switch ($key) { case "u_edit": // Change user parameters if ($auth->auth["uid"] == $u_id) { // user changes his own account $password = trim($password); $cpassword = trim($cpassword); $realname = trim($realname); $email_usr = trim($email_usr); if (strcmp($password, $cpassword)) { // password are identical? $be->box_full($t->translate("Error"), $t->translate("The passwords are not identical") . ". " . $t->translate("Please try again") . "!"); break; } $query = "UPDATE auth_user SET password='******', realname='{$realname}', email_usr='******', modification_usr=NOW() WHERE user_id='{$u_id}'"; $db->query($query); if ($db->affected_rows() == 0) { $be->box_full($t->translate("Error"), $t->translate("Change User Parameters failed") . ":<br>{$query}"); break; } $bi->box_full($t->translate("Change User Parameters"), $t->translate("Password and/or E-Mail Address of") . " <b>" . $auth->auth["uname"] . "</b> " . $t->translate("is changed") . "."); if ($ml_notify) { $message = "Username: "******"uname"] . "\n"; $message .= "Realname: {$realname}\n"; $message .= "E-Mail: {$email_usr}\n"; mailuser("admin", "User parameters has changed", $message); } } else { $be->box_full($t->translate("Error"), $t->translate("Access denied")); } break;
require "./include/config.inc"; require "./include/lib.inc"; echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"; echo "<!DOCTYPE rss PUBLIC \"-//Netscape Communications//DTD RSS 0.91//EN\"\n"; echo " \"http://my.netscape.com/publish/formats/rss-0.91.dtd\">\n"; echo "<rss version=\"0.91\">\n"; echo " <channel>\n"; echo " <title>" . htmlspecialchars($sys_name) . "</title>\n"; echo " <link>http:" . $sys_url . "</link>\n"; echo " <description>" . htmlspecialchars($sys_name . " - " . $sys_title) . "</description>\n"; echo " <language>en-us</language>\n"; echo " <image>\n"; echo " <title>" . htmlspecialchars($sys_name) . "</title>\n"; echo " <url>" . $sys_url . $sys_logo_image . "</url>\n"; echo " <link>http:" . $sys_url . "</link>\n"; echo " <description>" . htmlspecialchars($sys_name . " - " . $sys_title) . "</description>\n"; echo " <width>66</width>\n"; echo " <height>73</height>\n"; echo " </image>\n"; $db = new DB_SourceLines(); $db->query("SELECT * FROM tblsolutions,auth_user WHERE tblsolutions.username = auth_user.username AND tblsolutions.solutions_name != 'no_name' ORDER BY tblsolutions.solutions_modify_date DESC limit 10"); $i = 0; while ($db->next_record()) { echo " <item>\n"; echo " <title>" . htmlspecialchars($db->f("solutions_name")) . "</title>\n"; echo " <link>http:" . $sys_url . "solutions.php?solu_id=" . $db->f("solutions_id") . "</link>\n"; echo " </item>\n"; $i++; } echo " </channel>\n"; echo "</rss>\n";
if (empty($conby)) { $conby = "Unknown"; } $bx->box_title($t->translate("Contact") . ": " . $conby); $bx->box_body_begin(); ?> <table border=0 align=center cellspacing=1 cellpadding=1 width=100%> <?php echo "<tr><td><b>" . $t->translate("No") . ".</b></td><td><b># " . $t->translate("Sols") . "</b></td><td><b>" . $t->translate("Name") . "</b></td><td><b>" . $t->translate("E-Mail") . "</b></td><td><b>" . $t->translate("Homepage") . "</b></td></tr>\n"; $i = 1; while ($db->next_record()) { $solutions_contact_name = addslashes($db->f("solutions_contact_name")); $solutions_contact_email = $db->f("solutions_contact_email"); $solutions_contact_url = $db->f("solutions_contact_url"); $db2 = new DB_SourceLines(); $db2->query("SELECT COUNT(*) FROM tblsolutions WHERE solutions_contact_name='{$solutions_contact_name}' AND solutions_contact_email='{$solutions_contact_email}' AND solutions_contact_url='{$solutions_contact_url}'"); $db2->next_record(); if ($db2->f("COUNT(*)")) { $num = "[" . sprintf("%03d", $db2->f("COUNT(*)")) . "]"; echo "<tr><td>" . sprintf("%d", $i) . "</td>\n"; if (empty($solutions_contact_name)) { echo "<td><a href=\"" . $sess->url("bycontact.php") . $sess->add_query(array("solutions_contact_name" => "", "solutions_contact_email" => "{$solutions_contact_email}", "solutions_contact_url" => "{$solutions_contact_url}")) . "\">{$num}</a></td>\n"; echo "<td>" . $t->translate("Unknown") . "</td>\n"; } else { echo "<td><a href=\"" . $sess->url("bycontact.php") . $sess->add_query(array("solutions_contact_name" => $db->f("solutions_contact_name"), "solutions_contact_email" => "{$solutions_contact_email}", "solutions_contact_url" => "{$solutions_contact_url}")) . "\">{$num}</a></td>\n"; echo "<td>" . $db->f("solutions_contact_name") . "</td>\n"; } if (!empty($solutions_contact_email)) { echo "<td><<a href=\"mailto:" . mailtoencode($solutions_contact_email) . "\">" . ereg_replace("\\.", " dot ", ereg_replace("@", " at ", htmlentities($solutions_contact_email))) . "</a>></td>\n"; } else { echo "<td> </td>\n";
$cpassword = trim($cpassword); $realname = trim($realname); $email_usr = trim($email_usr); if (empty($username) || empty($password) || empty($cpassword) || empty($email_usr)) { // Do we have all necessary data? $be->box_full($t->translate("Error"), $t->translate("Please enter") . " <b>" . $t->translate("Username") . "</b>, <b>" . $t->translate("Password") . "</b> " . $t->translate("and") . " <b>" . $t->translate("E-Mail") . "</b>!"); break; } if (strcmp($password, $cpassword)) { // password are identical? $be->box_full($t->translate("Error"), $t->translate("The passwords are not identical") . ". " . $t->translate("Please try again") . "!"); break; } /* Does the user already exist? NOTE: This should be a transaction, but it isn't... */ $db->query("select * from auth_user where username='******'"); if ($db->nf() > 0) { $be->box_full($t->translate("Error"), $t->translate("User") . " <B>{$username}</B> " . $t->translate("already exists") . "!<br>" . $t->translate("Please select a different Username") . "."); break; } // Create a uid and insert the user... $u_id = md5(uniqid($hash_secret)); $modification_usr = "******"; $creation_usr = "******"; $permlist = "user_pending"; $query = "insert into auth_user values('{$u_id}','{$username}','{$password}','{$realname}','{$email_usr}',{$modification_usr},{$creation_usr},'{$permlist}')"; $db->query($query); if ($db->affected_rows() == 0) { $be->box_full($t->translate("Error"), $t->translate("Registration of new User failed") . ":<br> {$query}"); break; }
$tbw->table_body_column_end(); $tbw->table_row_end(); echo "</form>"; /*----------*/ $tbw->table_end(); /*-----------------------------------------------------------------------*/ $bx->box_body_end(); $bx->box_end(); } else { if ($action == "delete") { // DELETE $id = rawurldecode($id); $solu_id = rawurldecode($solu_id); $db_del = new DB_SourceLines(); $query = "SELECT * FROM tblkeyword WHERE keyword_id = '{$id}' AND solutions_id = '{$solu_id}'"; $db_del->query($query); $db_del->next_record(); /*-----------------------------------------------------------------------*/ $bx->box_begin(); $bx->box_title($t->translate("Delete keyword")); $bx->box_body_begin(); /*-----------------------------------------------------------------------*/ echo "<form action='" . $sess->url(basename($PHP_SELF)) . "' method='POST'>"; $tbw->table_begin(); // keyword $tbw->table_row_begin(); $tbw->table_body_column_begin(); echo "<b>" . $t->translate("Keyword") . ":</b>"; $tbw->table_body_column_next(2); echo $db_del->f("keyword_text"); $tbw->table_body_column_end();
<!-- content --> <?php if ($perm->have_perm("user_pending")) { $be->box_full($t->translate("Error"), $t->translate("Access denied")); } else { if (isset($id)) { $query = "SELECT * FROM tblsolutions WHERE solutions_id='{$id}'"; $db->query($query); $db->next_record(); // If solution in table ask for comment $db_status = $db->f("status"); if ($db->num_rows() > 0) { if ($action == "cmt") { $query = "INSERT tblcomment SET solutions_id='{$id}',comment_subject='{$subject}',comment_text='{$text}',comment_username='******',comment_datetime='" . date("Y-m-d H:i:s") . "'"; $db_cmt = new DB_SourceLines(); $db_cmt->query($query); solfull($db); } else { $bx->box_begin(); $bx->box_title($t->translate("Your Comment about") . " \"" . $db->f("solutions_name") . "\""); $bx->box_body_begin(); echo "<form action=\"" . $sess->url(basename($PHP_SELF)) . "\" method=\"POST\">\n"; echo "<table border=0 align=center cellspacing=0 cellpadding=3>\n"; echo "<tr><td align=right>" . $t->translate("Subject") . " (128):</td><td><input type=\"TEXT\" name=\"subject\" size=40 maxlength=128></td></tr>\n"; echo "<tr><td align=right>" . $t->translate("Comment") . " (*):</td><td><textarea cols=40 rows=7 name=\"text\" wrap=\"virtual\" maxlength=255></textarea></td></tr>\n"; echo "<tr><td align=right> </td><td><input type=\"Submit\" value=\"" . $t->translate("Send") . "\"></td>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"cmt\">\n"; echo "<input type=\"hidden\" name=\"id\" value=\"{$id}\">\n"; echo "</form>\n"; echo "</tr></table>\n"; $bx->box_body_end();
$msg .= "<a href=\"" . $sess->url(basename($PHP_SELF)) . $sess->add_query(array("by" => $ltr . "%")) . "\">{$ltr}</a> | "; } $msg .= "<a href=\"" . $sess->url(basename($PHP_SELF)) . $sess->add_query(array("by" => "%")) . "\">" . $t->translate("All") . "</a> ]"; $bs->box_strip($msg); $db->query("SELECT * FROM auth_user WHERE username LIKE '{$by}' ORDER BY username ASC"); $bx->box_begin(); $bx->box_title($t->translate("Users")); $bx->box_body_begin(); echo "<table border=0 align=center cellspacing=1 cellpadding=1 width=100%>\n"; echo "<tr><td><b>" . $t->translate("No") . ".</b></td><td><b># " . $t->translate("Sols") . "</b></td><td><b>" . $t->translate("Username") . "</b></td><td><b>" . $t->translate("Realname") . "</b></td><td><b>" . $t->translate("E-Mail") . "</b></td></tr>\n"; $i = 1; while ($db->next_record()) { $user_id = $db->f("user_id"); $username = $db->f("username"); $db2 = new DB_SourceLines(); $db2->query("SELECT COUNT(*) FROM tblsolutions WHERE username='******' AND solutions_name != 'no_name'"); $db2->next_record(); $num = "[" . sprintf("%03d", $db2->f("COUNT(*)")) . "]"; echo "<tr><td>" . sprintf("%d", $i) . "</td>\n"; echo "<td><a href=\"" . $sess->url("yoursolutions.php") . $sess->add_query(array("user" => $username)) . "\">{$num}</a></td>\n"; echo "<td>" . $username . "</td>\n"; echo "<td>" . $db->f("realname") . "</td>"; echo "<td><<a href=\"mailto:" . mailtoencode($db->f("email_usr")) . "\">" . ereg_replace("\\.", " dot ", ereg_replace("@", " at ", htmlentities($db->f("email_usr")))) . "</a>></td>"; echo "</tr>\n"; $i++; } echo "</table>\n"; $bx->box_body_end(); $bx->box_end(); } ?>
</head> <body bgcolor="<?php echo $th_body_bgcolor; ?> " topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" marginheight="0" marginwidth="0"> <!-- content --> <p> <?php $bx->box_begin(); $bx->box_body_begin(); echo "<a href=\"{$sys_url_title}\" target=\"_content\"><img src=\"{$sys_logo_small_image}\" border=\"0\" height=\"{$sys_logo_small_heigth}\" width=\"{$sys_logo_small_width}\" ALT=\"{$sys_logo_small_alt}\"></a>"; $bx->box_body_end(); $bx->box_end(); $bx->box_begin(); $bx->box_title("<font size=\"1\">" . $t->translate("Recent Solutions") . "</font>"); $db->query("SELECT * FROM tblsolutions WHERE tblsolutions.solutions_name != 'no_name' ORDER BY solutions_modify_date DESC limit 20"); $bx->box_body_begin(); while ($db->next_record()) { echo "<div class=newsind>• "; echo "<a href=\"" . $sys_url . "solutions.php?solu_id=" . $db->f("solutions_id") . "\" target=\"_content\">" . $db->f("solutions_name") . "</a></div>\n"; } echo "<p><b><font size=\"1\"><a href=\"" . $sys_url . "\" target=\"_content\">more...</a></font></b>\n"; $bx->box_body_end(); $bx->box_end(); ?> </body> </html> <?php @page_close();
$solu_id = rawurldecode($solu_id); /*-----------------------------------------------------------------------*/ $bx->box_begin(); $bx->box_title($t->translate("Add a component")); $bx->box_body_begin(); /*-----------------------------------------------------------------------*/ echo "<form action='" . $sess->url(basename($PHP_SELF)) . "' method='POST'>"; $tbw->table_begin(); // componenttype $tbw->table_row_begin(); $tbw->table_body_column_begin(); echo "<b>" . $t->translate("Type") . ":</b>"; $tbw->table_body_column_next(2); $db_sel = new DB_SourceLines(); $query = "SELECT * FROM tblcomponenttype ORDER BY componenttype_name"; $db_sel->query($query); echo "<select name='componenttype_id' size='1'>"; while ($db_sel->next_record()) { echo "<option value=" . $db_sel->f("componenttype_id") . ">" . $t->translate($db_sel->f("componenttype_name")) . "</option>"; } if ($db_sel->num_rows() > 0) { $db_sel->seek(0); } echo "</select>"; $tbw->table_body_column_end(); // component_name $tbw->table_row_next(); $tbw->table_body_column_begin(); echo "<b>" . $t->translate("Name") . ":</b>"; $tbw->table_body_column_next(2); echo "<input type='text' size='40' maxlength='255' name='component_name' value=''>";
// 1. Eintrag, u.a. zur Bestimmung der solu_id!!! $random = rand(0, 2147000000); $query = "INSERT tblsolutions(solutions_name,username,solutions_create_date,solutions_modify_date) VALUES('{$random}','{$username}','" . date("Y-m-d H:i:s") . "','" . date("Y-m-d H:i:s") . "')"; debug($query); $db->query($query); /*-----*/ // Bestimmung von $solu_id $query = "SELECT * FROM tblsolutions WHERE solutions_name='{$random}' AND username='******'"; debug($query); $db->query($query); $db->next_record(); $solu_id = $db->f("solutions_id"); $db1 = new DB_SourceLines(); $query = "UPDATE tblsolutions SET solutions_name='no_name' WHERE solutions_id = '{$solu_id}'"; debug($query); $db1->query($query); $where = ""; } else { if ($perm->have_perm("admin")) { $where = ""; } else { $where = " AND tblsolutions.username='******'"; } } $query = "SELECT * FROM tblsolutions,auth_user WHERE solutions_id='{$solu_id}' {$where} AND tblsolutions.username = auth_user.username"; debug($query); /*---------------------------------------- Daten der aktuellen Seite */ $db->query($query); $db->next_record(); solupd($db); }