Пример #1
0
function escape_str($str, $id_connect = false)
{
    if (is_array($str)) {
        foreach ($str as $key => $val) {
            $str[$key] = escape_str($val);
        }
        return $str;
    }
    if (is_numeric($str)) {
        return $str;
    }
    if (get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    if (function_exists('mysql_real_escape_string') and is_resource($id_connect)) {
        return "'" . mysql_real_escape_string($str, $id_connect) . "'";
    } elseif (function_exists('mysql_escape_string')) {
        return "'" . mysql_escape_string($str) . "'";
    } else {
        return "'" . addslashes($str) . "'";
    }
}
Пример #2
0
function Ebak_ReSqlFtext($str,$bakdatatype,$i,$tbstrf){
	if($bakdatatype==1&&!empty($str)&&strstr($tbstrf,','.$i.','))
	{
		$restr='0x'.bin2hex($str);
	}
	else
	{
		$restr='\''.escape_str($str).'\'';
	}
	return $restr;
}
Пример #3
0
     } else {
         $table_sql .= ";\r\n";
     }
 }
 $result = $db->query("SELECT * FROM " . $table);
 $field_num = $db->num_fields($result);
 $row_count = $db->getfirst("SELECT COUNT(*) FROM " . $table);
 $j = 0;
 while ($row = $db->fetch_array($result, MYSQL_NUM)) {
     if ($j < $pos) {
         $j++;
         continue;
     }
     $table_sql .= "INSERT INTO `" . $table . "` VALUES (";
     for ($m = 0; $m < $field_num; $m++) {
         $table_sql .= "'" . escape_str($row[$m]) . "',";
     }
     $table_sql = substr($table_sql, 0, -1) . ");\r\n";
     if (strlen($sql . $table_sql) >= $limit_size * 1000) {
         if (!write_file("../data/{$backup_dir}/{$file}_{$num}.sql", $sql)) {
             adminmsg('备份数据库卷-' . $num . '失败', 0);
         }
         if ($j == $row_count - 1) {
             $i++;
         }
         $link[0]['text'] = "系统将自动继续...";
         $link[0]['href'] = "admin_database.php?act=do_backup&limit_size={$limit_size}&mysql_type={$mysql_type}&file={$file}&num=" . ($num + 1) . "&table_id={$i}&pos=" . $j;
         adminmsg('文件' . $file . '_' . $num . '.sql 成功备份。系统将自动继续...', 1, $link, true, 1);
         exit;
     } else {
         $sql .= $table_sql;
Пример #4
0
  </div>
</nav>

<div class="container">
	<div class="col-md-12 navbar-ambush-background" style="border-radius: 15px;">
		<div id="announcements">
			<h1>Announcements</h1>
			<?php 
function escape_str($string)
{
    $encoded = urlencode($string);
    $encoded = str_replace('+', '%20', $encoded);
    return $encoded;
}
foreach ($announcements as $a) {
    echo '<a href="classes/videos/watch/?class=' . escape_str($a['class']) . '&video=' . escape_str($a['vname']) . '&ext=' . escape_str($a['ext']) . '">';
    echo '<div class="col-md-3 background-color: inherit">';
    echo '<div class="quote-container">';
    echo '<i class="pin"></i>';
    echo '<blockquote class="note yellow">';
    echo $a['vdescription'];
    echo '<cite class="author">';
    echo $a['class'];
    echo '</cite>';
    echo '</blockquote>';
    echo '</div>';
    echo '</div>';
    echo '</a>';
}
?>
		</div>
Пример #5
0
	/**
	* createGrid : get meta data & data for specified grid
	* 
	* @param string $strGridName	grid name
	* @param bool 	$reconfigure	reconfigure flag
	* @param number $start			start row number
	* @param number $limit			limit number
	* @param array 	$filters		filter(s) condition
	* @param array 	$order			order number
	* @return array or bool
	*/
	public function &createGrid($strGridName, $reconfigure, $start, $limit, $filters=null, $order=null) {
		//1,prepare return object
		$this->objResult = new MetaData_Grid($reconfigure);
		$this->objResult->setStart($start);
		$this->objResult->setLimit($limit);
		
		//2,load configuration information
		$arrConfig = &$this->loadConfig($strGridName,META_TYPE_GRID);
		if(!is_array($arrConfig)){
			$this->objResult->setMessage('Failed to load configuration information.');
			log_message('ERROR','Failed to load configuration information.');
			return $this->objResult->getData($reconfigure);
		}
		
		//3,build where condition
		if(empty($this->whereUD)){
			$this->whereUD = '1=1';
		}
		
		$blRtn 		= true;
		$strOrder 	= '';
		$arrHiddenFld = array(META_KEY_DBFIELD,META_KEY_NAME);
		foreach($arrConfig as $idx => &$arrTmpGrid){
			$arrMeta = &$arrTmpGrid[META_KEY_METADATA];
			$arrAttr = &$arrTmpGrid[META_KEY_ATTRI];
			$arrExtra= &$arrTmpGrid[META_KEY_EXTRA];
			$rowid = (isset($arrAttr[META_KEY_ROWID]) && !empty($arrAttr[META_KEY_ROWID]))?$arrAttr[META_KEY_ROWID]:META_KEY_ROWID;
			
			$this->objResult->setId($rowid);
			$this->objResult->setExtra($arrExtra);
			
			//4,build filter condition
			$strFilters = '';
			if(is_array($filters) && count($filters)>0){
				foreach($filters as $idxFilter => $valFilter){
					//sanity check
					if( !isset($valFilter['data']) || !isset($valFilter['data']['type']) || !isset($valFilter['field']) )	continue;
					
					//incorrect field specified
					$field = '';
					if(!isset($arrMeta[$valFilter['field']])){
						log_message('ERROR','Incorrect filter field have been provided : '.$valFilter['field']);
						continue;
					}
					$field = $arrMeta[$valFilter['field']];
					if(isset($field['dbfield'])){
						$field = $field['dbfield'];
					}else{
						$field = $field['id'];
					}
					
					//fix string value
		       		if( isset($valFilter['data']['value']) ){
						if (is_string($valFilter['data']['value'])) {
							$valFilter['data']['value'] = escape_str($valFilter['data']['value']);
						}
						$valFilter['data']['value'] = conv_string($valFilter['data']['value'], false);
		       		}else{
		       			$valFilter['data']['value'] = '';
		       		}
		       		
		       		//type mapping
		       		$strCond = '';
		       		switch($valFilter['data']['type']){
		       			case 'numeric':
		       			case 'date':
							if('gt' == $valFilter['data']['comparison']) {
			                    $comp = ">";
			                }else if('lt' == $valFilter['data']['comparison']) {
			                    $comp = "<";
			                }else{
			                	$comp = "=";
			                }
			                if ('date' == $valFilter['data']['type']) {
			                	$valFilter['data']['value'] = date('Ymd',strtotime($valFilter['data']['value']));
			                	$strCond .= $field . $comp ."'". $valFilter['data']['value']."'";
			                }else{//numeric
			                    $strCond .= $field . $comp . $valFilter['data']['value'];
			                }
		       				break;
		       			case 'string':
		       				$strCond .= $field . " LIKE '%{$valFilter['data']['value']}%' ";
		       				break;
		       			case 'clist':
		       			case 'list':
			                $values = explode(',', $valFilter['data']['value']);
			                $strCond .= "$field IN ('".implode("','",$values)."') ";
			                unset($values);
		       				break;
		       			case 'nlist':
			                $values = explode(',', $valFilter['data']['value']);
			                $strCond .= "$field IN (".implode(",",$values).") ";
			                unset($values);
		       				break;
		       			default:
		       				log_message('ERROR','Unkown type have been provided : '.$valFilter['data']['type']);
		       				break;
		       		}
		       		if( strlen($strCond )>0 ){
		       			if(strlen($strFilters)>0)	$strFilters .= ' AND ';
		       			$strFilters .= $strCond;
		       		}
				}
			}
			if(strlen($strFilters)<=0){
				$strFilters = '1=1';
			}
			
			//5,prepare data for template replacing
			$this->arrTplDefault = array(	'C_UID'			=> 'get_UID',
											META_SQL_WHERE	=> $this->whereUD,
											META_SQL_FILTER	=> $strFilters,
											META_SQL_START	=> $start,
											META_SQL_LIMIT	=> $limit
									 );
			//6,prepare strOrder
			if(is_array($order) && isset($order['sort']) && !empty($order['sort'])){
				$this->objResult->setSortInfo($order['sort'],isset($order['dir'])?$order['dir']:'ASC');
				$strOrder = $order['sort'];
				if(isset($arrMeta[$strOrder]) && isset($arrMeta[$strOrder][META_KEY_DBFIELD])){
					$strOrder = $arrMeta[$strOrder][META_KEY_DBFIELD];
				}
				$strOrder .= ' '.(isset($order['dir'])?$order['dir']:'ASC');
			/*}elseif(isset($arrAttr[META_KEY_DFTORDER]) && !empty($arrAttr[META_KEY_DFTORDER])){
				$this->objResult->setSortInfo($arrAttr[META_KEY_DFTORDER],'ASC');
				$strOrder = $arrAttr[META_KEY_DFTORDER];*/
			}else{
				//find the first column as the default order column
				foreach($arrMeta as $key => $arrCol){
					if(isset($arrCol[META_KEY_DBFIELD])){
						$strOrder = $arrCol[META_KEY_DBFIELD].' ASC';
					}else{
						$strOrder = $key.' ASC';
					}
					$this->objResult->setSortInfo($key,'ASC');
					
					break;//juest need to get the first one
				}
			}
			$this->arrTplDefault[META_SQL_ORDER] = $strOrder;
			
			//7,prepare rowid
			$this->arrTplDefault[META_SQL_ROWID] = "cast(row_number() over (order by $strOrder) as int) as $rowid";
			
			//8,prepare 'all' & fields
			$strCols = '';
			$fields = array();
			/*if( !isset($arrMeta[$rowid]) ){
				$fields[] = array(META_KEY_ID=>$rowid,META_KEY_NAME=>$rowid,META_KEY_HEADER=>'ID','width'=>8);
			}*/
			foreach($arrMeta as $key => $arrCol){
				//prepare columns list(string)
				if(strlen($strCols)>0)	$strCols .= ',';
				if(isset($arrCol[META_KEY_DBFIELD]) && strcasecmp($arrCol[META_KEY_DBFIELD],$key) !=0 ){
					$strCols .= $arrCol[META_KEY_DBFIELD].' as '.$key;
				}else{
					$strCols .= $key;
				}
				
				//prepare columns list(array)
				$arrTmpFld = array();
				foreach($arrCol as $key => $val){
					if(!in_array($key,$arrHiddenFld)){
						$arrTmpFld[$key] = $val;
					}
				}
				if( !isset($arrTmpFld[META_KEY_NAME]) )		$arrTmpFld[META_KEY_NAME] 		= $arrCol[META_KEY_ID];
				if( !isset($arrTmpFld[META_KEY_HEADER]) )	$arrTmpFld[META_KEY_HEADER] 	= $arrCol[META_KEY_ID];
				
				$fields[] = $arrTmpFld;
				unset($arrTmpFld);
			}
			$this->arrTplDefault[META_SQL_ALL]	= $strCols;
			
			$this->objResult->setFields($fields);
			unset($fields);
			
			//9,merge user provide data with pre-defined data
			if(is_array($this->arrUDV) && count($this->arrUDV)>0){
				$this->arrTplDefault = array_merge($this->arrTplDefault,$this->arrUDV);
			}
			
			//10,template replacing
			if($arrAttr[META_KEY_USETPL]){
				$arrTmpGrid[META_KEY_DATA]	= preg_replace_callback('/(.?)\{([^\}]+)\}/i',array('self','replaceTpl'),$arrTmpGrid[META_KEY_DATA]);
			}
			
			//11,call relevant sub-function to retrieve data
			$mth = __FUNCTION__.'_'.$arrAttr[META_KEY_TYPE];
			if( !method_exists($this,$mth) ){
				$this->objResult->setMessage('Invalide type had been provided : '.$strType);
				log_message('ERROR','Invalide type had been provided : '.$strType);
				$blRtn = false;
				break;
			}else{
				if( !call_user_func_array( array($this,$mth), array(&$arrAttr,&$arrMeta,$arrTmpGrid[META_KEY_DATA])) ){
					$this->objResult->setMessage('Failed to load data.');
					log_message('ERROR','Failed to call sub-function : '.$mth);
					$blRtn = false;
					break;
				}else{
					$this->objResult->setSuccess(true);
				}
			}
		}
		if( !$blRtn ){
			return $this->objResult->getData($reconfigure);
		}

		return $this->objResult->getData($reconfigure);
	}
Пример #6
0
function GetFieldStr($str)
{
    $restr = '\'' . escape_str($str) . '\'';
    return $restr;
}
Пример #7
0
function Ebak_BakExeT($t, $s, $p, $mypath, $alltotal, $thenof, $fnum, $auf = '', $aufval = 0, $stime = 0)
{
    global $empire, $bakpath, $limittype, $fun_r;
    if (empty($mypath)) {
        printerror("ErrorUrl", "history.go(-1)");
    }
    $path = $bakpath . "/" . $mypath;
    @(include $path . "/config.php");
    if (empty($b_table)) {
        printerror("ErrorUrl", "history.go(-1)");
    }
    $waitbaktime = (int) $_GET['waitbaktime'];
    if (empty($stime)) {
        $stime = time();
    }
    $header = "<?php\r\n@include(\"../../inc/header.php\");\r\n";
    $footer = "\r\n@include(\"../../inc/footer.php\");\r\n?>";
    $btb = explode(",", $b_table);
    $count = count($btb);
    $t = (int) $t;
    $s = (int) $s;
    $p = (int) $p;
    //备份完毕
    if ($t >= $count) {
        echo "<script>alert('" . $fun_r['BakSuccess'] . "\\n\\n" . $fun_r['TotalUseTime'] . ToChangeUseTime($stime) . "');self.location.href='ChangeDb.php';</script>";
        exit;
    }
    $dumpsql = Ebak_ReturnVer();
    //选择数据库
    $u = $empire->query("use `{$b_dbname}`");
    //编码
    if ($b_dbchar == 'auto') {
        if (empty($s)) {
            $status_r = Ebak_GetTotal($b_dbname, $btb[$t]);
            $collation = Ebak_GetSetChar($status_r['Collation']);
            DoSetDbChar($collation);
            //总记录数
            $num = $limittype ? -1 : $status_r['Rows'];
        } else {
            $collation = $_GET['collation'];
            DoSetDbChar($collation);
            $num = (int) $alltotal;
        }
        $dumpsql .= Ebak_ReturnSetNames($collation);
    } else {
        DoSetDbChar($b_dbchar);
        if (empty($s)) {
            //总记录数
            if ($limittype) {
                $num = -1;
            } else {
                $status_r = Ebak_GetTotal($b_dbname, $btb[$t]);
                $num = $status_r['Rows'];
            }
        } else {
            $num = (int) $alltotal;
        }
    }
    //备份数据库结构
    if ($b_stru && empty($s)) {
        $dumpsql .= Ebak_Returnstru($btb[$t], $b_strufour);
    }
    //取得字段数
    if (empty($fnum)) {
        $return_fr = Ebak_ReturnTbfield($b_dbname, $btb[$t], $b_autofield);
        $fieldnum = $return_fr['num'];
        $noautof = $return_fr['autof'];
        $auf = $return_fr['auf'];
    } else {
        $fieldnum = $fnum;
        $noautof = $thenof;
    }
    //自动识别自增项
    $aufval = (int) $aufval;
    if ($b_autoauf == 1 && $auf) {
        $sql = $empire->query("select * from `" . $btb[$t] . "` where " . $auf . ">" . $aufval . " order by " . $auf . " limit {$b_bakline}");
    } else {
        $sql = $empire->query("select * from `" . $btb[$t] . "` limit {$s},{$b_bakline}");
    }
    //完整插入
    $inf = '';
    if ($b_beover == 1) {
        $inf = '(' . Ebak_ReturnInTbfield($b_dbname, $btb[$t]) . ')';
    }
    $b = 0;
    while ($r = $empire->fetch($sql)) {
        if ($auf) {
            $lastaufval = $r[$auf];
        }
        $b = 1;
        $s++;
        $dumpsql .= "E_D(\"" . $b_insertf . " into `" . $btb[$t] . "`" . $inf . " values(";
        $first = 1;
        for ($i = 0; $i < $fieldnum; $i++) {
            //首字段
            if (empty($first)) {
                $dumpsql .= ",";
            } else {
                $first = 0;
            }
            $myi = $i + 1;
            if (!isset($r[$i]) || strstr($noautof, "," . $myi . ",")) {
                $dumpsql .= "NULL";
            } else {
                $dumpsql .= "'" . escape_str($r[$i]) . "'";
            }
        }
        $dumpsql .= ");\");\r\n";
    }
    if (empty($b)) {
        //最后一个备份
        if (empty($p)) {
            $p++;
            $sfile = $path . "/" . $btb[$t] . "_" . $p . ".php";
            $dumpsql = $header . $dumpsql . $footer;
            WriteFiletext_n($sfile, $dumpsql);
        }
        Ebak_RepFilenum($p, $btb[$t], $path);
        $t++;
        $empire->free($sql);
        //进入下一个表
        //echo $fun_r['OneTableBakSuccOne'].$btb[$t].$fun_r['OneTableBakSuccTwo']."<script>self.location.href='phome.php?phome=BakExeT&s=0&p=0&t=$t&mypath=$mypath&stime=$stime';</script>";
        echo "<meta http-equiv=\"refresh\" content=\"" . $waitbaktime . ";url=phome.php?phome=BakExeT&s=0&p=0&t={$t}&mypath={$mypath}&stime={$stime}&waitbaktime={$waitbaktime}\">" . $fun_r['OneTableBakSuccOne'] . $btb[$t - 1] . $fun_r['OneTableBakSuccTwo'];
        exit;
    }
    //进入下一组
    $p++;
    $sfile = $path . "/" . $btb[$t] . "_" . $p . ".php";
    $dumpsql = $header . $dumpsql . $footer;
    WriteFiletext_n($sfile, $dumpsql);
    $empire->free($sql);
    //echo $fun_r['BakOneDataSuccess'].Ebak_EchoBakSt($btb[$t],$count,$t,$num,$s)."<script>self.location.href='phome.php?phome=BakExeT&s=$s&p=$p&t=$t&mypath=$mypath&alltotal=$num&thenof=$noautof&fieldnum=$fieldnum&auf=$auf&aufval=$lastaufval&stime=$stime';</script>";
    echo "<meta http-equiv=\"refresh\" content=\"" . $waitbaktime . ";url=phome.php?phome=BakExeT&s={$s}&p={$p}&t={$t}&mypath={$mypath}&alltotal={$num}&thenof={$noautof}&fieldnum={$fieldnum}&auf={$auf}&aufval={$lastaufval}&stime={$stime}&waitbaktime={$waitbaktime}&collation={$collation}\">" . $fun_r['BakOneDataSuccess'] . Ebak_EchoBakSt($btb[$t], $count, $t, $num, $s);
    exit;
}
Пример #8
0
<?php

if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
    die;
}
require_once '../classes/sqlite.php';
require_once '../classes/security.php';
require_once '../classes/template.php';
date_default_timezone_set('Pacific/Auckland');
$db = new sqlite('../db/' . $_POST['db'], 'list');
$content = escape_str($_POST['content']);
$date = gmdate('c');
$inserted = $db->insert(array('content' => $content, 'date' => $date));
if ($inserted) {
    Template::make_new(array('id' => $db->last_insert, 'content' => $content, 'date' => $date));
}
Пример #9
0
<?php

if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
    die;
}
require_once '../classes/sqlite.php';
require_once '../classes/security.php';
require_once '../classes/template.php';
$db = new sqlite('../db/' . $_POST['db'], 'title');
$db->where('id', 1);
$updated = $db->update(array('name' => escape_str($_POST['name'])));
echo $updated;
Пример #10
0
function array_escape($arr)
{
    if (!is_array($arr)) {
        return escape_str($arr);
    }
    return array_map('array_escape', $arr);
}
Пример #11
0
$classes;
if ($_GET) {
    $classes = array('classes' => $_GET['class']);
} else {
    $classes = $_SESSION['classes'];
}
$conn = new MongoClient("mongodb://127.0.0.1:27017");
if ($conn) {
    //Iterate over classes and echo List of classes
    foreach ($classes as $c) {
        echo "<li><h3>" . $c . "</h3>";
        $videos = $conn->selectCollection("project", "videos");
        $query = array('class' => $c);
        $result = $videos->find($query);
        //Iterate through class to get videos and echo list item
        foreach ($result as $v) {
            echo '<li style="padding-left:10px;"><a href="watch/?class=' . escape_str($v['class']) . '&video=' . escape_str($v['vname']) . '&ext=' . escape_str($v['ext']) . '"><h4>' . $v["vname"] . '</h4></a></li>';
            echo '<p style="padding-left:20px;">' . $v['vdescription'] . '</p>';
        }
        echo "</li>";
    }
}
?>
        </ul>
    </div>
    <div class="col-md-3"></div>
</div>

</body>
</html>