if ($session_status == 'on') { if (isset($_POST['draft'], $_POST['id'], $_POST['bin_mod']) && intval($_POST['draft']) == 0) { $id = $_POST['id']; $bin_mod = $_POST['bin_mod']; $sql = 'UPDATE ' . $info_table . " SET `draft` = '0', `bin_mod` = '" . $bin_mod . "' WHERE `id` = '" . $id . "'"; $res = mysql_query($sql) or die("<h2>MySQL error</h2> " . mysql_errno() . " : " . mysql_error()); if ($res) { $contents = '<div class="section">' . "\n" . '<h2 class="archive-title">' . $lang['file_published'] . "</h2>\n" . "</div>\n"; } // Next, pull out the data and display the preview. $sql = 'SELECT ' . "`id`, `bin_title`, `bintype`, `binname`, `binsize`, `bindate`, " . "DATE_FORMAT(`bin_mod`, '%Y-%m-%d %T') as `bin_mod`, `bin_category`, `bincomment`, `bin_count`, `draft`" . ' FROM ' . $info_table . " WHERE `id` = '{$id}'"; $res = mysql_query($sql); $row = mysql_fetch_array($res); // Generate XHTML $row = convert_to_utf8($row); format_date($row_name = 'bindate'); $title_date = $formatted_date; $contents .= '<div class="section">' . "\n" . '<h2 class="date-title">' . $title_date . "</h2>\n"; $contents .= display_binary_box($row); $contents .= file_uploaded(); $contents .= "</div><!-- End .section -->\n"; xhtml_output(''); } else { // if user auth failed... header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'index.php'); exit; } } else { header('Location: ' . $http . '://' . $_SERVER['HTTP_HOST'] . $cfg['root_path'] . 'index.php'); exit; }
// Deny comment with same content $check_sql = 'SELECT COUNT(id) as num FROM ' . $forum_table . " WHERE comment = '{$comment}'"; $check_res = mysql_query($check_sql); $check_row = mysql_fetch_array($check_res); if ($check_row['num'] > 1) { header('Location: ' . $cd . '/forum/index.php'); exit; } // Matching a valid User password if (!preg_match('/^[0-9a-zA-Z]{4,16}$/i', $_POST['user_pass'])) { $contents = '<h2>' . $lang['invalid_pass'] . '</h2>' . '<p class="warning">' . $lang['invalid_pass_msg'] . '</p>'; xhtml_output('forum'); exit; } elseif ($_POST[$comment_field_name] == '') { $contents = "<h2>Ooops.</h2>\n" . '<p class="warning">' . $lang['no_comment'] . "</p>\n"; xhtml_output('forum'); exit; } else { // Get remote host info if (!isset($_SERVER['REMOTE_HOST'])) { $re_host = $_SERVER['REMOTE_ADDR']; } else { $re_host = $_SERVER['REMOTE_HOST']; } if (isset($_POST['user_uri'])) { $user_uri = $_POST['user_uri']; } // Check the max value of thread ID in database, and then // plus "1" to the ID of the new thread. $get_id_sql = "SELECT MAX(`tid`) FROM `{$forum_table}`"; $max_id_res = mysql_query($get_id_sql);
</div> <div class="section"> <h2 class="date-title">{$title_date}</h2> EOD; do { // $tmp_date = substr($row['bindate'], 0, 10); format_date($row_name = 'bindate'); $tmp_date = $formatted_date; if ($title_date != $tmp_date) { $title_date = $tmp_date; $contents .= '</div><!-- End .section -->' . "\n\n" . '<div class="section">' . "\n" . '<h2 class="date-title">' . $title_date . "</h2>\n"; } $row = convert_to_utf8($row); $contents .= display_binary_box($row); } while ($row = mysql_fetch_array($res)); $contents .= "</div><!-- End .section -->\n\n"; $contents .= display_prev_logs_navi('files/search'); } else { $contents = "\n" . '<div class="section">' . "\n" . '<h2>' . $lang['recent'] . '<strong>' . $rows . '</strong>' . $lang['files'] . "</h2>\n"; while ($row = mysql_fetch_array($res)) { $row = convert_to_utf8($row); $contents .= display_binary_box($row); } $contents .= "</div><!-- End .section -->\n\n"; $contents .= display_prev_logs_navi('files/search'); } } else { $contents = "\n" . '<div class="section">' . "\n" . '<h2>Welcome to ' . $cfg['blog_title'] . " !</h2>\n" . '<p>' . $lang['no_files'] . "</p>\n" . "</div>\n"; } xhtml_output('file');
<div class="section"> <h3>Oops!</h3> <p class="warning">{$lang['choose_table']}</p> </div> </div> EOD; session_control(); against_xss(); if ($session_status == 'on') { if (isset($_REQUEST['tables'])) { $date = date($date_fname_format); header('Content-type: application/x-download'); //header('Content-type: application/octet-stream'); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); if (preg_match('@MSIE ([0-9].[0-9]{1,2})@', $_SERVER['HTTP_USER_AGENT'])) { header('Content-Disposition: inline; filename="' . $dbname . '-' . $date . '.sql.gz'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Content-Disposition: attachment; filename=' . $dbname . '-' . $date . '.sql.gz'); header('Pragma: no-cache'); } dbDump($_REQUEST['tables']); die; } else { $contents = $error_div; xhtml_output($contents); } } else { die('<h1>Oops!</h1>'); }
$section_content .= display_article_box($row); } while ($row = mysql_fetch_array($res)); //------------- WITHOUT-DATE-TITLE MODE -------------- } else { $section_content = ''; while ($row = mysql_fetch_array($res)) { $row = convert_to_utf8($row); $section_content .= display_article_box($row); } } } else { $flip_link = ''; $section_content = '<h2>' . $lang['no_matches'] . "</h2>"; } } else { $flip_link = ''; $section_content = '<h2>' . $lang['no_matches'] . "</h2>"; } } else { $hit_result = ''; $flip_link = ''; $section_content = '<h2>' . $lang['category'] . "</h2>\n" . '<p>' . $lang['status_idle'] . "</p>\n"; } $contents = <<<EOD {$hit_result} <div class="section"> {$flip_link}{$section_content}{$flip_link} </div> EOD; xhtml_output('log');