function create($inner = false)
{
$data = array();
$pass = s(t(v('password')));
$pri = s(t(v('prifold')));
$stat = get_var("select 1 from users where username='******'");
if (!$stat && $this->name) {
if ($pri == 'open') {
include_once AROOT . 'controller' . DS . 'api_admin_folder.class.php';
$folder = new api_admin_folderController($this->name);
$rs = $folder->create(true, 'private');
}
$digest = md5($this->name . ':' . 'SabreDAV' . ':' . $pass);
$sql = "insert into users (username,password,digesta1) values ('" . $this->name . "','" . $pass . "','" . $digest . "')";
$db = run_sql($sql);
if ($db) {
$data['code'] = 0;
$data['data'][] = array('id' => last_id(), 'username' => $this->name, 'password' => $pass);
}
} else {
$data['code'] = 301;
$data['message'] = 'user exesit';
}
if ($inner) {
return json_encode($data);
} else {
render($data, 'rest');
}
}
function process_transaction()
{
if (isset($_GET['tx'])) {
$amount = $_GET['amt'];
$currency = $_GET['cc'];
$transaction = $_GET['tx'];
$status = $_GET['st'];
$total = 0;
$item_quantity = 0;
$send_order = query("INSERT INTO orders (order_amount, order_transaction, order_currency, order_status,order_user_id ) VALUES('{$amount}', '{$transaction}','{$currency}','{$status}','{$_SESSION['user_id']}')");
$last_id = last_id();
confirm($send_order);
foreach ($_SESSION as $name => $value) {
if ($value > 0) {
if (substr($name, 0, 8) == "product_") {
$length = strlen($name - 8);
$id = sanitize(substr($name, 8, $length));
$query = query("SELECT * FROM products WHERE p_id = {$id}");
confirm($query);
while ($row = fetch_array($query)) {
$pprice = $row['pprice'];
$sub = $row['pprice'] * $value;
$pprice = $row['pprice'];
$item_quantity += $value;
$srt = strtoupper(str_replace("_", " ", "{$row['pname']}"));
$new_quant = $row['pquant'] - $value;
$update_product_quant = query("UPDATE products SET pquant = '{$new_quant}' WHERE p_id = {$id} ");
confirm($update_product_quant);
$insert_report = query("INSERT INTO reports (p_id,order_id,pname, pprice, pquant,report_user_id) VALUES('{$id}','{$last_id}','{$srt}','{$pprice}','{$value}','{$_SESSION['user_id']}')");
confirm($insert_report);
}
$total += $sub;
$item_quantity;
}
}
}
} else {
//redirectjava('/');
}
}
function teilnahme_einzugsverfahren_eingeben($mv_id, $konto_inh, $konto_nr, $blz, $bankname, $art, $ja_nein)
{
// echo "<h1>JA NEIN $ja_nein</h1>";
/* Einzugsermächtigung */
$last_id = last_id('DETAIL');
$last_id = $last_id + 1;
$db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Einzugsermächtigung', '{$ja_nein}', '', '1', 'MIETVERTRAG', '{$mv_id}')";
$resultat = mysql_query($db_abfrage) or die(mysql_error());
$last_dat = mysql_insert_id();
protokollieren('DETAIL', $last_dat, '0');
/* Einzugsart */
$last_id = last_id('DETAIL');
$last_id = $last_id + 1;
$db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Autoeinzugsart', '{$art}', '', '1', 'MIETVERTRAG', '{$mv_id}')";
$resultat = mysql_query($db_abfrage) or die(mysql_error());
$last_dat = mysql_insert_id();
protokollieren('DETAIL', $last_dat, '0');
/* Kontoinhaber-AutoEinzug */
$last_id = last_id('DETAIL');
$last_id = $last_id + 1;
$db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Kontoinhaber-AutoEinzug', '{$konto_inh}', '', '1', 'MIETVERTRAG', '{$mv_id}')";
$resultat = mysql_query($db_abfrage) or die(mysql_error());
$last_dat = mysql_insert_id();
protokollieren('DETAIL', $last_dat, '0');
/* Kontonummer-AutoEinzug */
$last_id = last_id('DETAIL');
$last_id = $last_id + 1;
$db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Kontonummer-AutoEinzug', '{$konto_nr}', '', '1', 'MIETVERTRAG', '{$mv_id}')";
$resultat = mysql_query($db_abfrage) or die(mysql_error());
$last_dat = mysql_insert_id();
protokollieren('DETAIL', $last_dat, '0');
/* BLZ-AutoEinzug */
$last_id = last_id('DETAIL');
$last_id = $last_id + 1;
$db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'BLZ-AutoEinzug', '{$blz}', '', '1', 'MIETVERTRAG', '{$mv_id}')";
$resultat = mysql_query($db_abfrage) or die(mysql_error());
$last_dat = mysql_insert_id();
protokollieren('DETAIL', $last_dat, '0');
/* Bankname-AutoEinzug */
$last_id = last_id('DETAIL');
$last_id = $last_id + 1;
$db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Bankname-AutoEinzug', '{$bankname}', '', '1', 'MIETVERTRAG', '{$mv_id}')";
$resultat = mysql_query($db_abfrage) or die(mysql_error());
$last_dat = mysql_insert_id();
protokollieren('DETAIL', $last_dat, '0');
echo "Teilnahme am Lastschriftverfahren wurde vermerkt";
}
function add_products()
{
if (isset($_POST['publish'])) {
global $upload_directory;
$product_title = escape_string($_POST['product_title']);
$product_category_id = escape_string($_POST['product_category_id']);
$product_price = escape_string($_POST['product_price']);
$product_description = escape_string($_POST['product_description']);
$short_desc = escape_string($_POST['short_desc']);
$product_quantity = escape_string($_POST['product_quantity']);
$product_image = escape_string($_FILES['file']['name']);
$image_temp_location = stripslashes(escape_string($_FILES['file']['tmp_name']));
/*if (!move_uploaded_file($image_temp_location, UPLOAD_DIRECTORY . DS . $product_image)){
echo "エラー:".$_FILES['file']['error']."<br>";
exit;
}else{
echo "ファイル".$_FILES['file']['name']."アップロードされました.";
}*/
move_uploaded_file($image_temp_location, UPLOAD_DIRECTORY . DS . $product_image);
$query = query("INSERT INTO products(\n\t\t\t\t\t\t\t\t\t\tproduct_title,\n\t\t\t\t\t\t\t\t\t\tproduct_category_id, \n\t\t\t\t\t\t\t\t\t\tproduct_price, \n\t\t\t\t\t\t\t\t\t\tproduct_description, \n\t\t\t\t\t\t\t\t\t\tshort_desc, \n\t\t\t\t\t\t\t\t\t\tproduct_quantity, \n\t\t\t\t\t\t\t\t\t\tproduct_image\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t VALUES(\n\t\t\t\t\t\t\t\t\t\t'{$product_title}',\n\t\t\t\t\t\t\t\t\t\t'{$product_category_id}', \n\t\t\t\t\t\t\t\t\t\t'{$product_price}', \n\t\t\t\t\t\t\t\t\t\t'{$product_description}', \n\t\t\t\t\t\t\t\t\t\t'{$short_desc}', \n\t\t\t\t\t\t\t\t\t\t'{$product_quantity}', \n\t\t\t\t\t\t\t\t\t\t'{$product_image}'\n\t\t\t\t\t\t\t\t\t)");
$last_id = last_id();
confirm($query);
set_message("{$last_id} 番の新商品 {$product_title} を追加しました!");
redirect("index.php?products&p=0");
}
/*print_r($_FILES);*/
}
function insert_geldbuchung($geldkonto_id, $buchungskonto, $auszugsnr, $rechnungsnr, $v_zweck, $datum, $kostentraeger_typ, $kostentraeger_id, $betrag, $mwst_anteil = '0.00')
{
$last_id = last_id('GELD_KONTO_BUCHUNGEN');
$last_id = $last_id + 1;
/* neu */
$datum_arr = explode('-', $datum);
$jahr = $datum_arr['0'];
$b = new buchen();
$g_buchungsnummer = $b->get_last_buchungsnummer_konto($geldkonto_id, $jahr);
$g_buchungsnummer = $g_buchungsnummer + 1;
mysql_query("INSERT INTO GELD_KONTO_BUCHUNGEN VALUES(NULL, '{$last_id}', '{$g_buchungsnummer}', '{$auszugsnr}', '{$rechnungsnr}', '{$betrag}', '{$mwst_anteil}', '{$v_zweck}', '{$geldkonto_id}', '{$buchungskonto}', '{$datum}', '{$kostentraeger_typ}', '{$kostentraeger_id}', '1')");
/* Protokollieren */
$last_dat = mysql_insert_id();
protokollieren('GELD_KONTO_BUCHUNGEN', $last_dat, '0');
}
function mietdefinition_zu_details()
{
// $daten_arr = $this->alle_letzten_kaltmieten_arr();
// print_r($daten_arr);
// $daten_arr = $this->alle_letzten_nebenkosten_arr();
// $daten_arr = $this->alle_letzten_heizkosten_arr();
for ($a = 0; $a < count($daten_arr); $a++) {
$anfang = $daten_arr[$a]['ANFANG'];
$ende = $daten_arr[$a]['ENDE'];
$einheit_id = $daten_arr[$a]['EINHEIT_ID'];
$einheit_kurzname = $daten_arr[$a]['EINHEIT_KURZNAME'];
$kosten_kat = $daten_arr[$a]['KOSTENKATEGORIE'];
$einheit_betrag = $daten_arr[$a]['BETRAG'];
$last_detail_id = last_id('DETAIL');
$last_detail_id = $last_detail_id + 1;
$sql = "INSERT INTO DETAIL VALUES(NULL, '{$last_detail_id}', '{$kosten_kat}', '{$einheit_betrag}', '{$einheit_kurzname} {$anfang} bis {$ende}', '1', 'EINHEIT','{$einheit_id}')";
echo " '{$last_detail_id}', '{$kosten_kat}', '{$einheit_betrag}', '{$einheit_kurzname} {$anfang} bis {$ende}', '1', 'EINHEIT','{$einheit_id}'<br>";
// $resultat = mysql_query($sql) or
die(mysql_error());
/* Zugewiesene MIETBUCHUNG_DAT auslesen */
$last_dat = mysql_insert_id();
protokollieren('DETAIL', $last_dat, '0');
}
}
function publish_feed($content, $uid, $type = 0, $tid = 0)
{
if (is_mobile_request()) {
$device = 'mobile';
} else {
$device = 'web';
}
$tid = intval($tid);
if ($type == 2 && $tid > 0) {
$comment_count = get_var("SELECT COUNT(*) FROM `todo_history` WHERE `tid` = '" . intval($tid) . "' AND `type` = 2 ", db());
} else {
$comment_count = 0;
}
$sql = "INSERT INTO `feed` ( `content` , `tid` , `uid` , `type` ,`timeline` , `device` , `comment_count` ) VALUES ( '" . s($content) . "' , '" . intval($tid) . "', '" . intval($uid) . "' , '" . intval($type) . "' , NOW() , '" . s($device) . "' , '" . intval($comment_count) . "' )";
run_sql($sql);
$lid = last_id();
if (db_errno() != 0) {
return false;
} else {
if ($comment_count > 0 && $type == 2 && $tid > 0) {
$sql = "UPDATE `feed` SET `comment_count` = '" . intval($comment_count) . "' WHERE `tid` = '" . intval($tid) . "' AND `comment_count` != '" . intval($comment_count) . "' ";
run_sql($sql);
}
return $lid;
}
}
/**
* 为Feed添加评论
*
*
* @param string token , 必填
* @param string fid - 必填
* @param string text - 必填
* @return feed array
* @author EasyChen
*/
public function feed_add_comment($text = false, $fid = false)
{
if (!$text) {
$content = $text = z(t(v('text')));
}
if (!not_empty($content)) {
return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'TEXT'));
}
if (!$fid) {
$fid = intval(v('fid'));
}
if (intval($fid) < 1) {
return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'FID'));
}
$finfo = get_line("SELECT * FROM `feed` WHERE `id` = '" . intval($fid) . "' LIMIT 1");
if (is_mobile_request()) {
$device = 'mobile';
} else {
$device = 'web';
}
$sql = "INSERT INTO `comment` ( `fid` , `uid` , `content` , `timeline` , `device` ) \n\t\tVALUES ( '" . intval($fid) . "' , '" . intval($_SESSION['uid']) . "' , '" . s($content) . "' , NOW() , '" . s($device) . "' ) ";
run_sql($sql);
if (db_errno() != 0) {
return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . mysql_error());
} else {
$lid = last_id();
// feed表comment_count计数增加
$count = get_var("SELECT COUNT(*) FROM `comment` WHERE `fid` = '" . intval($fid) . "' ", db());
$sql = "UPDATE `feed` SET `comment_count` = '" . intval($count) . "' WHERE `id` = '" . intval($fid) . "' LIMIT 1";
run_sql($sql);
// 向Feed作者发通知
if ($finfo['uid'] != uid()) {
send_notice($finfo['uid'], __('API_TEXT_COMMENT_FEED_OWNED', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), 'count' => $count));
}
// 向参与了该Feed讨论的同学发送通知
$sql = "SELECT `uid` FROM `comment` WHERE `fid`= '" . intval($fid) . "' ";
if ($uitems = get_data($sql)) {
foreach ($uitems as $uitem) {
if ($uitem['uid'] != uid() && $uitem['uid'] != $finfo['uid']) {
$myuids[] = $uitem['uid'];
}
}
}
if (isset($myuids)) {
$myuids = array_unique($myuids);
foreach ($myuids as $muid) {
send_notice($muid, __('API_TEXT_COMMENT_FEED_IN', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), 'count' => $count));
}
}
// 向被@的同学,发送通知
if ($ats = find_at($content)) {
$sql = "SELECT `id` FROM `user` WHERE ";
foreach ($ats as $at) {
$at = z(t($at));
if ($gname = get_group_names()) {
if (in_array(strtoupper($at), $gname)) {
if ($ndata = get_group_unames($at)) {
foreach ($ndata as $nname) {
$names[] = $nname;
}
}
} else {
$names[] = $at;
}
} else {
$names[] = $at;
}
}
foreach ($names as $at) {
$at = z(t($at));
if (mb_strlen($at, 'UTF-8') < 2) {
continue;
}
$wsql[] = " `name` = '" . s(t($at)) . "' ";
if (c('at_short_name')) {
if (mb_strlen($at, 'UTF-8') == 2) {
$wsql[] = " `name` LIKE '_" . s($at) . "' ";
}
}
}
if (isset($wsql) && is_array($wsql)) {
$sql = $sql . join(' OR ', $wsql);
if ($udata = get_data($sql)) {
foreach ($udata as $uitem) {
$myuids[] = $uitem['id'];
}
if (isset($myuids) && is_array($myuids)) {
$myuids = array_unique($myuids);
foreach ($myuids as $muid) {
if ($muid != uid() && $muid != $finfo['uid']) {
send_notice($muid, __('API_TEXT_AT_IN_CAST_COMMENT', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), $count));
}
}
}
}
}
}
if ($comment = get_line("SELECT * FROM `comment` WHERE `id` = '" . intval($lid) . "' LIMIT 1", db())) {
$comment['user'] = get_user_info_by_id($_SESSION['uid']);
return self::send_result($comment);
} else {
if (db_errno() != 0) {
return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . mysql_error());
} else {
return self::send_error(LR_API_DB_EMPTY_RESULT, __('API_MESSAGE_EMPTY_RESULT_DATA'));
}
}
}
}
public function index()
{
//print_r( $_REQUEST );
$table = z(t(v('_table')));
$action = z(t(v('_interface')));
if (strlen($table) < 1 || strlen($action) < 1) {
return $this->send_error(LR_API_ARGS_ERROR, 'BAD ARGS');
}
// user define code
if ($my_code = get_var("SELECT `code` FROM `__meta_code` WHERE `table` = '" . s($table) . "' AND `action` = '" . s($action) . "' LIMIT 1")) {
return eval($my_code);
exit;
}
// check table
$tables = get_table_list(db());
if (!in_array($table, $tables)) {
return $this->send_error(LR_API_ARGS_ERROR, 'TABLE NOT EXISTS');
}
if ($table == c('token_table_name') && $action == 'get_token') {
return $this->get_token();
}
$fields = get_fields($table);
$kv = new SaeKV();
$kv->init();
$ainfo = unserialize($kv->get('msetting_' . $table . '_' . $action));
$in_code = $kv->get('iosetting_input_' . $table . '_' . $action);
$out_code = $kv->get('iosetting_output_' . $table . '_' . $action);
// run user defined input fliter
if (strlen($in_code) > 0) {
eval($in_code);
}
if ($ainfo['on'] != 1) {
return $this->send_error(LR_API_ARGS_ERROR, 'API NOT AVAILABLE');
}
if ($ainfo['public'] != 1) {
$this->check_token();
}
$requires = array();
$inputs = array();
$outs = array();
$likes = array();
$equal = array();
foreach ($fields as $field) {
$finfo = unserialize($kv->get('msetting_' . $table . '_' . $action . '_' . $field));
if ($finfo['required'] == 1) {
$requires[] = $field;
}
if ($finfo['input'] == 1) {
$inputs[] = $field;
}
if ($finfo['output'] == 1) {
$outputs[] = $field;
}
if ($finfo['like'] == 1) {
$likes[] = $field;
}
if ($finfo['equal'] == 1) {
$equals[] = $field;
}
}
// check require
if (count($requires) > 0) {
foreach ($requires as $require) {
if (strlen(v($require)) < 1) {
return $this->send_error(LR_API_ARGS_ERROR, z(t($require)) . ' FIELD REQUIRED');
}
}
}
// build sql
switch ($action) {
case 'insert':
if (count($inputs) < 1) {
$this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST');
}
if (count($outputs) < 1) {
$this->send_error(LR_API_ARGS_ERROR, 'OUTPUT MUST HAS 1 FIELD AT LEAST');
}
foreach ($inputs as $input) {
$dsql[] = "'" . s(v($input)) . "'";
}
$sql = "INSERT INTO `" . s($table) . "` ( " . rjoin(' , ', '`', $inputs) . " ) VALUES ( " . join(' , ', $dsql) . " )";
//echo $sql;
run_sql($sql);
if (mysql_errno() != 0) {
$this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
}
$lid = last_id();
if ($lid < 1) {
$this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
}
if (!($data = get_data("SELECT " . rjoin(' , ', '`', $outputs) . " FROM `" . s($table) . "` WHERE `id` = '" . intval($lid) . "'", db()))) {
$this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
} else {
if (strlen($out_code) > 0) {
eval($out_code);
}
$this->send_result($data);
}
break;
case 'update':
if (count($inputs) < 1) {
return $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST');
}
if (count($requires) < 1) {
return $this->send_error(LR_API_ARGS_ERROR, 'REQUIRE MUST HAS 1 FIELD AT LEAST');
}
foreach ($inputs as $input) {
if (!in_array($input, $likes) && !in_array($input, $equals)) {
if (isset($_REQUEST[$input])) {
$dsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' ";
}
} else {
if (in_array($input, $likes)) {
$wsql[] = " `" . s($input) . "` LIKE '%" . s(v($input)) . "%' ";
} else {
$wsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' ";
}
}
}
if (!isset($dsql) || !isset($wsql)) {
return $this->send_error(LR_API_ARGS_ERROR, 'INPUT AND LIKE/EQUALS MUST HAS 1 FIELD AT LEAST');
}
$sql = "UPDATE `" . s($table) . "` SET " . join(' , ', $dsql) . ' WHERE ' . join(' AND ', $wsql);
//echo $sql ;
run_sql($sql);
if (mysql_errno() != 0) {
$this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
}
$lid = intval(v('id'));
if ($lid < 1) {
$this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
}
if (!($data = get_data("SELECT " . rjoin(' , ', '`', $outputs) . " FROM `" . s($table) . "` WHERE `id` = '" . intval($lid) . "'"))) {
$this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
} else {
if (strlen($out_code) > 0) {
eval($out_code);
}
$this->send_result($data);
}
break;
case 'remove':
if (count($inputs) < 1) {
return $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST');
}
if (count($requires) < 1) {
return $this->send_error(LR_API_ARGS_ERROR, 'REQUIRE MUST HAS 1 FIELD AT LEAST');
}
foreach ($inputs as $input) {
if (in_array($input, $likes)) {
$wsql[] = " `" . s($input) . "` LIKE '%" . s(v($input)) . "%' ";
} elseif (in_array($input, $equals)) {
$wsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' ";
}
}
if (!isset($wsql)) {
return $this->send_error(LR_API_ARGS_ERROR, 'INPUT AND LIKE/EQUALS MUST HAS 1 FIELD AT LEAST');
}
if (count($outputs) > 0) {
$sql = "SELECT " . rjoin(',', '`', $outputs) . " FROM `" . s($table) . "` WHERE " . join(' AND ', $wsql);
$data = get_line($sql);
if (mysql_errno() != 0) {
return $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
}
}
$sql = "DELETE FROM `" . s($table) . "` WHERE " . join(' AND ', $wsql);
run_sql($sql);
if (mysql_errno() != 0) {
$this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
} else {
if (count($outputs) < 1) {
return $this->send_result(array('msg' => 'ok'));
} else {
if (strlen($out_code) > 0) {
eval($out_code);
}
return $this->send_result($data);
}
}
break;
case 'list':
default:
$since_id = intval(v('since_id'));
$max_id = intval(v('max_id'));
$count = intval(v('count'));
$order = strtolower(z(t(v('ord'))));
$by = strtolower(z(t(v('by'))));
if ($order == 'asc') {
$ord = ' ASC ';
} else {
$ord = ' DESC ';
}
if (strlen($by) > 0) {
$osql = ' ORDER BY `' . s($by) . '` ' . $ord . ' ';
} else {
$osql = '';
}
if ($count < 1) {
$count = 10;
}
if ($count > 100) {
$count = 100;
}
if (count($outputs) < 1) {
$this->send_error(LR_API_ARGS_ERROR, 'OUTPUT MUST HAS 1 FIELD AT LEAST');
}
$sql = "SELECT " . rjoin(',', '`', $outputs) . " FROM `" . s($table) . "` WHERE 1 ";
if ($since_id > 0) {
$wsql = " AND `id` > '" . intval($since_id) . "' ";
} elseif ($max_id > 0) {
$wsql = " AND `id` < '" . intval($max_id) . "' ";
}
if (count($inputs) > 0 && count($likes) + count($equals) > 0) {
// AND `xxx` == $xxx
if (count($likes) > 0) {
foreach ($likes as $like) {
if (z(t(v($like))) != '') {
$wwsql[] = " AND `" . s($like) . "` LIKE '%" . s(v($like)) . "%' ";
}
}
}
if (count($equals) > 0) {
foreach ($equals as $equal) {
if (z(t(v($equal))) != '') {
$wwsql[] = " AND `" . s($equal) . "` = '" . s(v($equal)) . "' ";
}
}
}
if (isset($wwsql)) {
$wsql = $wsql . join(' ', $wwsql);
}
}
$sql = $sql . $wsql . $osql . " LIMIT " . $count;
//echo $sql;
if ($idata = get_data($sql)) {
$first = reset($idata);
$max_id = $first['id'];
$min_id = $first['id'];
foreach ($idata as $item) {
if ($item['id'] > $max_id) {
$max_id = $item['id'];
}
if ($item['id'] < $min_id) {
$min_id = $item['id'];
}
}
$data = array('items' => $idata, 'max_id' => $max_id, 'min_id' => $min_id);
} else {
$data = $idata;
}
if (mysql_errno() != 0) {
return $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
} else {
if (strlen($out_code) > 0) {
eval($out_code);
}
return $this->send_result($data);
}
}
//return $this->send_error( LR_API_ARGS_ERROR , 'FIELD NOT EXISTS' );
}
function insert_geldbuchung($geldkonto_id, $buchungskonto, $auszugsnr, $rechnungsnr, $v_zweck, $datum, $kostentraeger_typ, $kostentraeger_id, $betrag)
{
$last_id = last_id('GELD_KONTO_BUCHUNGEN');
$last_id = $last_id + 1;
mysql_query("INSERT INTO GELD_KONTO_BUCHUNGEN VALUES(NULL, '{$last_id}', '{$auszugsnr}', '{$rechnungsnr}', '{$betrag}', '{$v_zweck}', '{$geldkonto_id}', '{$buchungskonto}', '{$datum}', '{$kostentraeger_typ}', '{$kostentraeger_id}', '1')");
// echo "'$last_id', '$auszugsnr', '$betrag', '$v_zweck', '$geldkonto_id', '$buchungskonto', '$datum', '$kostentraeger_typ', '$kostentraeger_id' <b>1</b><br>";
}
function add_product()
{
if (isset($_POST['publish']) && empty($_POST['publish']) === false) {
$product_title = escape_string($_POST['product_title']);
$srt = str_replace(" ", "_", "{$product_title}");
$product_category_id = escape_string($_POST['product_category_id']);
$product_price = escape_string($_POST['product_price']);
$product_description = escape_string($_POST['product_description']);
$product_quantity = escape_string($_POST['product_quantity']);
$product_image = escape_string($_FILES['file']['name']);
$image_temp_location = $_FILES['file']['tmp_name'];
$uploads_dir = uploads_dir($product_category_id);
$uploads_dirs = $uploads_dir . $product_image;
move_uploaded_file($image_temp_location, $uploads_dirs);
$query = query("INSERT INTO products(pname, product_cat_id, pprice, pdesc, pquant, pimage) VALUES('{$srt}', '{$product_category_id}', '{$product_price}', '{$product_description}', '{$product_quantity}', '{$uploads_dirs}')");
$last_id = last_id();
confirm($query);
set_message("New Product was Added <a href=" . $product_title . " target=\"_blank\">View Product</a>");
}
}
function board_list_add()
{
$board_id = intval(v('board_id'));
$name = s(z(t(v('name'))));
if (!has_board_permission_by_id($board_id)) {
return apiController::send_error(6007, 'no permission');
}
if (!run_sql("insert into board_list(name,board_id) values('{$name}','{$board_id}')")) {
return apiController::send_error(6008, 'add list failed');
} else {
return apiController::send_result(last_id());
}
}
function process_transaction()
{
global $conn;
if (isset($_GET['tx'])) {
$amount = $_GET['amt'];
$currency = $_GET['cc'];
$transaction = $_GET['tx'];
$status = $_GET['st'];
$order_date = date("Y-m-d");
$order_time = date("H:i:s");
$report_date = date("Y-m-d");
$report_time = date("H:i:s");
$total = 0;
$item_quantity = 0;
$price = 0;
foreach ($_SESSION as $name => $value) {
if ($value > 0) {
if (substr($name, 0, 8) == "product_") {
$length = strlen($name - 8);
$id = substr($name, 8, $length);
$send_order = query("INSERT INTO orders (order_amount, order_transaction, order_status, order_currency, order_date, order_time) \n\t\t\t\t\t\t\t\t\t\tVALUES ('{$amount}','{$transaction}','{$status}','{$currency}','{$order_date}','{$order_time}')");
$last_id = last_id();
confirm($send_order);
$query = query("SELECT * FROM products WHERE product_id=" . escape_string($id) . " ");
confirm($query);
while ($row = fetch_array($query)) {
$product_title = $row['product_title'];
$product_price = $row['product_price'];
$price = number_format($product_price);
$product_sub = $row['product_price'] * $value;
$sub = number_format($product_sub);
$item_quantity += $value;
$insert_report = query("INSERT INTO reports (product_id, order_id, product_title, product_price, product_quantity, report_date, report_time) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES ('{$id}','{$last_id}','{$product_title}','{$product_price}','{$value}','{$report_date}','{$report_time}')");
confirm($insert_report);
/*111111*/
$new_quantity = $row['product_quantity'] - $value;
$product_query = query("UPDATE products SET product_quantity = '{$new_quantity}' WHERE product_id=" . $row['product_id'] . " ");
confirm($product_query);
/*1111111*/
}
number_format($total += $product_sub);
/*echo $item_quantity;*/
}
}
}
session_destroy();
} else {
redirect("../index.php");
}
}
<?php
include_once "util/top_foot_inc.php";
//include ("includes/caching.php");
//include ("includes/versetto.php");
top();
$data = <<<EOD
<br><br><br><br>
<div class="testo_18" style="position:static;margin:auto;width:450px;" >
EOD;
echo $data;
$data = addslashes(trim($_POST['omg']));
$ip = $_SERVER["REMOTE_ADDR"];
$sql = "INSERT INTO `聖書`.`request` (`testo`,`ip`) VALUES ('{$data}','{$ip}');";
mysql_queryconerror($sql, $db);
$rif = last_id();
echo "Richiesta inserita con riferimento {$rif} <br> Grazie della collaborazione </div> <br><br><br><br>";
foot();
function api_checklist_add()
{
$content = z(t(v('text')));
if (!not_empty($content)) {
return apiController::send_error(LR_API_ARGS_ERROR, 'TEXT CAN\'T EMPTY');
}
$tid = intval(v('tid'));
if (intval($tid) < 1) {
return apiController::send_error(LR_API_ARGS_ERROR, 'TID NOT EXISTS');
}
// check user
$tinfo = get_todo_info_by_id($tid);
if (intval($tinfo['details']['is_public']) == 0 && uid() != $tinfo['owner_uid']) {
return apiController::send_error(LR_API_FORBIDDEN, 'ONLY PUBLIC TODO CAN ADD CHECKLIST BY OTHERS');
}
$sql = "INSERT INTO `checklist` ( `tid` , `title` , `content` , `timeline` , `uid` ) VALUES ( '" . intval($tid) . "' , '" . s($content) . "' , '" . s($content) . "' , NOW() , '" . intval(uid()) . "' ) ";
run_sql($sql);
if (db_errno() != 0) {
return apiController::send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error());
} else {
return apiController::send_result(get_line("SELECT * FROM `checklist` WHERE `id` = '" . intval(last_id()) . "' LIMIT 1", db()));
}
}
$result = queries("{$command} {$query}" . ($_POST["all"] ? $where ? "\nWHERE " . implode(" AND ", $where) : "" : "\nWHERE {$where_check}"));
$affected = $connection->affected_rows;
} else {
foreach ((array) $_POST["check"] as $val) {
// where is not unique so OR can't be used
$result = queries($command . limit1($query, "\nWHERE " . where_check($val)));
if (!$result) {
break;
}
$affected += $connection->affected_rows;
}
}
}
$message = lang('%d item(s) have been affected.', $affected);
if ($_POST["clone"] && $result && $affected == 1) {
$last_id = last_id();
if ($last_id) {
$message = lang('Item%s has been inserted.', " {$last_id}");
}
}
queries_redirect(remove_from_uri("page"), $message, $result);
//! display edit page in case of an error
} elseif (!$_POST["import"]) {
// modify
if (!$_POST["val"]) {
$error = lang('Double click on a value to modify it.');
} else {
$result = true;
$affected = 0;
foreach ($_POST["val"] as $unique_idf => $row) {
$set = array();
function note_add()
{
$content = s(t(z(v('content'))));
echo run_sql("insert into note(uid,content) values('" . uid() . "','{$content}')") ? apiController::send_result(array('id' => last_id())) : apiController::send_error(5001, 'note add failed');
}
$send = "";
if ($_FILES['upload']['name'] != "" && ($extension == "php" || $extension == "php3" || $extension == "phtml")) {
$error3 .= $strings["no_php"] . "<br/>";
$send = "false";
}
}
if ($_FILES['upload']['name'] != "" && $_FILES['upload']['size'] < $maxFileSize && $_FILES['upload']['size'] != 0 && $send != "false") {
$docopy = "true";
}
//Insert details into Database
if ($docopy == "true") {
$comments = convertData($comments);
$tmpquery = "INSERT INTO " . $tableCollab["files"] . "(owner,project,task,comments,upload,published,status,vc_status,vc_parent,phase) VALUES('{$idSession}','{$project}','{$task}','{$c}','{$dateheure}','0','2','0','{$parent}','0')";
connectSql("{$tmpquery}");
$tmpquery = $tableCollab["files"];
last_id($tmpquery);
$num = $lastId[0];
unset($lastId);
}
if ($task != "0") {
if ($docopy == "true") {
uploadFile("files/{$project}/{$task}", $_FILES['upload']['tmp_name'], $upload_name);
$size = file_info_size("../files/{$project}/{$task}/{$upload_name}");
//$dateFile = file_info_date("../files/$project/$task/$upload_name");
$chaine = strrev("../files/{$project}/{$task}/{$upload_name}");
$tab = explode(".", $chaine);
$extension = strtolower(strrev($tab[0]));
}
} else {
if ($docopy == "true") {
uploadFile("files/{$project}", $_FILES['upload']['tmp_name'], $upload_name);
echo "<form method=\"post\" action=\"index.php\">\n\t\t\tLogin: <input style=\"margin-left: 12px; width: 120px;\" type=\"text\" name=\"login\"/><br />\n\t\t\tHasło: <input style=\"margin-left: 11px;width: 120px;\" type=\"password\" name=\"password\"/><br/>\n\t\t\t<input type=\"submit\" name=\"reg\" value=\"Zaloguj\">\n\t\t\t</form>";
}
}
}
?>
</div>
</div>
<div id="reg_fix">
<div id="reg_show">
<?php
if (isset($_POST['login']) && isset($_POST['password']) && !isset($_COOKIE['MyCookie']) && !isset($_COOKIE['Auth'])) {
$login = $_POST['login'];
$pass = $_POST['password'];
if (check_login($login) && strlen($pass) >= 6 && !check_if_exists($login)) {
$plik = fopen("data/conf/users.conf", "a");
$id = last_id() + 1;
if (fwrite($plik, $id . "||" . $login . "||" . md5("S417" . $id . "" . substr($login, 0, 3) . "" . $pass) . "||\n")) {
echo "Rejestracja zakończona pomyślnie!<br />";
} else {
echo "Błąd rejestracji!<br />";
}
fclose($plik);
$ref = $_SERVER['HTTP_REFERER'];
header("Location: " . $ref);
} else {
$ref = $_SERVER['HTTP_REFERER'];
header("Location: " . $ref);
echo "Nieprawidłowy login lub hasło!<br />";
}
} else {
if (isset($_POST['login']) && isset($_POST['password']) && isset($_COOKIE['MyCookie']) && isset($_COOKIE['PHPSESSID']) && isset($_COOKIE['Auth']) && check_cookie($_COOKIE['MyCookie'], $_COOKIE['PHPSESSID'], $_COOKIE['Auth'])) {
} else {
$set = array();
foreach ($fields as $name => $field) {
$val = process_input($field);
if ($val !== false && $val !== null) {
$set[idf_escape($name)] = $update ? "\n" . idf_escape($name) . " = {$val}" : $val;
}
}
if ($update) {
if (!$set) {
redirect($location);
}
query_redirect("UPDATE" . limit1(table($TABLE) . " SET" . implode(",", $set), "\nWHERE {$where}"), $location, array(lang('Item has been updated.'), 'success'));
} else {
$result = insert_into($TABLE, $set);
$last_id = $result ? last_id() : 0;
queries_redirect($location, array(lang('Item%s has been inserted.', $last_id ? " {$last_id}" : ""), 'success'), $result);
//! link
}
}
}
$table_name = $adminer->tableName(table_status($TABLE));
page_header($update ? lang('Edit') : lang('Insert'), $error, array("select" => array($TABLE, $table_name)), $table_name);
$adminer->selectLinks($table_status, '');
// @todo are params OK?
$row = null;
if ($_POST["save"]) {
$row = (array) $_POST["fields"];
} elseif ($where) {
$select = array();
foreach ($fields as $name => $field) {
<?php
include "inc/connect.php";
include "inc/functions.php";
include "inc/PHPMailer/PHPMailerAutoload.php";
$mail_user = nettoyage($_POST["user_mail"]);
$date = date("Y-m-d H:i:s");
$privilege = 'client';
insert_mail($connexion, $mail_user, $date, $privilege);
$user_id = last_id($connexion);
$message = "<a href=http://localhost/php_exam/activate.php?id=" . $user_id[0]["id"] . ">validation</a>";
$mail = new PHPMailer();
//$mail->SMTPDebug = 3; // Enable verbose debug output
$mail->isSMTP();
// Set mailer to use SMTP
$mail->Host = 'smtp.mandrillapp.com';
// Specify main and backup SMTP servers
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->Username = '******';
// SMTP username
$mail->Password = '******';
// SMTP password
$mail->SMTPSecure = 'tls';
// Enable TLS encryption, `ssl` also accepted
$mail->Port = 587;
// TCP port to connect to
$mail->setFrom('*****@*****.**', 'Mailer');
$mail->addAddress($mail_user, 'Joe User');
// Add a recipient
$mail->addAttachment('/var/tmp/file.tar.gz');
