function flattr_set_flattrID($user_id, $flattr_id) { //If the new ID is different from current $current_id = flattr_get_flattrID($user_id); if (strcmp($flattr_id, $current_id)) { //set it if ($current_id === NULL) { $sql = "INSERT INTO " . PREFIX . "flattr SET flattrID='" . sql_safe($flattr_id) . "', user_id='" . sql_safe($user_id) . "';"; } else { $sql = "UPDATE " . PREFIX . "flattr SET flattrID='" . sql_safe($flattr_id) . "' WHERE user_id='" . sql_safe($user_id) . "';"; } message_try_mysql($sql, "214776", _("New Flattr ID set")); } }
function category_receive() { if (isset($_POST['save_category'])) { $sql = ""; if (isset($_POST['category_id'])) { //Check that user has ownership here if (!category_get_user_privilege($_SESSION['user_id'], $_POST['category_id'])) { add_error(sprintf(_("Access denied (%s)"), 341053)); } else { $sql = "UPDATE task_category SET \n\t\t\t\t`name`='" . sql_safe($_POST['name']) . "',\n\t\t\t\t`description`='" . sql_safe($_POST['description']) . "'\n\t\t\t\tWHERE id=" . sql_safe($_POST['category_id']) . ";"; } } else { $sql = "INSERT INTO task_category SET \n\t\t\tcreator='" . sql_safe($_SESSION['user_id']) . "',\n\t\t\t`name`='" . sql_safe($_POST['name']) . "',\n\t\t\t`description`='" . sql_safe($_POST['description']) . "';"; } if ($sql != "") { message_try_mysql($sql, 531220, _("Category saved")); // preprint($sql); } } }
function task_receive() { if (isset($_REQUEST['task_delete'])) { //Check the user is logged in and see if it is the owner if (login_check_logged_in_mini() > 0) { $task = task_get($_SESSION['user_id'], $_REQUEST['task_delete']); if (!empty($task)) { $sql = "DELETE FROM task WHERE id=" . $task[0]['id'] . ";"; message_try_mysql($sql, 152023, _("Task successfully removed")); } } else { echo "no"; } } if (isset($_POST['save_task'])) { if ($_POST['task_category_id'] == "NULL") { $task_category_id = category_add_empty(); } else { $task_category_id = $_POST['task_category_id']; } if ($task_category_id) { $sql = ""; if (isset($_POST['task_id'])) { //Check that user has ownership here if (!task_get_user_privilege($_SESSION['user_id'], $_POST['task_id'])) { add_error(sprintf(_("Access denied (%s)"), 341053)); } else { $sql = "UPDATE task SET \n\t\t\t\t\t`task_category_id`='" . sql_safe($task_category_id) . "',\n\t\t\t\t\t`name`='" . sql_safe($_POST['name']) . "',\n\t\t\t\t\t`description`='" . sql_safe($_POST['description']) . "'\n\t\t\t\t\tWHERE id=" . sql_safe($_POST['task_id']) . ";"; } } else { $sql = "INSERT INTO task SET \n\t\t\t\tcreator='" . sql_safe($_SESSION['user_id']) . "',\n\t\t\t\t`task_category_id`='" . sql_safe($task_category_id) . "',\n\t\t\t\t`name`='" . sql_safe($_POST['name']) . "',\n\t\t\t\t`description`='" . sql_safe($_POST['description']) . "';"; } if ($sql != "") { message_try_mysql($sql, 531220, _("Task saved")); } } } }
function comment_receive() { $inloggad = login_check_logged_in_mini(); if (isset($_POST['addcomment'])) { // echo preprint($_POST); // echo "<br />DEBUG1832: isset(\$_POST['addcomment']))"; //Om man inte är inloggad måste man ange captcha if ($inloggad < 1 && !isset($_POST['addcomment_captcha'])) { //Kanske hämta det man kommenterar på här sen... ? echo "<h2>Adding comment</h2><form method=\"post\">"; //Släng med postat data... echo "<p>Name: " . $_POST['nick'] . "<input type=\"hidden\" name=\"nick\" value=\"" . $_POST['nick'] . "\">"; echo "<br />Email: " . $_POST['email'] . "<input type=\"hidden\" name=\"email\" value=\"" . $_POST['email'] . "\">"; echo "<br />Website: " . $_POST['url'] . "<input type=\"hidden\" name=\"url\" value=\"" . $_POST['url'] . "\">"; echo "<br />Flattr ID: " . $_POST['flattrID'] . "<input type=\"hidden\" name=\"flattrID\" value=\"" . $_POST['flattrID'] . "\"></p>"; echo "<p>Comment:<br />" . $_POST['comment'] . "<input type=\"hidden\" name=\"comment\" value=\"" . $_POST['comment'] . "\"></p>"; echo "<input type=\"hidden\" name=\"id\" value=\"" . $_POST['id'] . "\">"; echo "<input type=\"hidden\" name=\"type\" value=\"" . $_POST['type'] . "\">"; echo "<input type=\"hidden\" name=\"addcomment\" value=\"" . $_POST['addcomment'] . "\">"; //Visa captcha require_once 'functions/recaptchalib.php'; echo recaptcha_get_html(ReCaptcha_publickey); echo "<p>Log in to get rid of the need of captchas...</p>"; echo "<input type=\"submit\" name=\"addcomment_captcha\" value=\"" . _("Send") . "\">"; echo "</form>"; } else { if ($inloggad < 1 && isset($_POST['addcomment_captcha'])) { require_once 'functions/recaptchalib.php'; $resp = recaptcha_check_answer(ReCaptcha_privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); } } if ($inloggad < 1 && isset($_POST['addcomment_captcha']) && !$resp->is_valid) { // What happens when the CAPTCHA was entered incorrectly die("The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"); } else { if ($inloggad > 0 || isset($_POST['addcomment_captcha']) && $resp->is_valid) { if (login_check_logged_in_mini() > 0) { $user = $_SESSION[PREFIX . "user_id"]; } else { $user = '******'; } $IP = $_SERVER['REMOTE_ADDR']; //Lägg till en kommentar $sql = "INSERT INTO " . PREFIX . "comment SET\n\t\t\tcomment_type='" . sql_safe($_POST['type']) . "',\n\t\t\tcomment_on=" . sql_safe($_POST['id']) . ",\n\t\t\tuser="******",\n\t\t\tcomment='" . sql_safe($_POST['comment']) . "',\n\t\t\tadded='" . date("YmdHis") . "',\n\t\t\tIP='" . sql_safe($IP) . "';"; // echo "<br />DEBUG 1225: $sql"; message_try_mysql($sql, "102472"); $id = mysql_insert_id(); if (isset($_POST['nick'])) { $sql = "UPDATE " . PREFIX . "comment SET nick='" . sql_safe($_POST['nick']) . "'\n\t\t\t\tWHERE id={$id};"; mysql_query($sql); } if (isset($_POST['email'])) { $sql = "UPDATE " . PREFIX . "comment SET email='" . sql_safe($_POST['email']) . "'\n\t\t\t\tWHERE id={$id};"; mysql_query($sql); } if (isset($_POST['url'])) { $sql = "UPDATE " . PREFIX . "comment SET url='" . sql_safe($_POST['url']) . "'\n\t\t\t\tWHERE id={$id};"; mysql_query($sql); } if (isset($_POST['flattrID'])) { $sql = "UPDATE " . PREFIX . "comment SET flattrID='" . sql_safe($_POST['flattrID']) . "'\n\t\t\t\tWHERE id={$id};"; mysql_query($sql); } } } } else { // echo "<br />DEBUG1832: !isset(\$_POST['addcomment']))"; if ($inloggad > 1) { if (isset($_POST['deletecomment'])) { $sql = "DELETE FROM " . PREFIX . "comment WHERE id=" . sql_safe($_POST['id']) . ";"; // echo "<br />DEBUG 2020: $sql"; mysql_query($sql); } } else { if ($inloggad > 0) { if (isset($_POST['deletecomment'])) { if ($aa = mysql_query("SELECT user from " . PREFIX . "comment WHERE id=" . sql_safe($_POST['id']) . ";")) { if ($a = mysql_fetch_array($aa)) { //Kolla om det är användarens kommentar. if (!strcmp($a['user'], $_SESSION[PREFIX . "user_id"])) { //Kolla så att det inte finns några svar if ($dd = mysql_query("SELECT id from " . PREFIX . "comment WHERE comment_on=" . sql_safe($_POST['id']) . " AND comment_type='comment';")) { if (mysql_affected_rows() < 1) { $sql = "DELETE FROM " . PREFIX . "comment WHERE id=" . sql_safe($_POST['id']) . ";"; // echo "<br />DEBUG 2021: $sql"; mysql_query($sql); } } } } } } } } } }
function feedback_set_all_checked_in_as_resolved() { $sql = "UPDATE " . PREFIX . "feedback SET resolved=NOW() WHERE resolved IS NULL AND checked_in IS NOT NULL;"; message_try_mysql($sql, "18361419", _("All feedbacks that was checked in are now set to live")); }