilidad where movilid='{$movilid}'")) {
foreach (array_keys($MOVILIDAD_FIELDS) as $field) {
${$field} = $result["{$field}"];
}
statusMsg("Cargado");
} else {
$mode = "lista";
errorMsg("La solicitud no existe");
}
goto endaction;
}
endaction:
} else {
}
////////////////////////////////////////////////////////////////////////
//MODOS
////////////////////////////////////////////////////////////////////////
if (!isset($mode)) {
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
//PRINCIPAL
//%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
$content .= <<<C
<p>
$slkCommand = $_POST['command'];
$slkParams = $_POST['text'];
$slkChannel = $_POST['channel_name'];
$prsParams = explode(" ", $slkParams);
if (!isset($_POST['user_name'])) {
die('[SlackBounty] Direct access to this file is not permitted.');
}
try {
$conn = new PDO("mysql:host={$sqlServer};dbname={$sqlName}", $sqlUser, $sqlPass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//echo "SQL Connection established.";
} catch (PDOException $e) {
$genError = $e->getMessage();
echo '[SlackBounty] Uh oh. Something\'s not right with the database. I\'m sending @' . $teamOwner . ' a message!';
//echo "Connection failed: " . $e->getMessage();
errorMsg($slkUsername, $webhookURL, $genError);
die;
}
$userRegistered = checkUser($slkUsername, $conn);
// Will be validated by a db lookup
$isAdmin = checkUserAdmin($slkUsername, $conn);
// Remove empty elements
foreach ($prsParams as $key => $value) {
if (empty($value)) {
unset($prsParams[$key]);
}
}
if (!$userRegistered && $prsParams[0] == 'register') {
echo 'Just a second, registering your account!';
registerUser($slkUsername, $conn, $webookURL);
die;
$cachedFile = $config['rootPath'] . 'cache' . DS . $type . DS . $theme_name . DS . $module . DS . $filename;
$cachedPath = dirname($cachedFile);
if (!recursive_mkdir($cachedPath, 0777)) {
errorMsg('Can not create dir! Path: {$cachedPath}');
}
if (!file_exists($cachedFile) || time() - filemtime($cachedFile) >= (int) $config['cache.power.time']) {
$originalFile = rad_themer::getFilePath($theme_name, 'jscss', $module, $filename);
if (!$originalFile) {
errorMsg('File does not exist!');
}
try {
rad_jscss::copyToCache($originalFile, $cachedFile);
} catch (Exception $e) {
errorMsg("Could not copy file {$originalFile} to {$cachedFile}");
}
}
if (!@readfile($cachedFile)) {
errorMsg("Error reading {$cachedFile}");
}
function errorMsg($msg = null)
{
header('HTTP/1.0 404 Not Found');
if ($GLOBALS['config']['debug.showErrors']) {
if (!empty($msg)) {
print $msg;
ob_flush();
flush();
}
}
die;
}
<?php
define("ENV", "ONLINE");
define('REDIS_SERVER_ENV', '__ONLINE__');
$city = $_GET['city'];
$linename = $_GET['linename'];
$type = $_GET['type'];
$json = "json" == $_GET['datatype'] ? true : false;
$stationNo = $_GET['stationNo'];
if (empty($city) || empty($linename)) {
$message = errorMsg($json);
} else {
$data = getBusRealtimeInfo($city, $linename, $type, $stationNo);
if ($data) {
$busNum = count($data);
$status = 200;
$msg = 'success';
} else {
$busNum = 0;
$status = 502;
$msg = '获取数据失败';
}
if ($json) {
$linename = str_replace('"', '\\"', $linename);
$message = '{"root":{' . '"status":"' . $status . '",' . '"message":"' . $msg . '",' . '"city":"' . $city . '",' . '"linename":"' . $linename . '",' . '"busnum":"' . $busNum . '"';
if ($data) {
$message .= ',"dataList":{"bus":[';
foreach ($data as $i => $bus) {
$sname = str_replace('"', '\\"', $bus['nextStation']);
$message .= '{' . '"busid":"' . $bus['busid'] . '",' . '"type":"' . $bus['type'] . '",' . '"nextStation":"' . $sname . '",' . '"nextStationNo":"' . $bus['nextStationNo'] . '",' . '"nextStationDistince":"' . $bus['nextStationDistince'] . '",' . '"nextStationRunTimes":"' . $bus['nextStationRunTimes'] . '",' . '"nextStationTime":"' . $bus['nextStationTime'] . '",' . '"stationDistince":"' . $bus['stationDistince'] . '",' . '"stationRunTimes":"' . $bus['stationRunTimes'] . '",' . '"stationTime":"' . $bus['stationTime'] . '",' . '"speed":"' . $bus['speed'] . '",' . '"extraInfo":"' . $bus['extraInfo'] . '",' . '"gpsupdateTime":"' . $bus['gpsupdateTime'] . '",' . '"lon":"' . $bus['lon'] . '",' . '"lat":"' . $bus['lat'] . '",' . '"updateTime":"' . $bus['updateTime'] . '"' . '}';
if ($i != count($data) - 1) {
$PHPDateFormat = makeSafe($_POST['PHPDateFormat']);
$PHPDateTimeFormat = makeSafe($_POST['PHPDateTimeFormat']);
$groupsPerPage = intval($_POST['groupsPerPage']) ? intval($_POST['groupsPerPage']) : $adminConfig['groupsPerPage'];
$membersPerPage = intval($_POST['membersPerPage']) ? intval($_POST['membersPerPage']) : $adminConfig['membersPerPage'];
$recordsPerPage = intval($_POST['recordsPerPage']) ? intval($_POST['recordsPerPage']) : $adminConfig['recordsPerPage'];
$defaultSignUp = intval($_POST['visitorSignup']);
$anonymousGroup = makeSafe($_POST['anonymousGroup']);
$anonymousMember = makeSafe($_POST['anonymousMember']);
$senderEmail = isEmail($_POST['senderEmail']);
$senderName = makeSafe($_POST['senderName']);
$approvalMessage = makeSafe($_POST['approvalMessage']);
//$approvalMessage=str_replace(array("\r", "\n"), '\n', $approvalMessage);
$approvalSubject = makeSafe($_POST['approvalSubject']);
// save changes
if (!($fp = @fopen($conFile, "w"))) {
errorMsg("Couldn't create the file '{$conFile}'. Please make sure the directory is writeable (Try chmoding it to 755 or 777).");
include "{$d}/incFooter.php";
} else {
fwrite($fp, "<?php\n\t");
fwrite($fp, "\$adminConfig['adminUsername']='******';\n\t");
fwrite($fp, "\$adminConfig['adminPassword']='******';\n\t");
fwrite($fp, "\$adminConfig['notifyAdminNewMembers']={$notifyAdminNewMembers};\n\t");
fwrite($fp, "\$adminConfig['defaultSignUp']={$defaultSignUp};\n\t");
fwrite($fp, "\$adminConfig['anonymousGroup']='{$anonymousGroup}';\n\t");
fwrite($fp, "\$adminConfig['anonymousMember']='{$anonymousMember}';\n\t");
fwrite($fp, "\$adminConfig['groupsPerPage']={$groupsPerPage};\n\t");
fwrite($fp, "\$adminConfig['membersPerPage']={$membersPerPage};\n\t");
fwrite($fp, "\$adminConfig['recordsPerPage']={$recordsPerPage};\n\t");
fwrite($fp, "\$adminConfig['custom1']='{$custom1}';\n\t");
fwrite($fp, "\$adminConfig['custom2']='{$custom2}';\n\t");
fwrite($fp, "\$adminConfig['custom3']='{$custom3}';\n\t");
<td><input type="text" id="tfnNr" name="tfnNr" value="<?php
echo $_SESSION['tfnNr'];
?>
" maxlength="20" /></tr>
</tr>
<td></td><td> <?php
errorMsg();
?>
</td>
<tr>
<td>
<p align="right"> </p>
</td><td>
<input class="button" type="submit" value="→ Update info" />
<td>
</tr>
</table>
<?php
errorMsg();
?>
</fieldset>
<br>
</form>
<form action="?p=order_history" method="post">
<input class="button" type="submit" value="Order History" />
</form>
<?php
}
$tableName = $row['tableName'];
$pkValue = $row['pkValue'];
$memberID = strtolower($row['memberID']);
$dateAdded = @date($adminConfig['PHPDateTimeFormat'], $row['dateAdded']);
$dateUpdated = @date($adminConfig['PHPDateTimeFormat'], $row['dateUpdated']);
$groupID = $row['groupID'];
} else {
// no such record exists
die("<div class=\"status\">Error: Record not found!</div>");
}
}
// get pk field name
$pkField = getPKFieldName($tableName);
// get field list
if (!($res = sql("show fields from `{$tableName}`", $eo))) {
errorMsg("Couldn't retrieve field list from '{$tableName}'");
}
while ($row = db_fetch_assoc($res)) {
$field[] = $row['Field'];
}
$res = sql("select * from `{$tableName}` where `{$pkField}`='" . makeSafe($pkValue, false) . "'", $eo);
if ($row = db_fetch_assoc($res)) {
?>
<h2>Table: <?php
echo $tableName;
?>
</h2>
<table class="table table-striped">
<tr>
<td class="tdHeader"><div class="ColCaption">Field name</div></td>
<td class="tdHeader"><div class="ColCaption">Value</div></td>
<td><input type="password" name="pass1" placeholder="Your new password"></td>
</tr>
<tr>
<td>Confirm password:</td>
<td><input type="password" name="pass2" placeholder="Repeat your password"></td>
</tr>
<tr>
<td colspan=2>
<input type="submit" name="action" value="Change">
</td>
</tr>
</table>
</form>
C;
} else {
errorMsg("User not authorized");
$CONTENT .= "<i>Authentication failed</i>";
}
} else {
if ($if == "newuser") {
$CONTENT .= <<<C
<form>
<h3>Nuevo usuario</h3>
<table>
<tr>
<td>Name:</td>
<td><input type="text" name="uname" placeholder="Name" value="{$uname}"></td>
</tr>
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" placeholder="Your e-mail" value="{$email}"></td>