function create($inner = false) { $data = array(); $pass = s(t(v('password'))); $pri = s(t(v('prifold'))); $stat = get_var("select 1 from users where username='******'"); if (!$stat && $this->name) { if ($pri == 'open') { include_once AROOT . 'controller' . DS . 'api_admin_folder.class.php'; $folder = new api_admin_folderController($this->name); $rs = $folder->create(true, 'private'); } $digest = md5($this->name . ':' . 'SabreDAV' . ':' . $pass); $sql = "insert into users (username,password,digesta1) values ('" . $this->name . "','" . $pass . "','" . $digest . "')"; $db = run_sql($sql); if ($db) { $data['code'] = 0; $data['data'][] = array('id' => last_id(), 'username' => $this->name, 'password' => $pass); } } else { $data['code'] = 301; $data['message'] = 'user exesit'; } if ($inner) { return json_encode($data); } else { render($data, 'rest'); } }
function process_transaction() { if (isset($_GET['tx'])) { $amount = $_GET['amt']; $currency = $_GET['cc']; $transaction = $_GET['tx']; $status = $_GET['st']; $total = 0; $item_quantity = 0; $send_order = query("INSERT INTO orders (order_amount, order_transaction, order_currency, order_status,order_user_id ) VALUES('{$amount}', '{$transaction}','{$currency}','{$status}','{$_SESSION['user_id']}')"); $last_id = last_id(); confirm($send_order); foreach ($_SESSION as $name => $value) { if ($value > 0) { if (substr($name, 0, 8) == "product_") { $length = strlen($name - 8); $id = sanitize(substr($name, 8, $length)); $query = query("SELECT * FROM products WHERE p_id = {$id}"); confirm($query); while ($row = fetch_array($query)) { $pprice = $row['pprice']; $sub = $row['pprice'] * $value; $pprice = $row['pprice']; $item_quantity += $value; $srt = strtoupper(str_replace("_", " ", "{$row['pname']}")); $new_quant = $row['pquant'] - $value; $update_product_quant = query("UPDATE products SET pquant = '{$new_quant}' WHERE p_id = {$id} "); confirm($update_product_quant); $insert_report = query("INSERT INTO reports (p_id,order_id,pname, pprice, pquant,report_user_id) VALUES('{$id}','{$last_id}','{$srt}','{$pprice}','{$value}','{$_SESSION['user_id']}')"); confirm($insert_report); } $total += $sub; $item_quantity; } } } } else { //redirectjava('/'); } }
function teilnahme_einzugsverfahren_eingeben($mv_id, $konto_inh, $konto_nr, $blz, $bankname, $art, $ja_nein) { // echo "<h1>JA NEIN $ja_nein</h1>"; /* Einzugsermächtigung */ $last_id = last_id('DETAIL'); $last_id = $last_id + 1; $db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Einzugsermächtigung', '{$ja_nein}', '', '1', 'MIETVERTRAG', '{$mv_id}')"; $resultat = mysql_query($db_abfrage) or die(mysql_error()); $last_dat = mysql_insert_id(); protokollieren('DETAIL', $last_dat, '0'); /* Einzugsart */ $last_id = last_id('DETAIL'); $last_id = $last_id + 1; $db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Autoeinzugsart', '{$art}', '', '1', 'MIETVERTRAG', '{$mv_id}')"; $resultat = mysql_query($db_abfrage) or die(mysql_error()); $last_dat = mysql_insert_id(); protokollieren('DETAIL', $last_dat, '0'); /* Kontoinhaber-AutoEinzug */ $last_id = last_id('DETAIL'); $last_id = $last_id + 1; $db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Kontoinhaber-AutoEinzug', '{$konto_inh}', '', '1', 'MIETVERTRAG', '{$mv_id}')"; $resultat = mysql_query($db_abfrage) or die(mysql_error()); $last_dat = mysql_insert_id(); protokollieren('DETAIL', $last_dat, '0'); /* Kontonummer-AutoEinzug */ $last_id = last_id('DETAIL'); $last_id = $last_id + 1; $db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Kontonummer-AutoEinzug', '{$konto_nr}', '', '1', 'MIETVERTRAG', '{$mv_id}')"; $resultat = mysql_query($db_abfrage) or die(mysql_error()); $last_dat = mysql_insert_id(); protokollieren('DETAIL', $last_dat, '0'); /* BLZ-AutoEinzug */ $last_id = last_id('DETAIL'); $last_id = $last_id + 1; $db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'BLZ-AutoEinzug', '{$blz}', '', '1', 'MIETVERTRAG', '{$mv_id}')"; $resultat = mysql_query($db_abfrage) or die(mysql_error()); $last_dat = mysql_insert_id(); protokollieren('DETAIL', $last_dat, '0'); /* Bankname-AutoEinzug */ $last_id = last_id('DETAIL'); $last_id = $last_id + 1; $db_abfrage = "INSERT INTO DETAIL VALUES (NULL, '{$last_id}', 'Bankname-AutoEinzug', '{$bankname}', '', '1', 'MIETVERTRAG', '{$mv_id}')"; $resultat = mysql_query($db_abfrage) or die(mysql_error()); $last_dat = mysql_insert_id(); protokollieren('DETAIL', $last_dat, '0'); echo "Teilnahme am Lastschriftverfahren wurde vermerkt"; }
function add_products() { if (isset($_POST['publish'])) { global $upload_directory; $product_title = escape_string($_POST['product_title']); $product_category_id = escape_string($_POST['product_category_id']); $product_price = escape_string($_POST['product_price']); $product_description = escape_string($_POST['product_description']); $short_desc = escape_string($_POST['short_desc']); $product_quantity = escape_string($_POST['product_quantity']); $product_image = escape_string($_FILES['file']['name']); $image_temp_location = stripslashes(escape_string($_FILES['file']['tmp_name'])); /*if (!move_uploaded_file($image_temp_location, UPLOAD_DIRECTORY . DS . $product_image)){ echo "エラー:".$_FILES['file']['error']."<br>"; exit; }else{ echo "ファイル".$_FILES['file']['name']."アップロードされました."; }*/ move_uploaded_file($image_temp_location, UPLOAD_DIRECTORY . DS . $product_image); $query = query("INSERT INTO products(\n\t\t\t\t\t\t\t\t\t\tproduct_title,\n\t\t\t\t\t\t\t\t\t\tproduct_category_id, \n\t\t\t\t\t\t\t\t\t\tproduct_price, \n\t\t\t\t\t\t\t\t\t\tproduct_description, \n\t\t\t\t\t\t\t\t\t\tshort_desc, \n\t\t\t\t\t\t\t\t\t\tproduct_quantity, \n\t\t\t\t\t\t\t\t\t\tproduct_image\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t VALUES(\n\t\t\t\t\t\t\t\t\t\t'{$product_title}',\n\t\t\t\t\t\t\t\t\t\t'{$product_category_id}', \n\t\t\t\t\t\t\t\t\t\t'{$product_price}', \n\t\t\t\t\t\t\t\t\t\t'{$product_description}', \n\t\t\t\t\t\t\t\t\t\t'{$short_desc}', \n\t\t\t\t\t\t\t\t\t\t'{$product_quantity}', \n\t\t\t\t\t\t\t\t\t\t'{$product_image}'\n\t\t\t\t\t\t\t\t\t)"); $last_id = last_id(); confirm($query); set_message("{$last_id} 番の新商品 {$product_title} を追加しました!"); redirect("index.php?products&p=0"); } /*print_r($_FILES);*/ }
function insert_geldbuchung($geldkonto_id, $buchungskonto, $auszugsnr, $rechnungsnr, $v_zweck, $datum, $kostentraeger_typ, $kostentraeger_id, $betrag, $mwst_anteil = '0.00') { $last_id = last_id('GELD_KONTO_BUCHUNGEN'); $last_id = $last_id + 1; /* neu */ $datum_arr = explode('-', $datum); $jahr = $datum_arr['0']; $b = new buchen(); $g_buchungsnummer = $b->get_last_buchungsnummer_konto($geldkonto_id, $jahr); $g_buchungsnummer = $g_buchungsnummer + 1; mysql_query("INSERT INTO GELD_KONTO_BUCHUNGEN VALUES(NULL, '{$last_id}', '{$g_buchungsnummer}', '{$auszugsnr}', '{$rechnungsnr}', '{$betrag}', '{$mwst_anteil}', '{$v_zweck}', '{$geldkonto_id}', '{$buchungskonto}', '{$datum}', '{$kostentraeger_typ}', '{$kostentraeger_id}', '1')"); /* Protokollieren */ $last_dat = mysql_insert_id(); protokollieren('GELD_KONTO_BUCHUNGEN', $last_dat, '0'); }
function mietdefinition_zu_details() { // $daten_arr = $this->alle_letzten_kaltmieten_arr(); // print_r($daten_arr); // $daten_arr = $this->alle_letzten_nebenkosten_arr(); // $daten_arr = $this->alle_letzten_heizkosten_arr(); for ($a = 0; $a < count($daten_arr); $a++) { $anfang = $daten_arr[$a]['ANFANG']; $ende = $daten_arr[$a]['ENDE']; $einheit_id = $daten_arr[$a]['EINHEIT_ID']; $einheit_kurzname = $daten_arr[$a]['EINHEIT_KURZNAME']; $kosten_kat = $daten_arr[$a]['KOSTENKATEGORIE']; $einheit_betrag = $daten_arr[$a]['BETRAG']; $last_detail_id = last_id('DETAIL'); $last_detail_id = $last_detail_id + 1; $sql = "INSERT INTO DETAIL VALUES(NULL, '{$last_detail_id}', '{$kosten_kat}', '{$einheit_betrag}', '{$einheit_kurzname} {$anfang} bis {$ende}', '1', 'EINHEIT','{$einheit_id}')"; echo " '{$last_detail_id}', '{$kosten_kat}', '{$einheit_betrag}', '{$einheit_kurzname} {$anfang} bis {$ende}', '1', 'EINHEIT','{$einheit_id}'<br>"; // $resultat = mysql_query($sql) or die(mysql_error()); /* Zugewiesene MIETBUCHUNG_DAT auslesen */ $last_dat = mysql_insert_id(); protokollieren('DETAIL', $last_dat, '0'); } }
function publish_feed($content, $uid, $type = 0, $tid = 0) { if (is_mobile_request()) { $device = 'mobile'; } else { $device = 'web'; } $tid = intval($tid); if ($type == 2 && $tid > 0) { $comment_count = get_var("SELECT COUNT(*) FROM `todo_history` WHERE `tid` = '" . intval($tid) . "' AND `type` = 2 ", db()); } else { $comment_count = 0; } $sql = "INSERT INTO `feed` ( `content` , `tid` , `uid` , `type` ,`timeline` , `device` , `comment_count` ) VALUES ( '" . s($content) . "' , '" . intval($tid) . "', '" . intval($uid) . "' , '" . intval($type) . "' , NOW() , '" . s($device) . "' , '" . intval($comment_count) . "' )"; run_sql($sql); $lid = last_id(); if (db_errno() != 0) { return false; } else { if ($comment_count > 0 && $type == 2 && $tid > 0) { $sql = "UPDATE `feed` SET `comment_count` = '" . intval($comment_count) . "' WHERE `tid` = '" . intval($tid) . "' AND `comment_count` != '" . intval($comment_count) . "' "; run_sql($sql); } return $lid; } }
/** * 为Feed添加评论 * * * @param string token , 必填 * @param string fid - 必填 * @param string text - 必填 * @return feed array * @author EasyChen */ public function feed_add_comment($text = false, $fid = false) { if (!$text) { $content = $text = z(t(v('text'))); } if (!not_empty($content)) { return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'TEXT')); } if (!$fid) { $fid = intval(v('fid')); } if (intval($fid) < 1) { return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'FID')); } $finfo = get_line("SELECT * FROM `feed` WHERE `id` = '" . intval($fid) . "' LIMIT 1"); if (is_mobile_request()) { $device = 'mobile'; } else { $device = 'web'; } $sql = "INSERT INTO `comment` ( `fid` , `uid` , `content` , `timeline` , `device` ) \n\t\tVALUES ( '" . intval($fid) . "' , '" . intval($_SESSION['uid']) . "' , '" . s($content) . "' , NOW() , '" . s($device) . "' ) "; run_sql($sql); if (db_errno() != 0) { return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . mysql_error()); } else { $lid = last_id(); // feed表comment_count计数增加 $count = get_var("SELECT COUNT(*) FROM `comment` WHERE `fid` = '" . intval($fid) . "' ", db()); $sql = "UPDATE `feed` SET `comment_count` = '" . intval($count) . "' WHERE `id` = '" . intval($fid) . "' LIMIT 1"; run_sql($sql); // 向Feed作者发通知 if ($finfo['uid'] != uid()) { send_notice($finfo['uid'], __('API_TEXT_COMMENT_FEED_OWNED', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), 'count' => $count)); } // 向参与了该Feed讨论的同学发送通知 $sql = "SELECT `uid` FROM `comment` WHERE `fid`= '" . intval($fid) . "' "; if ($uitems = get_data($sql)) { foreach ($uitems as $uitem) { if ($uitem['uid'] != uid() && $uitem['uid'] != $finfo['uid']) { $myuids[] = $uitem['uid']; } } } if (isset($myuids)) { $myuids = array_unique($myuids); foreach ($myuids as $muid) { send_notice($muid, __('API_TEXT_COMMENT_FEED_IN', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), 'count' => $count)); } } // 向被@的同学,发送通知 if ($ats = find_at($content)) { $sql = "SELECT `id` FROM `user` WHERE "; foreach ($ats as $at) { $at = z(t($at)); if ($gname = get_group_names()) { if (in_array(strtoupper($at), $gname)) { if ($ndata = get_group_unames($at)) { foreach ($ndata as $nname) { $names[] = $nname; } } } else { $names[] = $at; } } else { $names[] = $at; } } foreach ($names as $at) { $at = z(t($at)); if (mb_strlen($at, 'UTF-8') < 2) { continue; } $wsql[] = " `name` = '" . s(t($at)) . "' "; if (c('at_short_name')) { if (mb_strlen($at, 'UTF-8') == 2) { $wsql[] = " `name` LIKE '_" . s($at) . "' "; } } } if (isset($wsql) && is_array($wsql)) { $sql = $sql . join(' OR ', $wsql); if ($udata = get_data($sql)) { foreach ($udata as $uitem) { $myuids[] = $uitem['id']; } if (isset($myuids) && is_array($myuids)) { $myuids = array_unique($myuids); foreach ($myuids as $muid) { if ($muid != uid() && $muid != $finfo['uid']) { send_notice($muid, __('API_TEXT_AT_IN_CAST_COMMENT', array(uname(), $finfo['content'], $content)), 2, array('fid' => intval($fid), $count)); } } } } } } if ($comment = get_line("SELECT * FROM `comment` WHERE `id` = '" . intval($lid) . "' LIMIT 1", db())) { $comment['user'] = get_user_info_by_id($_SESSION['uid']); return self::send_result($comment); } else { if (db_errno() != 0) { return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . mysql_error()); } else { return self::send_error(LR_API_DB_EMPTY_RESULT, __('API_MESSAGE_EMPTY_RESULT_DATA')); } } } }
public function index() { //print_r( $_REQUEST ); $table = z(t(v('_table'))); $action = z(t(v('_interface'))); if (strlen($table) < 1 || strlen($action) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'BAD ARGS'); } // user define code if ($my_code = get_var("SELECT `code` FROM `__meta_code` WHERE `table` = '" . s($table) . "' AND `action` = '" . s($action) . "' LIMIT 1")) { return eval($my_code); exit; } // check table $tables = get_table_list(db()); if (!in_array($table, $tables)) { return $this->send_error(LR_API_ARGS_ERROR, 'TABLE NOT EXISTS'); } if ($table == c('token_table_name') && $action == 'get_token') { return $this->get_token(); } $fields = get_fields($table); $kv = new SaeKV(); $kv->init(); $ainfo = unserialize($kv->get('msetting_' . $table . '_' . $action)); $in_code = $kv->get('iosetting_input_' . $table . '_' . $action); $out_code = $kv->get('iosetting_output_' . $table . '_' . $action); // run user defined input fliter if (strlen($in_code) > 0) { eval($in_code); } if ($ainfo['on'] != 1) { return $this->send_error(LR_API_ARGS_ERROR, 'API NOT AVAILABLE'); } if ($ainfo['public'] != 1) { $this->check_token(); } $requires = array(); $inputs = array(); $outs = array(); $likes = array(); $equal = array(); foreach ($fields as $field) { $finfo = unserialize($kv->get('msetting_' . $table . '_' . $action . '_' . $field)); if ($finfo['required'] == 1) { $requires[] = $field; } if ($finfo['input'] == 1) { $inputs[] = $field; } if ($finfo['output'] == 1) { $outputs[] = $field; } if ($finfo['like'] == 1) { $likes[] = $field; } if ($finfo['equal'] == 1) { $equals[] = $field; } } // check require if (count($requires) > 0) { foreach ($requires as $require) { if (strlen(v($require)) < 1) { return $this->send_error(LR_API_ARGS_ERROR, z(t($require)) . ' FIELD REQUIRED'); } } } // build sql switch ($action) { case 'insert': if (count($inputs) < 1) { $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST'); } if (count($outputs) < 1) { $this->send_error(LR_API_ARGS_ERROR, 'OUTPUT MUST HAS 1 FIELD AT LEAST'); } foreach ($inputs as $input) { $dsql[] = "'" . s(v($input)) . "'"; } $sql = "INSERT INTO `" . s($table) . "` ( " . rjoin(' , ', '`', $inputs) . " ) VALUES ( " . join(' , ', $dsql) . " )"; //echo $sql; run_sql($sql); if (mysql_errno() != 0) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } $lid = last_id(); if ($lid < 1) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } if (!($data = get_data("SELECT " . rjoin(' , ', '`', $outputs) . " FROM `" . s($table) . "` WHERE `id` = '" . intval($lid) . "'", db()))) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (strlen($out_code) > 0) { eval($out_code); } $this->send_result($data); } break; case 'update': if (count($inputs) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST'); } if (count($requires) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'REQUIRE MUST HAS 1 FIELD AT LEAST'); } foreach ($inputs as $input) { if (!in_array($input, $likes) && !in_array($input, $equals)) { if (isset($_REQUEST[$input])) { $dsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' "; } } else { if (in_array($input, $likes)) { $wsql[] = " `" . s($input) . "` LIKE '%" . s(v($input)) . "%' "; } else { $wsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' "; } } } if (!isset($dsql) || !isset($wsql)) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT AND LIKE/EQUALS MUST HAS 1 FIELD AT LEAST'); } $sql = "UPDATE `" . s($table) . "` SET " . join(' , ', $dsql) . ' WHERE ' . join(' AND ', $wsql); //echo $sql ; run_sql($sql); if (mysql_errno() != 0) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } $lid = intval(v('id')); if ($lid < 1) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } if (!($data = get_data("SELECT " . rjoin(' , ', '`', $outputs) . " FROM `" . s($table) . "` WHERE `id` = '" . intval($lid) . "'"))) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (strlen($out_code) > 0) { eval($out_code); } $this->send_result($data); } break; case 'remove': if (count($inputs) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT MUST HAS 1 FIELD AT LEAST'); } if (count($requires) < 1) { return $this->send_error(LR_API_ARGS_ERROR, 'REQUIRE MUST HAS 1 FIELD AT LEAST'); } foreach ($inputs as $input) { if (in_array($input, $likes)) { $wsql[] = " `" . s($input) . "` LIKE '%" . s(v($input)) . "%' "; } elseif (in_array($input, $equals)) { $wsql[] = " `" . s($input) . "` = '" . s(v($input)) . "' "; } } if (!isset($wsql)) { return $this->send_error(LR_API_ARGS_ERROR, 'INPUT AND LIKE/EQUALS MUST HAS 1 FIELD AT LEAST'); } if (count($outputs) > 0) { $sql = "SELECT " . rjoin(',', '`', $outputs) . " FROM `" . s($table) . "` WHERE " . join(' AND ', $wsql); $data = get_line($sql); if (mysql_errno() != 0) { return $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } } $sql = "DELETE FROM `" . s($table) . "` WHERE " . join(' AND ', $wsql); run_sql($sql); if (mysql_errno() != 0) { $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (count($outputs) < 1) { return $this->send_result(array('msg' => 'ok')); } else { if (strlen($out_code) > 0) { eval($out_code); } return $this->send_result($data); } } break; case 'list': default: $since_id = intval(v('since_id')); $max_id = intval(v('max_id')); $count = intval(v('count')); $order = strtolower(z(t(v('ord')))); $by = strtolower(z(t(v('by')))); if ($order == 'asc') { $ord = ' ASC '; } else { $ord = ' DESC '; } if (strlen($by) > 0) { $osql = ' ORDER BY `' . s($by) . '` ' . $ord . ' '; } else { $osql = ''; } if ($count < 1) { $count = 10; } if ($count > 100) { $count = 100; } if (count($outputs) < 1) { $this->send_error(LR_API_ARGS_ERROR, 'OUTPUT MUST HAS 1 FIELD AT LEAST'); } $sql = "SELECT " . rjoin(',', '`', $outputs) . " FROM `" . s($table) . "` WHERE 1 "; if ($since_id > 0) { $wsql = " AND `id` > '" . intval($since_id) . "' "; } elseif ($max_id > 0) { $wsql = " AND `id` < '" . intval($max_id) . "' "; } if (count($inputs) > 0 && count($likes) + count($equals) > 0) { // AND `xxx` == $xxx if (count($likes) > 0) { foreach ($likes as $like) { if (z(t(v($like))) != '') { $wwsql[] = " AND `" . s($like) . "` LIKE '%" . s(v($like)) . "%' "; } } } if (count($equals) > 0) { foreach ($equals as $equal) { if (z(t(v($equal))) != '') { $wwsql[] = " AND `" . s($equal) . "` = '" . s(v($equal)) . "' "; } } } if (isset($wwsql)) { $wsql = $wsql . join(' ', $wwsql); } } $sql = $sql . $wsql . $osql . " LIMIT " . $count; //echo $sql; if ($idata = get_data($sql)) { $first = reset($idata); $max_id = $first['id']; $min_id = $first['id']; foreach ($idata as $item) { if ($item['id'] > $max_id) { $max_id = $item['id']; } if ($item['id'] < $min_id) { $min_id = $item['id']; } } $data = array('items' => $idata, 'max_id' => $max_id, 'min_id' => $min_id); } else { $data = $idata; } if (mysql_errno() != 0) { return $this->send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { if (strlen($out_code) > 0) { eval($out_code); } return $this->send_result($data); } } //return $this->send_error( LR_API_ARGS_ERROR , 'FIELD NOT EXISTS' ); }
function insert_geldbuchung($geldkonto_id, $buchungskonto, $auszugsnr, $rechnungsnr, $v_zweck, $datum, $kostentraeger_typ, $kostentraeger_id, $betrag) { $last_id = last_id('GELD_KONTO_BUCHUNGEN'); $last_id = $last_id + 1; mysql_query("INSERT INTO GELD_KONTO_BUCHUNGEN VALUES(NULL, '{$last_id}', '{$auszugsnr}', '{$rechnungsnr}', '{$betrag}', '{$v_zweck}', '{$geldkonto_id}', '{$buchungskonto}', '{$datum}', '{$kostentraeger_typ}', '{$kostentraeger_id}', '1')"); // echo "'$last_id', '$auszugsnr', '$betrag', '$v_zweck', '$geldkonto_id', '$buchungskonto', '$datum', '$kostentraeger_typ', '$kostentraeger_id' <b>1</b><br>"; }
function add_product() { if (isset($_POST['publish']) && empty($_POST['publish']) === false) { $product_title = escape_string($_POST['product_title']); $srt = str_replace(" ", "_", "{$product_title}"); $product_category_id = escape_string($_POST['product_category_id']); $product_price = escape_string($_POST['product_price']); $product_description = escape_string($_POST['product_description']); $product_quantity = escape_string($_POST['product_quantity']); $product_image = escape_string($_FILES['file']['name']); $image_temp_location = $_FILES['file']['tmp_name']; $uploads_dir = uploads_dir($product_category_id); $uploads_dirs = $uploads_dir . $product_image; move_uploaded_file($image_temp_location, $uploads_dirs); $query = query("INSERT INTO products(pname, product_cat_id, pprice, pdesc, pquant, pimage) VALUES('{$srt}', '{$product_category_id}', '{$product_price}', '{$product_description}', '{$product_quantity}', '{$uploads_dirs}')"); $last_id = last_id(); confirm($query); set_message("New Product was Added <a href=" . $product_title . " target=\"_blank\">View Product</a>"); } }
function board_list_add() { $board_id = intval(v('board_id')); $name = s(z(t(v('name')))); if (!has_board_permission_by_id($board_id)) { return apiController::send_error(6007, 'no permission'); } if (!run_sql("insert into board_list(name,board_id) values('{$name}','{$board_id}')")) { return apiController::send_error(6008, 'add list failed'); } else { return apiController::send_result(last_id()); } }
function process_transaction() { global $conn; if (isset($_GET['tx'])) { $amount = $_GET['amt']; $currency = $_GET['cc']; $transaction = $_GET['tx']; $status = $_GET['st']; $order_date = date("Y-m-d"); $order_time = date("H:i:s"); $report_date = date("Y-m-d"); $report_time = date("H:i:s"); $total = 0; $item_quantity = 0; $price = 0; foreach ($_SESSION as $name => $value) { if ($value > 0) { if (substr($name, 0, 8) == "product_") { $length = strlen($name - 8); $id = substr($name, 8, $length); $send_order = query("INSERT INTO orders (order_amount, order_transaction, order_status, order_currency, order_date, order_time) \n\t\t\t\t\t\t\t\t\t\tVALUES ('{$amount}','{$transaction}','{$status}','{$currency}','{$order_date}','{$order_time}')"); $last_id = last_id(); confirm($send_order); $query = query("SELECT * FROM products WHERE product_id=" . escape_string($id) . " "); confirm($query); while ($row = fetch_array($query)) { $product_title = $row['product_title']; $product_price = $row['product_price']; $price = number_format($product_price); $product_sub = $row['product_price'] * $value; $sub = number_format($product_sub); $item_quantity += $value; $insert_report = query("INSERT INTO reports (product_id, order_id, product_title, product_price, product_quantity, report_date, report_time) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES ('{$id}','{$last_id}','{$product_title}','{$product_price}','{$value}','{$report_date}','{$report_time}')"); confirm($insert_report); /*111111*/ $new_quantity = $row['product_quantity'] - $value; $product_query = query("UPDATE products SET product_quantity = '{$new_quantity}' WHERE product_id=" . $row['product_id'] . " "); confirm($product_query); /*1111111*/ } number_format($total += $product_sub); /*echo $item_quantity;*/ } } } session_destroy(); } else { redirect("../index.php"); } }
<?php include_once "util/top_foot_inc.php"; //include ("includes/caching.php"); //include ("includes/versetto.php"); top(); $data = <<<EOD <br><br><br><br> <div class="testo_18" style="position:static;margin:auto;width:450px;" > EOD; echo $data; $data = addslashes(trim($_POST['omg'])); $ip = $_SERVER["REMOTE_ADDR"]; $sql = "INSERT INTO `聖書`.`request` (`testo`,`ip`) VALUES ('{$data}','{$ip}');"; mysql_queryconerror($sql, $db); $rif = last_id(); echo "Richiesta inserita con riferimento {$rif} <br> Grazie della collaborazione </div> <br><br><br><br>"; foot();
function api_checklist_add() { $content = z(t(v('text'))); if (!not_empty($content)) { return apiController::send_error(LR_API_ARGS_ERROR, 'TEXT CAN\'T EMPTY'); } $tid = intval(v('tid')); if (intval($tid) < 1) { return apiController::send_error(LR_API_ARGS_ERROR, 'TID NOT EXISTS'); } // check user $tinfo = get_todo_info_by_id($tid); if (intval($tinfo['details']['is_public']) == 0 && uid() != $tinfo['owner_uid']) { return apiController::send_error(LR_API_FORBIDDEN, 'ONLY PUBLIC TODO CAN ADD CHECKLIST BY OTHERS'); } $sql = "INSERT INTO `checklist` ( `tid` , `title` , `content` , `timeline` , `uid` ) VALUES ( '" . intval($tid) . "' , '" . s($content) . "' , '" . s($content) . "' , NOW() , '" . intval(uid()) . "' ) "; run_sql($sql); if (db_errno() != 0) { return apiController::send_error(LR_API_DB_ERROR, 'DATABASE ERROR ' . mysql_error()); } else { return apiController::send_result(get_line("SELECT * FROM `checklist` WHERE `id` = '" . intval(last_id()) . "' LIMIT 1", db())); } }
$result = queries("{$command} {$query}" . ($_POST["all"] ? $where ? "\nWHERE " . implode(" AND ", $where) : "" : "\nWHERE {$where_check}")); $affected = $connection->affected_rows; } else { foreach ((array) $_POST["check"] as $val) { // where is not unique so OR can't be used $result = queries($command . limit1($query, "\nWHERE " . where_check($val))); if (!$result) { break; } $affected += $connection->affected_rows; } } } $message = lang('%d item(s) have been affected.', $affected); if ($_POST["clone"] && $result && $affected == 1) { $last_id = last_id(); if ($last_id) { $message = lang('Item%s has been inserted.', " {$last_id}"); } } queries_redirect(remove_from_uri("page"), $message, $result); //! display edit page in case of an error } elseif (!$_POST["import"]) { // modify if (!$_POST["val"]) { $error = lang('Double click on a value to modify it.'); } else { $result = true; $affected = 0; foreach ($_POST["val"] as $unique_idf => $row) { $set = array();
function note_add() { $content = s(t(z(v('content')))); echo run_sql("insert into note(uid,content) values('" . uid() . "','{$content}')") ? apiController::send_result(array('id' => last_id())) : apiController::send_error(5001, 'note add failed'); }
$send = ""; if ($_FILES['upload']['name'] != "" && ($extension == "php" || $extension == "php3" || $extension == "phtml")) { $error3 .= $strings["no_php"] . "<br/>"; $send = "false"; } } if ($_FILES['upload']['name'] != "" && $_FILES['upload']['size'] < $maxFileSize && $_FILES['upload']['size'] != 0 && $send != "false") { $docopy = "true"; } //Insert details into Database if ($docopy == "true") { $comments = convertData($comments); $tmpquery = "INSERT INTO " . $tableCollab["files"] . "(owner,project,task,comments,upload,published,status,vc_status,vc_parent,phase) VALUES('{$idSession}','{$project}','{$task}','{$c}','{$dateheure}','0','2','0','{$parent}','0')"; connectSql("{$tmpquery}"); $tmpquery = $tableCollab["files"]; last_id($tmpquery); $num = $lastId[0]; unset($lastId); } if ($task != "0") { if ($docopy == "true") { uploadFile("files/{$project}/{$task}", $_FILES['upload']['tmp_name'], $upload_name); $size = file_info_size("../files/{$project}/{$task}/{$upload_name}"); //$dateFile = file_info_date("../files/$project/$task/$upload_name"); $chaine = strrev("../files/{$project}/{$task}/{$upload_name}"); $tab = explode(".", $chaine); $extension = strtolower(strrev($tab[0])); } } else { if ($docopy == "true") { uploadFile("files/{$project}", $_FILES['upload']['tmp_name'], $upload_name);
echo "<form method=\"post\" action=\"index.php\">\n\t\t\tLogin: <input style=\"margin-left: 12px; width: 120px;\" type=\"text\" name=\"login\"/><br />\n\t\t\tHasło: <input style=\"margin-left: 11px;width: 120px;\" type=\"password\" name=\"password\"/><br/>\n\t\t\t<input type=\"submit\" name=\"reg\" value=\"Zaloguj\">\n\t\t\t</form>"; } } } ?> </div> </div> <div id="reg_fix"> <div id="reg_show"> <?php if (isset($_POST['login']) && isset($_POST['password']) && !isset($_COOKIE['MyCookie']) && !isset($_COOKIE['Auth'])) { $login = $_POST['login']; $pass = $_POST['password']; if (check_login($login) && strlen($pass) >= 6 && !check_if_exists($login)) { $plik = fopen("data/conf/users.conf", "a"); $id = last_id() + 1; if (fwrite($plik, $id . "||" . $login . "||" . md5("S417" . $id . "" . substr($login, 0, 3) . "" . $pass) . "||\n")) { echo "Rejestracja zakończona pomyślnie!<br />"; } else { echo "Błąd rejestracji!<br />"; } fclose($plik); $ref = $_SERVER['HTTP_REFERER']; header("Location: " . $ref); } else { $ref = $_SERVER['HTTP_REFERER']; header("Location: " . $ref); echo "Nieprawidłowy login lub hasło!<br />"; } } else { if (isset($_POST['login']) && isset($_POST['password']) && isset($_COOKIE['MyCookie']) && isset($_COOKIE['PHPSESSID']) && isset($_COOKIE['Auth']) && check_cookie($_COOKIE['MyCookie'], $_COOKIE['PHPSESSID'], $_COOKIE['Auth'])) {
} else { $set = array(); foreach ($fields as $name => $field) { $val = process_input($field); if ($val !== false && $val !== null) { $set[idf_escape($name)] = $update ? "\n" . idf_escape($name) . " = {$val}" : $val; } } if ($update) { if (!$set) { redirect($location); } query_redirect("UPDATE" . limit1(table($TABLE) . " SET" . implode(",", $set), "\nWHERE {$where}"), $location, array(lang('Item has been updated.'), 'success')); } else { $result = insert_into($TABLE, $set); $last_id = $result ? last_id() : 0; queries_redirect($location, array(lang('Item%s has been inserted.', $last_id ? " {$last_id}" : ""), 'success'), $result); //! link } } } $table_name = $adminer->tableName(table_status($TABLE)); page_header($update ? lang('Edit') : lang('Insert'), $error, array("select" => array($TABLE, $table_name)), $table_name); $adminer->selectLinks($table_status, ''); // @todo are params OK? $row = null; if ($_POST["save"]) { $row = (array) $_POST["fields"]; } elseif ($where) { $select = array(); foreach ($fields as $name => $field) {
<?php include "inc/connect.php"; include "inc/functions.php"; include "inc/PHPMailer/PHPMailerAutoload.php"; $mail_user = nettoyage($_POST["user_mail"]); $date = date("Y-m-d H:i:s"); $privilege = 'client'; insert_mail($connexion, $mail_user, $date, $privilege); $user_id = last_id($connexion); $message = "<a href=http://localhost/php_exam/activate.php?id=" . $user_id[0]["id"] . ">validation</a>"; $mail = new PHPMailer(); //$mail->SMTPDebug = 3; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'smtp.mandrillapp.com'; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = '******'; // SMTP username $mail->Password = '******'; // SMTP password $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 587; // TCP port to connect to $mail->setFrom('*****@*****.**', 'Mailer'); $mail->addAddress($mail_user, 'Joe User'); // Add a recipient $mail->addAttachment('/var/tmp/file.tar.gz');