function getResult($query)
{
return mysqli_result($this->conn, $query);
}
function user_id_from_username($username)
{
global $db;
$username = sanitize($username);
$query2 = mysqli_query($db, "SELECT (`id`) FROM `users` WHERE `username` = '{$username}'");
return mysqli_result($query2, 0, 'id');
}
function book_exists($bookname)
{
global $db;
$bookname = sanitize($bookname);
$query = mysqli_query($db, "SELECT COUNT(`title`) FROM `books` WHERE `title` = '{$bookname}'");
return mysqli_result($query, 0) == 1 ? true : false;
}
function plogger_stats_count_total_comments()
{
$query = "SELECT COUNT(*) AS `n` FROM `" . PLOGGER_TABLE_PREFIX . "comments` WHERE approved = 1";
$result = run_query($query);
$num_comments = mysqli_result($result, 0, 'n');
echo $num_comments . ' ';
echo $num_comments == 1 ? plog_tr('comment') : plog_tr('comments');
}
function user_count()
{
// pentru a arata cati utilizatori inregistrati avem pe site
include 'core/db/db_connection.php';
$sql = "SELECT COUNT(user_id) FROM `_users` WHERE active = 1";
$data = mysqli_query($dbCon, $sql);
return mysqli_result($data, 0);
}
function product_picture($product_id)
{
$connect = Database();
$picture_result = mysqli_result(mysqli_query($connect, "SELECT picture_type FROM product_pictures WHERE product_id='{$product_id}';"));
$picture_type = $picture_result['picture_type'];
$picture_url = "../@pages/images/products/" . $product_id . "_1." . $picture_type;
return $picture_url;
}
function getScoreByStrategy($roundId, $strategyId)
{
$link = getDBConnection();
if (mysqli_select_db($link, getDBName())) {
$roundId = intval($roundId);
$strategyId = intval($strategyId);
return mysqli_result(mysqli_query($link, "SELECT score FROM scores WHERE round = {$roundId} AND strategy = {$strategyId}"), 0);
}
}
function login($username, $password)
{
require 'core/database/connect.php';
//file that connects to database
$user_id = user_id_from_username($username);
$username = sanitize($username);
// $password = md5($password); ideally we want to encrypt the password when the user registers
return mysqli_result(mysqli_query($connect, "SELECT COUNT(`ID`) FROM `users` WHERE `UserName` = '{$username}' AND `Password` = '{$password}'"), 0) == 1 ? $user_id : false;
}
function tableExists($tablename, $database = false)
{
global $dbTmp;
if (!$database) {
$res = mysqli_query($dbTmp, "SELECT DATABASE()");
$database = mysqli_result($res, 0);
}
$res = mysqli_query($dbTmp, "SELECT COUNT(*) as count\n FROM information_schema.tables\n WHERE table_schema = '{$database}'\n AND table_name = '{$tablename}'");
return mysqli_result($res, 0) == 1;
}
function grr_sql_query1($sql)
{
$r = mysqli_query($GLOBALS['db_c'], $sql);
if (!$r) {
return -1;
}
if (mysqli_num_rows($r) != 1 || mysqli_field_count($GLOBALS['db_c']) != 1 || ($result_ = mysqli_result($r, 0, 0)) == "") {
$result_ = -1;
}
mysqli_free_result($r);
return $result_;
}
function login()
{
$db_host = 'localhost';
$db_username = '******';
$db_password = '';
$db_name = 'Attendance';
$con = mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
mysql_select_db($db_name);
$query = "SELECT * FROM users WHERE email = '" . $_POST['email'] . "' AND password = '******'password'] . "'; ";
mysqli_query($conn, $query);
if (mysqli_result()) {
header("Location: Attendace.php");
/* Redirect browser */
exit;
} else {
$credentials = false;
}
}
function read_styles()
{
global $TABLE_PREFIX, $language, $CURUSER, $admintpl, $STYLEPATH;
$sres = style_list();
for ($i = 0; $i < count($sres); $i++) {
$res = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}users WHERE style = " . $sres[$i]["id"], true);
$sres[$i]["style_users"] = mysqli_result($res, 0, 0);
$sres[$i]["style"] = unesc($sres[$i]["style"]);
$sres[$i]["style_url"] = unesc($sres[$i]["style_url"]);
$sres[$i]["style_type"] = $sres[$i]["style_type"] == 1 ? $language["CLA_STYLE"] : ($sres[$i]["style_type"] == 2 ? $language["ATM_STYLE"] : ($sres[$i]["style_type"] == 3 ? $language["PET_STYLE"] : $language["UNKNOWN"]));
$sres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=edit&id=" . $sres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>";
$sres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=delete&id=" . $sres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
}
$admintpl->set("style_add", false, true);
$admintpl->set("language", $language);
$admintpl->set("styles", $sres);
$admintpl->set("style_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=add\">" . $language["STYLE_ADD"] . "</a>");
unset($sres);
mysqli_free_result($res) || is_object($res) && get_class($res) == "mysqli_result" ? true : false;
}
$oldreload = $time - $reload;
$mysqli = getConnected("account");
$gesperrt = mysqli_query($mysqli, "SELECT id FROM cms_statistik_ips WHERE ip='{$ip}' AND time>'{$oldreload}' ORDER BY id DESC limit 1");
if (!$gesperrt) {
echo "3 Es ist ein Fehler aufgetreten, möglicherweise ist die Tabelle nicht angelegt.";
}
if (mysqli_num_rows($gesperrt) == 0) {
// new user
mysqli_query($mysqli, "INSERT INTO cms_statistik_ips (ip, time, online) values ('{$ip}', '{$time}', '{$time}')");
mysqli_query($mysqli, "UPDATE cms_statistik_day SET user=user+1, view=view+1 where day='{$day}'");
} else {
// user with IP in database
$gesperrtID = mysqli_result($gesperrt, 0, 0);
mysqli_query($mysqli, "UPDATE cms_statistik_ips SET online='{$time}' where id='{$gesperrtID}'");
mysqli_query($mysqli, "UPDATE cms_statistik_day SET view=view+1 where day='{$day}'");
}
mysqli_close($mysqli);
// new Referer
$mysqli = getConnected("account");
$ref = mysqli_query($mysqli, "SELECT id FROM cms_statistik_referer WHERE referer='{$referer}' AND month='{$month}'");
if (!$ref) {
echo "5 Es ist ein Fehler aufgetreten, möglicherweise ist die Tabelle nicht angelegt.";
}
if (mysqli_num_rows($ref) == 0) {
mysqli_query($mysqli, "INSERT INTO cms_statistik_referer (month, host, referer, view) values ('{$month}', '{$referer_host}', '{$referer}', '1')");
} else {
$refererid = mysqli_result($ref, 0, 0);
mysqli_query($mysqli, "UPDATE cms_statistik_referer SET view=view+1 where id='{$refererid}'");
}
mysqli_close($mysqli);
// #############################
public function result($query, $row)
{
$query = @mysqli_result($query, $row);
return $query;
}
function mailbox_delete_mailbox($link, $postarray)
{
$username = mysqli_real_escape_string($link, $postarray['username']);
global $logged_in_role;
global $logged_in_as;
if (!mysqli_result(mysqli_query($link, "SELECT domain FROM mailbox WHERE username='******' AND (domain NOT IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'!='" . $logged_in_role . "')"))) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'Permission denied');
return false;
}
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'Invalid mailbox');
return false;
}
$delete_user = "******" . $username . "';";
$delete_user .= "UPDATE alias SET goto=REPLACE(goto, '," . $username . ",', ',');";
$delete_user .= "UPDATE alias SET goto=REPLACE(goto, '," . $username . "', '');";
$delete_user .= "UPDATE alias SET goto=REPLACE(goto, '" . $username . ",', '');";
$delete_user .= "DELETE FROM quota2 WHERE username='******';";
$delete_user .= "DELETE FROM calendarobjects WHERE calendarid IN (SELECT id from calendars where principaluri='principals/" . $username . "');";
$delete_user .= "DELETE FROM cards WHERE addressbookid IN (SELECT id from calendars where principaluri='principals/" . $username . "');";
$delete_user .= "DELETE FROM mailbox WHERE username='******';";
$delete_user .= "DELETE FROM sender_acl WHERE logged_in_as='" . $username . "';";
$delete_user .= "DELETE FROM users WHERE username='******';";
$delete_user .= "DELETE FROM principals WHERE uri='principals/" . $username . "';";
$delete_user .= "DELETE FROM principals WHERE uri='principals/" . $username . "/calendar-proxy-read';";
$delete_user .= "DELETE FROM principals WHERE uri='principals/" . $username . "/calendar-proxy-write';";
$delete_user .= "DELETE FROM addressbooks WHERE principaluri='principals/" . $username . "';";
$delete_user .= "DELETE FROM calendars WHERE principaluri='principals/" . $username . "';";
if (!mysqli_multi_query($link, $delete_user)) {
$_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL Error: ' . mysqli_error($link));
return false;
}
while ($link->next_result()) {
if (!$link->more_results()) {
break;
}
}
$_SESSION['return'] = array('type' => 'success', 'msg' => 'Deleted mailbox ' . htmlspecialchars($username));
}
echo $row['aliases'];
?>
</td>
<td><?php
echo mysqli_result(mysqli_query($link, "SELECT count(*) FROM mailbox WHERE domain='{$row['domain']}'"));
?>
of <?php
echo $row['mailboxes'];
?>
</td>
<td><?php
echo $row['maxquota'];
?>
M</td>
<td><?php
echo mysqli_result(mysqli_query($link, "SELECT coalesce(round(sum(quota)/1048576), 0) FROM mailbox WHERE domain='{$row['domain']}'"));
?>
M of <?php
echo $row['quota'];
?>
M</td>
<td><?php
echo $row['active'];
?>
</td>
<td><a href="do.php?deletedomain=<?php
echo $row['domain'];
?>
">delete</a> |
<a href="do.php?editdomain=<?php
echo $row['domain'];
function ishappyHour($n)
{
global $TABLE_PREFIX;
$happyHour = mysqli_result(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT UNIX_TIMESTAMP(value_s) FROM {$TABLE_PREFIX}avps WHERE arg='happyhour'"), 0);
$happyDate = date("Y-m-d H:i", $happyHour);
$curDate = date("Y-m-d H:i");
$nextDate = date("Y-m-d H:i", $happyHour + 3600);
if ($n == "check") {
if ($happyDate < $curDate && $nextDate >= $curDate) {
return true;
}
}
if ($n == "time") {
$timeLeft = $happyHour + 3600 - time();
return NDF($timeLeft);
}
}
$modules[$i]["module_activated"] = $language["NO"] . " -> <a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=change_to_yes&id=" . unesc($row_modules["id"]) . "\">" . $language["ACTIVATE"] . "</a>";
}
// yes
$modules[$i]["module_date_changed"] = unesc($row_modules["changed"]);
// when last switched on or off
$modules[$i]["module_date_created"] = unesc($row_modules["created"]);
// the date created
$i++;
}
$admintpl->set("modules", $modules);
$active_modules = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}modules WHERE activated='yes'", true);
$admintpl->set("nr_active_modules", mysqli_result($active_modules, 0, 0));
$not_active_modules = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}modules WHERE activated='no'", true);
$admintpl->set("nr_not_active_modules", mysqli_result($not_active_modules, 0, 0));
$total_modules = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}modules", true);
$admintpl->set("nr_total_modules", mysqli_result($total_modules, 0, 0));
$admintpl->set("form_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=add");
break;
// end of case 'manage'
// end of case 'manage'
case 'change_to_yes':
$id = max(0, $_GET["id"]);
$admintpl->set("language", $language);
do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='yes', changed=NOW() WHERE id={$id}", true);
redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage");
die;
break;
case 'change_to_no':
$id = max(0, $_GET["id"]);
$admintpl->set("language", $language);
do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='no', changed=NOW() WHERE id={$id}", true);
$tztpl["tz_combo"] .= "value=\"" . $timezone["difference"] . "\">" . unesc($timezone["timezone"]) . "</option>";
$tztpl["tz_combo"] .= $option;
}
unset($tres);
$usercptpl->set("tz", $tztpl);
if ($FORUMLINK == "" || $FORUMLINK == "internal") {
$usercptpl->set("INTERNAL_FORUM", true, true);
$profiletpl["topicsperpage"] = $CURUSER["topicsperpage"];
$profiletpl["postsperpage"] = $CURUSER["postsperpage"];
}
$profiletpl["torrentsperpage"] = $CURUSER["torrentsperpage"];
$profiletpl["commentpm"] = $CURUSER["commentpm"] == "true" ? "checked=\"checked\"" : "";
$profiletpl["frm_cancel"] = "index.php?page=usercp&uid=" . $uid . "";
$uid = $CURUSER['uid'];
$r = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT parked from {$TABLE_PREFIX}users where id = {$uid}");
$p = mysqli_result($r, 0, "parked");
if ($p != 0) {
$profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"0\" />\n " . $language["NO"] . "";
$profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"1\" checked=\"checked\" />\n " . $language["YES"] . "";
} else {
$profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"0\" checked=\"checked\" />\n " . $language["NO"] . "";
$profiletpl["parked"] .= "<input name=\"park\" id=\"park\" type=\"radio\" value=\"1\" />\n " . $language["YES"] . "";
$profiletpl["parked"] .= $option;
}
// Userbar
$res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}userbars", true);
while ($row = mysqli_fetch_array($res)) {
$bars[$row['id']] = array('desc' => $row['description'], 'img' => $row['img']);
}
$js_userbar = '';
foreach ($bars as $value => $key) {
//mysql_connect("$host", "$username", "$password")or die("cannot connect");
//mysql_select_db("$db_name")or die("cannot select DB");
session_start();
if (!isset($_SESSION['username']) || trim($_SESSION['username']) == '') {
header("location:index.php");
} else {
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
$usertype = $_SESSION['usertype'];
}
?>
<?php
if (isset($_POST['BtnSubmit'])) {
$result1 = mysqli_query($con, "select IFNULL(max(s_id),0)+1 m from sugestie");
$f_id = mysqli_result($result1, 0, "m");
$t_subject = $_POST['TxtSubject'];
$t_feedback = $_POST['TxtSugestii'];
$sql = "insert into sugestie values({$f_id},sysdate(),'{$t_subject}','{$t_feedback}',{$userid})";
$result = mysqli_query($con, $sql) or die(mysql_error());
header("location:sugestie_trimisa.php");
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Aplicatie online pentru testarea cunostintelor</title>
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
////////////////////////////////////////////////////////////////////////////////////
require_once "include/functions.php";
require_once "include/config.php";
dbconn();
if ($CURUSER["uid"] > 1) {
$uid = $CURUSER['uid'];
$org = $CURUSER['username'];
$r = do_sqlquery("SELECT * from {$TABLE_PREFIX}users where id={$uid}");
$c = mysqli_result($r, 0, "seedbonus");
if ($c >= $GLOBALS["price_name"]) {
if (isset($_POST["name"])) {
$custom = mysqli_real_escape_string($DBDT, $_POST["name"]);
} else {
$custom = "";
}
if ("{$custom}" == "") {
} else {
$res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE username='******'", true);
if (mysqli_num_rows($res) > 0) {
} else {
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET username='******' WHERE id={$CURUSER['uid']}");
if ($FORUMLINK == "smf") {
do_sqlquery("UPDATE {db_prefix}members SET memberName='" . htmlspecialchars($custom) . "' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]);
}
<thead>
<tr>
<th>Domain</th>
<th>Aliases</th>
<th>Mailboxes</th>
<th>Max. quota per mailbox</th>
<th>Domain Quota</th>
<th>Active</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php
$result = mysqli_query($link, "SELECT domain, aliases, mailboxes, maxquota, quota, CASE active WHEN 1 THEN 'Yes' ELSE 'No' END AS active FROM \ndomain WHERE \ndomain IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'='{$logged_in_role}'");
while ($row = mysqli_fetch_array($result)) {
echo "<tr><td>", $row['domain'], "</td><td>", mysqli_result(mysqli_query($link, "SELECT count(*) FROM alias WHERE domain='{$row['domain']}' and address NOT IN (SELECT username FROM mailbox)")), " of ", $row['aliases'], "</td><td>", mysqli_result(mysqli_query($link, "SELECT count(*) FROM mailbox WHERE domain='{$row['domain']}'")), " of ", $row['mailboxes'], "</td><td>", $row['maxquota'], "M", "</td><td>", mysqli_result(mysqli_query($link, "SELECT coalesce(round(sum(quota)/1048576), 0) FROM mailbox WHERE domain='{$row['domain']}'")), "M of ", $row['quota'], "M", "</td><td>", $row['active'], "</td><td><a href=\"do.php?deletedomain=", $row['domain'], "\">delete</a> | <a href=\"do.php?editdomain=", $row['domain'], "\">edit</a>", "</td></tr>";
}
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-14">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Domain Aliases</h3>
<div class="pull-right">
<span class="clickable filter" data-toggle="tooltip" title="Toggle table filter" data-container="body">
mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli));
$postavshik_id = mysqli_insert_id($mysqli);
} else {
$postavshik_id = "NULL";
}
// Получаем номер и год для документов
$query = "SELECT IFNULL(year, 0) year, IFNULL(count, 0) count FROM PrintForms WHERE PF_ID = {$id}";
$res = mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli));
if (mysqli_result($res, 0, 'year') and mysqli_result($res, 0, 'count')) {
$year = mysqli_result($res, 0, 'year');
$count = mysqli_result($res, 0, 'count');
} else {
$year = date('Y');
$query = "SELECT COUNT(1)+1 Cnt FROM PrintForms WHERE year = {$year}";
$res = mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli));
$count = mysqli_result($res, 0, 'Cnt');
}
// Обновляем в таблице PrintForms ID контрагентов, номер с годом и сумму
$query = "UPDATE PrintForms SET\n\t\t\t\t summa = {$summa}\n\t\t\t\t,platelshik_id = {$platelshik_id}\n\t\t\t\t,gruzopoluchatel = {$_POST["gruzopoluchatel"]}\n\t\t\t\t,gruzopoluchatel_id = {$gruzopoluchatel_id}\n\t\t\t\t,postavshik = {$_POST["postavshik"]}\n\t\t\t\t,postavshik_id = {$postavshik_id}\n\t\t\t\t,year = {$year}\n\t\t\t\t,count = {$count}\n\t\t\t WHERE PF_ID = {$id}";
mysqli_query($mysqli, $query) or die("Invalid query: " . mysqli_error($mysqli));
$_POST["nomer"] = str_pad($count, 8, '0', STR_PAD_LEFT);
// Дописываем нули к номеру накладной
// Удаляем старые файлы
$expire_time = 63072000;
// Время через которое файл считается устаревшим (в сек.)
$dir = $_SERVER['DOCUMENT_ROOT'] . "/print_forms/";
// проверяем, что $dir - каталог
if (is_dir($dir)) {
// открываем каталог
if ($dh = opendir($dir)) {
// читаем и выводим все элементы
$j = '';
for ($i = 0; $i < $count; $i++) {
$j = $i + 1;
echo "<tr>";
echo "<td width='60' align ='center' valign ='top'>" . mysqli_result($result, $i, "u_data_creare") . "</td>";
echo "<td width='40' align ='left' valign ='top'>" . mysqli_result($result, $i, "u_nume") . "</td>";
echo "<td width='30' align ='left' valign ='top'>" . mysqli_result($result, $i, "u_tip") . "</td>";
if (mysqli_result($result, $i, "u_data_activare") == '') {
if (mysqli_result($result, $i, "u_tip") == 'Student') {
$link_text = "<a href='activeaza_utilizator_student.php?mode=A&id=" . mysqli_result($result, $i, "u_id") . "'>Activeaza</a>";
} else {
$link_text = "--";
}
} else {
if (mysqli_result($result, $i, "u_tip") == 'Student') {
$link_text = "<a href='activeaza_utilizator_student.php?mode=D&id=" . mysqli_result($result, $i, "u_id") . "'>Dezactiveaza</a>";
} else {
$link_text = "--";
}
}
echo "<td width='98' align ='left' valign ='top'>" . $link_text . "</td>";
echo "</tr>";
}
} else {
echo "<td width='51' align ='center' valign ='top'> </td>";
echo "<td width='205' align ='left' valign ='top'> </td>";
echo "<td width='98' align ='left' valign ='top'> </td>";
}
?>
</table>
<p> </td>
function result($query, $row)
{
return mysqli_result($query, $row);
}
$_GET['id'] = 0 + $_GET['id'];
}
if ($_GET['do'] == 'deny' and is_valid_id($_GET['id']) and $CURUSER["edit_users"] == "yes") {
do_sqlquery('UPDATE ' . $TABLE_PREFIX . 'shoutcastdj SET active = \'2\' WHERE id = \'' . (0 + $_GET['id']) . '\'', true);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
$Query = do_sqlquery('SELECT uid FROM ' . $TABLE_PREFIX . 'shoutcastdj WHERE id = \'' . (0 + $_GET['id']) . '\'', true);
send_pm(0, mysqli_result($Query, 0, 'uid'), sqlesc($language['subject']), sqlesc($language['dmsg']));
}
$_GET['do'] = 'list';
$_GET['id'] = 0 + $_GET['id'];
}
if ($_GET['do'] == 'kick' and is_valid_id($_GET['id']) and $CURUSER["edit_users"] == "yes") {
do_sqlquery('UPDATE ' . $TABLE_PREFIX . 'shoutcastdj SET active = \'3\' WHERE id = \'' . (0 + $_GET['id']) . '\'', true);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
$Query = do_sqlquery('SELECT uid FROM ' . $TABLE_PREFIX . 'shoutcastdj WHERE id = \'' . (0 + $_GET['id']) . '\'', true);
send_pm(0, mysqli_result($Query, 0, 'uid'), sqlesc($language['subject2']), sqlesc($language['kmsg']));
}
$_GET['do'] = 'list';
$_GET['id'] = 0 + $_GET['id'];
}
if ($_GET['do'] == 'request') {
$query = do_sqlquery('SELECT uid FROM ' . $TABLE_PREFIX . 'shoutcastdj WHERE uid = \'' . $CURUSER['uid'] . '\'', true);
if (0 < mysqli_num_rows($query)) {
stderr($language['ERROR'], $language['already']);
}
$Query = do_sqlquery('SELECT t.*, u.username, g.prefixcolor, g.suffixcolor FROM ' . $TABLE_PREFIX . 'shoutcastdj t LEFT JOIN ' . $TABLE_PREFIX . 'users u ON t.uid=u.id LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id WHERE t.active=1', true);
if (mysqli_num_rows($Query)) {
$reqform = '<br />
<table width="100%" align="center" border="0" cellpadding="3" cellspacing="0">
<tr>
<td colspan="5" class="header"><center>' . $language['djlist'] . '</center></td>
<button type="submit" class="btn btn-default btn-sm">Delete</button>
</div>
</div>
</form>
<?php
} else {
echo 'Action not supported.';
}
}
} elseif (isset($_GET["deletemailbox"])) {
if (!filter_var($_GET["deletemailbox"], FILTER_VALIDATE_EMAIL)) {
header("Location: do.php?event=" . base64_encode("Your provided mailbox name is invalid"));
die("Your provided alias name is invalid");
} else {
$deletemailbox = mysqli_real_escape_string($link, $_GET["deletemailbox"]);
if (mysqli_result(mysqli_query($link, "SELECT address, domain FROM alias WHERE address='{$deletemailbox}' AND (domain IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'='{$logged_in_role}')"))) {
echo '<div class="alert alert-warning" role="alert"><strong>Warning:</strong> You are about to delete a mailbox!</div>';
echo "<p>The mailbox user <strong>{$deletemailbox}</strong> + its address books and calendars will be deleted.</p>";
echo "<p>The user will also be removed from the alias addresses listed below (if any).</p>";
echo "<ul>";
$result = mysqli_query($link, "SELECT address FROM alias WHERE goto='{$deletemailbox}' and address!='{$deletemailbox}'");
while ($row = mysqli_fetch_array($result)) {
echo "<li>", $row['address'], "</li>";
}
echo "</ul>";
?>
<form class="form-horizontal" role="form" method="post">
<input type="hidden" name="mailboxaction" value="deletemailbox">
<input type="hidden" name="username" value="<?php
echo $deletemailbox;
?>
function mailbox_delete_mailbox($link, $postarray)
{
$username = mysqli_real_escape_string($link, $_POST['username']);
global $logged_in_role;
global $logged_in_as;
if (!mysqli_result(mysqli_query($link, "SELECT domain FROM mailbox WHERE username='******' AND (domain NOT IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'!='{$logged_in_role}')"))) {
header("Location: do.php?event=" . base64_encode("Permission denied"));
die("Permission denied");
}
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
header("Location: do.php?event=" . base64_encode("Mail address invalid"));
die("Mail address invalid");
}
$delete_user = "******";
$delete_user .= "UPDATE alias SET goto=REPLACE(goto, ',{$username},', ',');";
$delete_user .= "UPDATE alias SET goto=REPLACE(goto, ',{$username}', '');";
$delete_user .= "UPDATE alias SET goto=REPLACE(goto, '{$username},', '');";
$delete_user .= "DELETE FROM quota2 WHERE username='******';";
$delete_user .= "DELETE FROM calendarobjects WHERE calendarid IN (SELECT id from calendars where principaluri='principals/{$username}');";
$delete_user .= "DELETE FROM cards WHERE addressbookid IN (SELECT id from calendars where principaluri='principals/{$username}');";
$delete_user .= "DELETE FROM mailbox WHERE username='******';";
$delete_user .= "DELETE FROM users WHERE username='******';";
$delete_user .= "DELETE FROM principals WHERE uri='principals/{$username}';";
$delete_user .= "DELETE FROM principals WHERE uri='principals/{$username}/calendar-proxy-read';";
$delete_user .= "DELETE FROM principals WHERE uri='principals/{$username}/calendar-proxy-write';";
$delete_user .= "DELETE FROM addressbooks WHERE principaluri='principals/{$username}';";
$delete_user .= "DELETE FROM calendars WHERE principaluri='principals/{$username}';";
if (!mysqli_multi_query($link, $delete_user)) {
header("Location: do.php?event=" . base64_encode("MySQL query failed"));
die("MySQL query failed");
}
while ($link->next_result()) {
if (!$link->more_results()) {
break;
}
}
header('Location: do.php?return=success');
}
function registerUser($postLogin, $postPassword)
{
// $_POST['login']
// $_POST['password']
$link = getDBConnection();
$reason = "";
if (mysqli_select_db($link, getDBName())) {
$err = array();
$login = strip_tags($postLogin);
if ($login != $postLogin) {
$err[] = "Логин содержит некорректные символы";
}
$postLogin = mysqli_real_escape_string($link, $postLogin);
if (strlen($postLogin) < 3 or strlen($postLogin > 30)) {
$err[] = "Логин должен быть не меньше 3-х символов и не больше 30";
}
$query = mysqli_query($link, "SELECT COUNT(id) FROM users WHERE login='******'");
if (@mysqli_result($query, 0) > 0) {
$err[] = "Пользователь с таким логином уже существует в базе данных";
}
if (count($err) == 0) {
$password = md5(md5(trim($postPassword)));
mysqli_query($link, "INSERT INTO users SET login='******', password='******'");
$reason = "Вы зарегистрированы в системе!";
} else {
$reason = "<b>При регистрации произошли следующие ошибки:</b><br>";
foreach ($err as $error) {
$reason = $reason . $error . "<br>";
}
}
} else {
$reason = "Нет возможности подключиться к БД!";
}
return $reason;
}
function read_invitations()
{
global $TABLE_PREFIX, $admintpl, $language, $CURUSER, $STYLEPATH, $btit_settings;
$scriptname = htmlspecialchars($_SERVER["PHP_SELF"] . "?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations");
$addparam = "";
$res = get_result("SELECT COUNT(*) as invites FROM {$TABLE_PREFIX}invitations", true);
$count = $res[0]["invites"];
list($pagertop, $pagerbottom, $limit) = pager('15', $count, $scriptname . "&");
$admintpl->set("inv_pagertop", $pagertop);
$admintpl->set("inv_pagerbottom", $pagerbottom);
$results = get_result("SELECT * FROM {$TABLE_PREFIX}invitations ORDER BY id DESC {$limit}", true);
$invitees = array();
$i = 0;
foreach ($results as $id => $data) {
$res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = " . $data["inviter"], true);
if (mysqli_num_rows($res) > 0) {
$inviter_name = mysqli_result($res, 0, 0);
} else {
$inviter_name = 'Unknown';
}
$invitees[$i]["inviter"] = "<a href=\"index.php?page=userdetails&user="******"inviter"] . "\">" . $inviter_name . "</a>";
$invitees[$i]["invitee"] = unesc($data["invitee"]);
$invitees[$i]["hash"] = unesc($data["hash"]);
$invitees[$i]["time_invited"] = $data["time_invited"];
$invitees[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations&action=delete&id=" . $data["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
$i++;
}
$admintpl->set("invitees", $invitees);
$admintpl->set("language", $language);
}
