function getResult($query) { return mysqli_result($this->conn, $query); }
function user_id_from_username($username) { global $db; $username = sanitize($username); $query2 = mysqli_query($db, "SELECT (`id`) FROM `users` WHERE `username` = '{$username}'"); return mysqli_result($query2, 0, 'id'); }
function book_exists($bookname) { global $db; $bookname = sanitize($bookname); $query = mysqli_query($db, "SELECT COUNT(`title`) FROM `books` WHERE `title` = '{$bookname}'"); return mysqli_result($query, 0) == 1 ? true : false; }
function plogger_stats_count_total_comments() { $query = "SELECT COUNT(*) AS `n` FROM `" . PLOGGER_TABLE_PREFIX . "comments` WHERE approved = 1"; $result = run_query($query); $num_comments = mysqli_result($result, 0, 'n'); echo $num_comments . ' '; echo $num_comments == 1 ? plog_tr('comment') : plog_tr('comments'); }
function user_count() { // pentru a arata cati utilizatori inregistrati avem pe site include 'core/db/db_connection.php'; $sql = "SELECT COUNT(user_id) FROM `_users` WHERE active = 1"; $data = mysqli_query($dbCon, $sql); return mysqli_result($data, 0); }
function product_picture($product_id) { $connect = Database(); $picture_result = mysqli_result(mysqli_query($connect, "SELECT picture_type FROM product_pictures WHERE product_id='{$product_id}';")); $picture_type = $picture_result['picture_type']; $picture_url = "../@pages/images/products/" . $product_id . "_1." . $picture_type; return $picture_url; }
function getScoreByStrategy($roundId, $strategyId) { $link = getDBConnection(); if (mysqli_select_db($link, getDBName())) { $roundId = intval($roundId); $strategyId = intval($strategyId); return mysqli_result(mysqli_query($link, "SELECT score FROM scores WHERE round = {$roundId} AND strategy = {$strategyId}"), 0); } }
function login($username, $password) { require 'core/database/connect.php'; //file that connects to database $user_id = user_id_from_username($username); $username = sanitize($username); // $password = md5($password); ideally we want to encrypt the password when the user registers return mysqli_result(mysqli_query($connect, "SELECT COUNT(`ID`) FROM `users` WHERE `UserName` = '{$username}' AND `Password` = '{$password}'"), 0) == 1 ? $user_id : false; }
function tableExists($tablename, $database = false) { global $dbTmp; if (!$database) { $res = mysqli_query($dbTmp, "SELECT DATABASE()"); $database = mysqli_result($res, 0); } $res = mysqli_query($dbTmp, "SELECT COUNT(*) as count\n FROM information_schema.tables\n WHERE table_schema = '{$database}'\n AND table_name = '{$tablename}'"); return mysqli_result($res, 0) == 1; }
function grr_sql_query1($sql) { $r = mysqli_query($GLOBALS['db_c'], $sql); if (!$r) { return -1; } if (mysqli_num_rows($r) != 1 || mysqli_field_count($GLOBALS['db_c']) != 1 || ($result_ = mysqli_result($r, 0, 0)) == "") { $result_ = -1; } mysqli_free_result($r); return $result_; }
function login() { $db_host = 'localhost'; $db_username = '******'; $db_password = ''; $db_name = 'Attendance'; $con = mysql_connect($db_host, $db_username, $db_password) or die(mysql_error()); mysql_select_db($db_name); $query = "SELECT * FROM users WHERE email = '" . $_POST['email'] . "' AND password = '******'password'] . "'; "; mysqli_query($conn, $query); if (mysqli_result()) { header("Location: Attendace.php"); /* Redirect browser */ exit; } else { $credentials = false; } }
function read_styles() { global $TABLE_PREFIX, $language, $CURUSER, $admintpl, $STYLEPATH; $sres = style_list(); for ($i = 0; $i < count($sres); $i++) { $res = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}users WHERE style = " . $sres[$i]["id"], true); $sres[$i]["style_users"] = mysqli_result($res, 0, 0); $sres[$i]["style"] = unesc($sres[$i]["style"]); $sres[$i]["style_url"] = unesc($sres[$i]["style_url"]); $sres[$i]["style_type"] = $sres[$i]["style_type"] == 1 ? $language["CLA_STYLE"] : ($sres[$i]["style_type"] == 2 ? $language["ATM_STYLE"] : ($sres[$i]["style_type"] == 3 ? $language["PET_STYLE"] : $language["UNKNOWN"])); $sres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=edit&id=" . $sres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>"; $sres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=delete&id=" . $sres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; } $admintpl->set("style_add", false, true); $admintpl->set("language", $language); $admintpl->set("styles", $sres); $admintpl->set("style_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=add\">" . $language["STYLE_ADD"] . "</a>"); unset($sres); mysqli_free_result($res) || is_object($res) && get_class($res) == "mysqli_result" ? true : false; }
$oldreload = $time - $reload; $mysqli = getConnected("account"); $gesperrt = mysqli_query($mysqli, "SELECT id FROM cms_statistik_ips WHERE ip='{$ip}' AND time>'{$oldreload}' ORDER BY id DESC limit 1"); if (!$gesperrt) { echo "3 Es ist ein Fehler aufgetreten, möglicherweise ist die Tabelle nicht angelegt."; } if (mysqli_num_rows($gesperrt) == 0) { // new user mysqli_query($mysqli, "INSERT INTO cms_statistik_ips (ip, time, online) values ('{$ip}', '{$time}', '{$time}')"); mysqli_query($mysqli, "UPDATE cms_statistik_day SET user=user+1, view=view+1 where day='{$day}'"); } else { // user with IP in database $gesperrtID = mysqli_result($gesperrt, 0, 0); mysqli_query($mysqli, "UPDATE cms_statistik_ips SET online='{$time}' where id='{$gesperrtID}'"); mysqli_query($mysqli, "UPDATE cms_statistik_day SET view=view+1 where day='{$day}'"); } mysqli_close($mysqli); // new Referer $mysqli = getConnected("account"); $ref = mysqli_query($mysqli, "SELECT id FROM cms_statistik_referer WHERE referer='{$referer}' AND month='{$month}'"); if (!$ref) { echo "5 Es ist ein Fehler aufgetreten, möglicherweise ist die Tabelle nicht angelegt."; } if (mysqli_num_rows($ref) == 0) { mysqli_query($mysqli, "INSERT INTO cms_statistik_referer (month, host, referer, view) values ('{$month}', '{$referer_host}', '{$referer}', '1')"); } else { $refererid = mysqli_result($ref, 0, 0); mysqli_query($mysqli, "UPDATE cms_statistik_referer SET view=view+1 where id='{$refererid}'"); } mysqli_close($mysqli); // #############################
public function result($query, $row) { $query = @mysqli_result($query, $row); return $query; }
function mailbox_delete_mailbox($link, $postarray) { $username = mysqli_real_escape_string($link, $postarray['username']); global $logged_in_role; global $logged_in_as; if (!mysqli_result(mysqli_query($link, "SELECT domain FROM mailbox WHERE username='******' AND (domain NOT IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'!='" . $logged_in_role . "')"))) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'Permission denied'); return false; } if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'Invalid mailbox'); return false; } $delete_user = "******" . $username . "';"; $delete_user .= "UPDATE alias SET goto=REPLACE(goto, '," . $username . ",', ',');"; $delete_user .= "UPDATE alias SET goto=REPLACE(goto, '," . $username . "', '');"; $delete_user .= "UPDATE alias SET goto=REPLACE(goto, '" . $username . ",', '');"; $delete_user .= "DELETE FROM quota2 WHERE username='******';"; $delete_user .= "DELETE FROM calendarobjects WHERE calendarid IN (SELECT id from calendars where principaluri='principals/" . $username . "');"; $delete_user .= "DELETE FROM cards WHERE addressbookid IN (SELECT id from calendars where principaluri='principals/" . $username . "');"; $delete_user .= "DELETE FROM mailbox WHERE username='******';"; $delete_user .= "DELETE FROM sender_acl WHERE logged_in_as='" . $username . "';"; $delete_user .= "DELETE FROM users WHERE username='******';"; $delete_user .= "DELETE FROM principals WHERE uri='principals/" . $username . "';"; $delete_user .= "DELETE FROM principals WHERE uri='principals/" . $username . "/calendar-proxy-read';"; $delete_user .= "DELETE FROM principals WHERE uri='principals/" . $username . "/calendar-proxy-write';"; $delete_user .= "DELETE FROM addressbooks WHERE principaluri='principals/" . $username . "';"; $delete_user .= "DELETE FROM calendars WHERE principaluri='principals/" . $username . "';"; if (!mysqli_multi_query($link, $delete_user)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL Error: ' . mysqli_error($link)); return false; } while ($link->next_result()) { if (!$link->more_results()) { break; } } $_SESSION['return'] = array('type' => 'success', 'msg' => 'Deleted mailbox ' . htmlspecialchars($username)); }
echo $row['aliases']; ?> </td> <td><?php echo mysqli_result(mysqli_query($link, "SELECT count(*) FROM mailbox WHERE domain='{$row['domain']}'")); ?> of <?php echo $row['mailboxes']; ?> </td> <td><?php echo $row['maxquota']; ?> M</td> <td><?php echo mysqli_result(mysqli_query($link, "SELECT coalesce(round(sum(quota)/1048576), 0) FROM mailbox WHERE domain='{$row['domain']}'")); ?> M of <?php echo $row['quota']; ?> M</td> <td><?php echo $row['active']; ?> </td> <td><a href="do.php?deletedomain=<?php echo $row['domain']; ?> ">delete</a> | <a href="do.php?editdomain=<?php echo $row['domain'];
function ishappyHour($n) { global $TABLE_PREFIX; $happyHour = mysqli_result(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT UNIX_TIMESTAMP(value_s) FROM {$TABLE_PREFIX}avps WHERE arg='happyhour'"), 0); $happyDate = date("Y-m-d H:i", $happyHour); $curDate = date("Y-m-d H:i"); $nextDate = date("Y-m-d H:i", $happyHour + 3600); if ($n == "check") { if ($happyDate < $curDate && $nextDate >= $curDate) { return true; } } if ($n == "time") { $timeLeft = $happyHour + 3600 - time(); return NDF($timeLeft); } }
$modules[$i]["module_activated"] = $language["NO"] . " -> <a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=change_to_yes&id=" . unesc($row_modules["id"]) . "\">" . $language["ACTIVATE"] . "</a>"; } // yes $modules[$i]["module_date_changed"] = unesc($row_modules["changed"]); // when last switched on or off $modules[$i]["module_date_created"] = unesc($row_modules["created"]); // the date created $i++; } $admintpl->set("modules", $modules); $active_modules = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}modules WHERE activated='yes'", true); $admintpl->set("nr_active_modules", mysqli_result($active_modules, 0, 0)); $not_active_modules = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}modules WHERE activated='no'", true); $admintpl->set("nr_not_active_modules", mysqli_result($not_active_modules, 0, 0)); $total_modules = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}modules", true); $admintpl->set("nr_total_modules", mysqli_result($total_modules, 0, 0)); $admintpl->set("form_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=add"); break; // end of case 'manage' // end of case 'manage' case 'change_to_yes': $id = max(0, $_GET["id"]); $admintpl->set("language", $language); do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='yes', changed=NOW() WHERE id={$id}", true); redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage"); die; break; case 'change_to_no': $id = max(0, $_GET["id"]); $admintpl->set("language", $language); do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='no', changed=NOW() WHERE id={$id}", true);
$tztpl["tz_combo"] .= "value=\"" . $timezone["difference"] . "\">" . unesc($timezone["timezone"]) . "</option>"; $tztpl["tz_combo"] .= $option; } unset($tres); $usercptpl->set("tz", $tztpl); if ($FORUMLINK == "" || $FORUMLINK == "internal") { $usercptpl->set("INTERNAL_FORUM", true, true); $profiletpl["topicsperpage"] = $CURUSER["topicsperpage"]; $profiletpl["postsperpage"] = $CURUSER["postsperpage"]; } $profiletpl["torrentsperpage"] = $CURUSER["torrentsperpage"]; $profiletpl["commentpm"] = $CURUSER["commentpm"] == "true" ? "checked=\"checked\"" : ""; $profiletpl["frm_cancel"] = "index.php?page=usercp&uid=" . $uid . ""; $uid = $CURUSER['uid']; $r = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT parked from {$TABLE_PREFIX}users where id = {$uid}"); $p = mysqli_result($r, 0, "parked"); if ($p != 0) { $profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"0\" />\n " . $language["NO"] . ""; $profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"1\" checked=\"checked\" />\n " . $language["YES"] . ""; } else { $profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"0\" checked=\"checked\" />\n " . $language["NO"] . ""; $profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"1\" />\n " . $language["YES"] . ""; $profiletpl["parked"] .= $option; } // Userbar $res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}userbars", true); while ($row = mysqli_fetch_array($res)) { $bars[$row['id']] = array('desc' => $row['description'], 'img' => $row['img']); } $js_userbar = ''; foreach ($bars as $value => $key) {
//mysql_connect("$host", "$username", "$password")or die("cannot connect"); //mysql_select_db("$db_name")or die("cannot select DB"); session_start(); if (!isset($_SESSION['username']) || trim($_SESSION['username']) == '') { header("location:index.php"); } else { $userid = $_SESSION['userid']; $username = $_SESSION['username']; $usertype = $_SESSION['usertype']; } ?> <?php if (isset($_POST['BtnSubmit'])) { $result1 = mysqli_query($con, "select IFNULL(max(s_id),0)+1 m from sugestie"); $f_id = mysqli_result($result1, 0, "m"); $t_subject = $_POST['TxtSubject']; $t_feedback = $_POST['TxtSugestii']; $sql = "insert into sugestie values({$f_id},sysdate(),'{$t_subject}','{$t_feedback}',{$userid})"; $result = mysqli_query($con, $sql) or die(mysql_error()); header("location:sugestie_trimisa.php"); } ?> <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Aplicatie online pentru testarea cunostintelor</title>
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED // TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR // PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF // LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // //////////////////////////////////////////////////////////////////////////////////// require_once "include/functions.php"; require_once "include/config.php"; dbconn(); if ($CURUSER["uid"] > 1) { $uid = $CURUSER['uid']; $org = $CURUSER['username']; $r = do_sqlquery("SELECT * from {$TABLE_PREFIX}users where id={$uid}"); $c = mysqli_result($r, 0, "seedbonus"); if ($c >= $GLOBALS["price_name"]) { if (isset($_POST["name"])) { $custom = mysqli_real_escape_string($DBDT, $_POST["name"]); } else { $custom = ""; } if ("{$custom}" == "") { } else { $res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE username='******'", true); if (mysqli_num_rows($res) > 0) { } else { do_sqlquery("UPDATE {$TABLE_PREFIX}users SET username='******' WHERE id={$CURUSER['uid']}"); if ($FORUMLINK == "smf") { do_sqlquery("UPDATE {db_prefix}members SET memberName='" . htmlspecialchars($custom) . "' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]); }
<thead> <tr> <th>Domain</th> <th>Aliases</th> <th>Mailboxes</th> <th>Max. quota per mailbox</th> <th>Domain Quota</th> <th>Active</th> <th>Action</th> </tr> </thead> <tbody> <?php $result = mysqli_query($link, "SELECT domain, aliases, mailboxes, maxquota, quota, CASE active WHEN 1 THEN 'Yes' ELSE 'No' END AS active FROM \ndomain WHERE \ndomain IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'='{$logged_in_role}'"); while ($row = mysqli_fetch_array($result)) { echo "<tr><td>", $row['domain'], "</td><td>", mysqli_result(mysqli_query($link, "SELECT count(*) FROM alias WHERE domain='{$row['domain']}' and address NOT IN (SELECT username FROM mailbox)")), " of ", $row['aliases'], "</td><td>", mysqli_result(mysqli_query($link, "SELECT count(*) FROM mailbox WHERE domain='{$row['domain']}'")), " of ", $row['mailboxes'], "</td><td>", $row['maxquota'], "M", "</td><td>", mysqli_result(mysqli_query($link, "SELECT coalesce(round(sum(quota)/1048576), 0) FROM mailbox WHERE domain='{$row['domain']}'")), "M of ", $row['quota'], "M", "</td><td>", $row['active'], "</td><td><a href=\"do.php?deletedomain=", $row['domain'], "\">delete</a> | <a href=\"do.php?editdomain=", $row['domain'], "\">edit</a>", "</td></tr>"; } ?> </tbody> </table> </div> </div> </div> </div> <div class="row"> <div class="col-md-14"> <div class="panel panel-default"> <div class="panel-heading"> <h3 class="panel-title">Domain Aliases</h3> <div class="pull-right"> <span class="clickable filter" data-toggle="tooltip" title="Toggle table filter" data-container="body">
mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli)); $postavshik_id = mysqli_insert_id($mysqli); } else { $postavshik_id = "NULL"; } // Получаем номер и год для документов $query = "SELECT IFNULL(year, 0) year, IFNULL(count, 0) count FROM PrintForms WHERE PF_ID = {$id}"; $res = mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli)); if (mysqli_result($res, 0, 'year') and mysqli_result($res, 0, 'count')) { $year = mysqli_result($res, 0, 'year'); $count = mysqli_result($res, 0, 'count'); } else { $year = date('Y'); $query = "SELECT COUNT(1)+1 Cnt FROM PrintForms WHERE year = {$year}"; $res = mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli)); $count = mysqli_result($res, 0, 'Cnt'); } // Обновляем в таблице PrintForms ID контрагентов, номер с годом и сумму $query = "UPDATE PrintForms SET\n\t\t\t\t summa = {$summa}\n\t\t\t\t,platelshik_id = {$platelshik_id}\n\t\t\t\t,gruzopoluchatel = {$_POST["gruzopoluchatel"]}\n\t\t\t\t,gruzopoluchatel_id = {$gruzopoluchatel_id}\n\t\t\t\t,postavshik = {$_POST["postavshik"]}\n\t\t\t\t,postavshik_id = {$postavshik_id}\n\t\t\t\t,year = {$year}\n\t\t\t\t,count = {$count}\n\t\t\t WHERE PF_ID = {$id}"; mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli)); $_POST["nomer"] = str_pad($count, 8, '0', STR_PAD_LEFT); // Дописываем нули к номеру накладной // Удаляем старые файлы $expire_time = 63072000; // Время через которое файл считается устаревшим (в сек.) $dir = $_SERVER['DOCUMENT_ROOT'] . "/print_forms/"; // проверяем, что $dir - каталог if (is_dir($dir)) { // открываем каталог if ($dh = opendir($dir)) { // читаем и выводим все элементы
$j = ''; for ($i = 0; $i < $count; $i++) { $j = $i + 1; echo "<tr>"; echo "<td width='60' align ='center' valign ='top'>" . mysqli_result($result, $i, "u_data_creare") . "</td>"; echo "<td width='40' align ='left' valign ='top'>" . mysqli_result($result, $i, "u_nume") . "</td>"; echo "<td width='30' align ='left' valign ='top'>" . mysqli_result($result, $i, "u_tip") . "</td>"; if (mysqli_result($result, $i, "u_data_activare") == '') { if (mysqli_result($result, $i, "u_tip") == 'Student') { $link_text = "<a href='activeaza_utilizator_student.php?mode=A&id=" . mysqli_result($result, $i, "u_id") . "'>Activeaza</a>"; } else { $link_text = "--"; } } else { if (mysqli_result($result, $i, "u_tip") == 'Student') { $link_text = "<a href='activeaza_utilizator_student.php?mode=D&id=" . mysqli_result($result, $i, "u_id") . "'>Dezactiveaza</a>"; } else { $link_text = "--"; } } echo "<td width='98' align ='left' valign ='top'>" . $link_text . "</td>"; echo "</tr>"; } } else { echo "<td width='51' align ='center' valign ='top'> </td>"; echo "<td width='205' align ='left' valign ='top'> </td>"; echo "<td width='98' align ='left' valign ='top'> </td>"; } ?> </table> <p> </td>
function result($query, $row) { return mysqli_result($query, $row); }
$_GET['id'] = 0 + $_GET['id']; } if ($_GET['do'] == 'deny' and is_valid_id($_GET['id']) and $CURUSER["edit_users"] == "yes") { do_sqlquery('UPDATE ' . $TABLE_PREFIX . 'shoutcastdj SET active = \'2\' WHERE id = \'' . (0 + $_GET['id']) . '\'', true); if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) { $Query = do_sqlquery('SELECT uid FROM ' . $TABLE_PREFIX . 'shoutcastdj WHERE id = \'' . (0 + $_GET['id']) . '\'', true); send_pm(0, mysqli_result($Query, 0, 'uid'), sqlesc($language['subject']), sqlesc($language['dmsg'])); } $_GET['do'] = 'list'; $_GET['id'] = 0 + $_GET['id']; } if ($_GET['do'] == 'kick' and is_valid_id($_GET['id']) and $CURUSER["edit_users"] == "yes") { do_sqlquery('UPDATE ' . $TABLE_PREFIX . 'shoutcastdj SET active = \'3\' WHERE id = \'' . (0 + $_GET['id']) . '\'', true); if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) { $Query = do_sqlquery('SELECT uid FROM ' . $TABLE_PREFIX . 'shoutcastdj WHERE id = \'' . (0 + $_GET['id']) . '\'', true); send_pm(0, mysqli_result($Query, 0, 'uid'), sqlesc($language['subject2']), sqlesc($language['kmsg'])); } $_GET['do'] = 'list'; $_GET['id'] = 0 + $_GET['id']; } if ($_GET['do'] == 'request') { $query = do_sqlquery('SELECT uid FROM ' . $TABLE_PREFIX . 'shoutcastdj WHERE uid = \'' . $CURUSER['uid'] . '\'', true); if (0 < mysqli_num_rows($query)) { stderr($language['ERROR'], $language['already']); } $Query = do_sqlquery('SELECT t.*, u.username, g.prefixcolor, g.suffixcolor FROM ' . $TABLE_PREFIX . 'shoutcastdj t LEFT JOIN ' . $TABLE_PREFIX . 'users u ON t.uid=u.id LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id WHERE t.active=1', true); if (mysqli_num_rows($Query)) { $reqform = '<br /> <table width="100%" align="center" border="0" cellpadding="3" cellspacing="0"> <tr> <td colspan="5" class="header"><center>' . $language['djlist'] . '</center></td>
<button type="submit" class="btn btn-default btn-sm">Delete</button> </div> </div> </form> <?php } else { echo 'Action not supported.'; } } } elseif (isset($_GET["deletemailbox"])) { if (!filter_var($_GET["deletemailbox"], FILTER_VALIDATE_EMAIL)) { header("Location: do.php?event=" . base64_encode("Your provided mailbox name is invalid")); die("Your provided alias name is invalid"); } else { $deletemailbox = mysqli_real_escape_string($link, $_GET["deletemailbox"]); if (mysqli_result(mysqli_query($link, "SELECT address, domain FROM alias WHERE address='{$deletemailbox}' AND (domain IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'='{$logged_in_role}')"))) { echo '<div class="alert alert-warning" role="alert"><strong>Warning:</strong> You are about to delete a mailbox!</div>'; echo "<p>The mailbox user <strong>{$deletemailbox}</strong> + its address books and calendars will be deleted.</p>"; echo "<p>The user will also be removed from the alias addresses listed below (if any).</p>"; echo "<ul>"; $result = mysqli_query($link, "SELECT address FROM alias WHERE goto='{$deletemailbox}' and address!='{$deletemailbox}'"); while ($row = mysqli_fetch_array($result)) { echo "<li>", $row['address'], "</li>"; } echo "</ul>"; ?> <form class="form-horizontal" role="form" method="post"> <input type="hidden" name="mailboxaction" value="deletemailbox"> <input type="hidden" name="username" value="<?php echo $deletemailbox; ?>
function mailbox_delete_mailbox($link, $postarray) { $username = mysqli_real_escape_string($link, $_POST['username']); global $logged_in_role; global $logged_in_as; if (!mysqli_result(mysqli_query($link, "SELECT domain FROM mailbox WHERE username='******' AND (domain NOT IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'!='{$logged_in_role}')"))) { header("Location: do.php?event=" . base64_encode("Permission denied")); die("Permission denied"); } if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { header("Location: do.php?event=" . base64_encode("Mail address invalid")); die("Mail address invalid"); } $delete_user = "******"; $delete_user .= "UPDATE alias SET goto=REPLACE(goto, ',{$username},', ',');"; $delete_user .= "UPDATE alias SET goto=REPLACE(goto, ',{$username}', '');"; $delete_user .= "UPDATE alias SET goto=REPLACE(goto, '{$username},', '');"; $delete_user .= "DELETE FROM quota2 WHERE username='******';"; $delete_user .= "DELETE FROM calendarobjects WHERE calendarid IN (SELECT id from calendars where principaluri='principals/{$username}');"; $delete_user .= "DELETE FROM cards WHERE addressbookid IN (SELECT id from calendars where principaluri='principals/{$username}');"; $delete_user .= "DELETE FROM mailbox WHERE username='******';"; $delete_user .= "DELETE FROM users WHERE username='******';"; $delete_user .= "DELETE FROM principals WHERE uri='principals/{$username}';"; $delete_user .= "DELETE FROM principals WHERE uri='principals/{$username}/calendar-proxy-read';"; $delete_user .= "DELETE FROM principals WHERE uri='principals/{$username}/calendar-proxy-write';"; $delete_user .= "DELETE FROM addressbooks WHERE principaluri='principals/{$username}';"; $delete_user .= "DELETE FROM calendars WHERE principaluri='principals/{$username}';"; if (!mysqli_multi_query($link, $delete_user)) { header("Location: do.php?event=" . base64_encode("MySQL query failed")); die("MySQL query failed"); } while ($link->next_result()) { if (!$link->more_results()) { break; } } header('Location: do.php?return=success'); }
function registerUser($postLogin, $postPassword) { // $_POST['login'] // $_POST['password'] $link = getDBConnection(); $reason = ""; if (mysqli_select_db($link, getDBName())) { $err = array(); $login = strip_tags($postLogin); if ($login != $postLogin) { $err[] = "Логин содержит некорректные символы"; } $postLogin = mysqli_real_escape_string($link, $postLogin); if (strlen($postLogin) < 3 or strlen($postLogin > 30)) { $err[] = "Логин должен быть не меньше 3-х символов и не больше 30"; } $query = mysqli_query($link, "SELECT COUNT(id) FROM users WHERE login='******'"); if (@mysqli_result($query, 0) > 0) { $err[] = "Пользователь с таким логином уже существует в базе данных"; } if (count($err) == 0) { $password = md5(md5(trim($postPassword))); mysqli_query($link, "INSERT INTO users SET login='******', password='******'"); $reason = "Вы зарегистрированы в системе!"; } else { $reason = "<b>При регистрации произошли следующие ошибки:</b><br>"; foreach ($err as $error) { $reason = $reason . $error . "<br>"; } } } else { $reason = "Нет возможности подключиться к БД!"; } return $reason; }
function read_invitations() { global $TABLE_PREFIX, $admintpl, $language, $CURUSER, $STYLEPATH, $btit_settings; $scriptname = htmlspecialchars($_SERVER["PHP_SELF"] . "?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations"); $addparam = ""; $res = get_result("SELECT COUNT(*) as invites FROM {$TABLE_PREFIX}invitations", true); $count = $res[0]["invites"]; list($pagertop, $pagerbottom, $limit) = pager('15', $count, $scriptname . "&"); $admintpl->set("inv_pagertop", $pagertop); $admintpl->set("inv_pagerbottom", $pagerbottom); $results = get_result("SELECT * FROM {$TABLE_PREFIX}invitations ORDER BY id DESC {$limit}", true); $invitees = array(); $i = 0; foreach ($results as $id => $data) { $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = " . $data["inviter"], true); if (mysqli_num_rows($res) > 0) { $inviter_name = mysqli_result($res, 0, 0); } else { $inviter_name = 'Unknown'; } $invitees[$i]["inviter"] = "<a href=\"index.php?page=userdetails&user="******"inviter"] . "\">" . $inviter_name . "</a>"; $invitees[$i]["invitee"] = unesc($data["invitee"]); $invitees[$i]["hash"] = unesc($data["hash"]); $invitees[$i]["time_invited"] = $data["time_invited"]; $invitees[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations&action=delete&id=" . $data["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; $i++; } $admintpl->set("invitees", $invitees); $admintpl->set("language", $language); }