function UpdateSettings($setting, $val, $type = '') { global $server, $user, $pass, $database, $pre; if (empty($type)) { $type = 'admin'; } //Connect to database require_once "sources/class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); //Check if setting is already in DB. If NO then insert, if YES then update. $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type='" . $type . "' AND intitule = '" . $setting . "'"); if ($data[0] == 0) { $db->query_insert("misc", array('valeur' => $val, 'type' => $type, 'intitule' => $setting)); //in case of stats enabled, add the actual time if ($setting == 'send_stats') { $db->query_insert("misc", array('valeur' => time(), 'type' => $type, 'intitule' => $setting . '_time')); } } else { $db->query_update("misc", array('valeur' => $val), "type='" . $type . "' AND intitule = '" . $setting . "'"); //in case of stats enabled, update the actual time if ($setting == 'send_stats') { //Check if previous time exists, if not them insert this value in DB $data_time = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type='" . $type . "' AND intitule = '" . $setting . "_time'"); if ($data_time[0] == 0) { $db->query_insert("misc", array('valeur' => 0, 'type' => $type, 'intitule' => $setting . '_time')); } else { $db->query_update("misc", array('valeur' => 0), "type='" . $type . "' AND intitule = '" . $setting . "_time'"); } } } //save in variable if ($type == "admin") { $_SESSION['settings'][$setting] = $val; } else { if ($type == "settings") { $settings[$setting] = $val; } } }
if ($manage_kb == true) { $label = utf8_decode($_POST['label']); $category = utf8_decode($_POST['category']); $description = utf8_decode($_POST['description']); //Add category if new $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'"); if ($data[0] == 0) { $cat_id = $db->query_insert("kb_categories", array('category' => mysql_real_escape_string($category))); } else { //get the ID of this existing category $cat_id = $db->fetch_row("SELECT id FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'"); $cat_id = $cat_id[0]; } if (isset($_POST['id']) && !empty($_POST['id'])) { //update KB $new_id = $db->query_update("kb", array('label' => $label, 'description' => mysql_real_escape_string($description), 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $_POST['anyone_can_modify']), "id='" . $_POST['id'] . "'"); } else { //add new KB $new_id = $db->query_insert("kb", array('label' => $label, 'description' => mysql_real_escape_string($description), 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $_POST['anyone_can_modify'])); } //delete all associated items to this KB $db->query_delete("kb_items", array('kb_id' => $_POST['id'])); //add all items associated to this KB foreach (explode(',', $_POST['kb_associated_to']) as $item_id) { $db->query_insert("kb_items", array('kb_id' => $_POST['id'], 'item_id' => $item_id)); } echo '$("#kb_form").dialog("close");oTable = $("#t_kb").dataTable();LoadingPage();oTable.fnDraw();'; } else { echo '$("#kb_form").dialog("close");'; } break;
#------------------------------------------- #CASE delete a role case "delete_role": $db->query("DELETE FROM " . $pre . "roles_title WHERE id = " . $_POST['id']); $db->query("DELETE FROM " . $pre . "roles_values WHERE role_id = " . $_POST['id']); //Actualize the variable $_SESSION['nb_roles']--; //reload page echo 'window.location.href = "index.php?page=manage_roles";'; break; #------------------------------------------- #CASE editing a role #------------------------------------------- #CASE editing a role case "edit_role": $db->query_update("roles_title", array('title' => mysql_real_escape_string(stripslashes($_POST['title']))), 'id = ' . $_POST['id']); //reload matrix echo 'var data = "type=rafraichir_matrice";httpRequest("sources/roles.queries.php",data);'; break; #------------------------------------------- #CASE refresh the matrix #------------------------------------------- #CASE refresh the matrix case "rafraichir_matrice": echo 'document.getElementById(\'matrice_droits\').innerHTML = "";'; require_once "NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree = $tree->getDescendants(); $texte = '<table><thead><tr><th>' . $txt['group'] . 's</th>'; $gpes_ok = array(); $gpes_nok = array();
$old_pw = ""; foreach ($last_pw as $elem) { if (!empty($elem)) { if (empty($old_pw)) { $old_pw = $elem; } else { $old_pw .= ";" . $elem; } } } //update sessions $_SESSION['last_pw'] = $old_pw; $_SESSION['last_pw_change'] = mktime(0, 0, 0, date('m'), date('d'), date('y')); $_SESSION['validite_pw'] = true; //update DB $db->query_update("users", array('pw' => $new_pw, 'last_pw_change' => mktime(0, 0, 0, date('m'), date('d'), date('y')), 'last_pw' => $old_pw), "id = " . $_SESSION['user_id']); echo '[ { "error" : "none" } ]'; } } else { //ADMIN has decided to change the USER's PW if (isset($_POST['change_pw_origine']) && $_POST['change_pw_origine'] == "admin_change") { //Check KEY if ($data_received['key'] != $_SESSION['key']) { echo '[ { "error" : "key_not_conform" } ]'; exit; } //update DB $db->query_update("users", array('pw' => $new_pw, 'last_pw_change' => mktime(0, 0, 0, date('m'), date('d'), date('y'))), "id = " . $data_received['user_id']); echo '[ { "error" : "none" } ]'; } else { echo '[ { "error" : "nothing_to_do" } ]';
$new_groupes = $data[0]; if (!empty($data[0])) { $groupes = explode(';', $data[0]); if (in_array($val[1], $groupes)) { $new_groupes = str_replace($val[1], "", $new_groupes); } else { $new_groupes .= ";" . $val[1]; } } else { $new_groupes = $val[1]; } while (substr_count($new_groupes, ";;") > 0) { $new_groupes = str_replace(";;", ";", $new_groupes); } //Store id DB $db->query_update("users", array($_POST['type'] => $new_groupes), "id = " . $val[0]); break; case "fonction": $val = explode(';', $_POST['valeur']); $valeur = $_POST['valeur']; //v?rifier si l'id est d?j? pr?sent $data = $db->fetch_row("SELECT fonction_id FROM " . $pre . "users WHERE id = {$val['0']}"); $new_fonctions = $data[0]; if (!empty($data[0])) { $fonctions = explode(';', $data[0]); if (in_array($val[1], $fonctions)) { $new_fonctions = str_replace($val[1], "", $new_fonctions); } else { if (!empty($new_fonctions)) { $new_fonctions .= ";" . $val[1]; } else {
$sqlAnswer = "Select correct_answer from tblquestions where id='".$question_id."'"; $rowAnswer = $db->query($sqlAnswer); $result2 = $db->fetch_array($rowAnswer); $answerResult = "incorrect"; if(isset($_POST["answer"])) { if($result2["correct_answer"] == $_POST["answer"]){ $answerResult = "correct"; } $_POST["status"] = $answerResult; $DATA = $_POST; }else{ unset($_POST["answer"]); $DATA["time_to_answer"] = $_POST["time_to_answer"]; } $row = $db->query_update("tbltemporarygenexam",$DATA,"question_id='".$question_id."' and student_id='".$student_id."'"); echo $row; //echo json_encode($json); mysql_close(); ?>
<?php /** * The plugin control panel, you can manage the plugins activity in this page. */ include_once 'phphooks.class.php'; include_once 'includes/database.class.php'; require_once 'config.php'; $db = new Database($mysql_db_host, $mysql_db_user, $mysql_db_passwd, $mysql_db_name, $table_prefix); $db->connect(); switch ($_GET['action']) { case "deactivate": $data['action'] = 0; $db->query_update("plugins", $data, "filename='" . $_GET['filename'] . "'"); break; case "activate": $sql = "SELECT * FROM " . $table_prefix . "plugins WHERE filename = '" . $db->escape($_GET['filename']) . "'"; $count = count($db->fetch_all_array($sql)); if ($count < 1) { $data['filename'] = $_GET['filename']; $data['action'] = 1; $db->query_insert("plugins", $data); } else { $data['action'] = 1; $db->query_update("plugins", $data, "filename='" . $_GET['filename'] . "'"); } break; } $sql = "SELECT filename, action FROM " . $table_prefix . "plugins WHERE action = '" . $db->escape(1) . "'"; $result_rows = $db->fetch_all_array($sql); $plugin_list = new phphooks();
function CPMStats() { global $server, $user, $pass, $database, $pre; require_once 'includes/settings.php'; // connect to the server require_once "class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); // Prepare stats to be sent // Count no FOLDERS $data_folders = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree"); // Count no USERS $data_users = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "users"); // Count no ITEMS $data_items = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "items"); // Get info about installation $data_system = array(); $rows = $db->fetch_all_array("SELECT valeur,intitule FROM " . $pre . "misc WHERE type = 'admin' AND intitule IN ('enable_pf_feature','log_connections','cpassman_version')"); foreach ($rows as $reccord) { if ($reccord['intitule'] == 'enable_pf_feature') { $data_system['enable_pf_feature'] = $reccord['valeur']; } else { if ($reccord['intitule'] == 'cpassman_version') { $data_system['cpassman_version'] = $reccord['valeur']; } else { if ($reccord['intitule'] == 'log_connections') { $data_system['log_connections'] = $reccord['valeur']; } } } } // Get the actual stats. $stats_to_send = array('uid' => md5(SALT), 'time_added' => time(), 'users' => $data_users[0], 'folders' => $data_folders[0], 'items' => $data_items[0], 'cpm_version' => $data_system['cpassman_version'], 'enable_pf_feature' => $data_system['enable_pf_feature'], 'log_connections' => $data_system['log_connections']); // Encode all the data, for security. foreach ($stats_to_send as $k => $v) { $stats_to_send[$k] = urlencode($k) . '=' . urlencode($v); } // Turn this into the query string! $stats_to_send = implode('&', $stats_to_send); fopen("http://www.vag-technique.fr/divers/cpm_stats/collect_stats.php?" . $stats_to_send, 'r'); // update the actual time $db->query_update("misc", array('valeur' => time()), "type='admin' AND intitule = 'send_stats_time'"); }
*/ include_once 'Database.class.php'; define("MSCTBL", "msc"); $db = new Database('localhost', 'root', 'trdc123', 'mscsim'); //connect to the server $db->connect(); if ($_GET['action'] == 'register' && !empty($_POST['MSISDN']) && !empty($_POST['IMSI'])) { $preMSISDN = $_POST['MSISDN'][0] . $_POST['MSISDN'][1] . $_POST['MSISDN'][2] . $_POST['MSISDN'][3]; $data['TMSI'] = "91" . $preMSISDN . rand('199999', '999999'); $sql = "SELECT * FROM " . MSCTBL . " WHERE `MSISDN` = '" . $_POST['MSISDN'] . "'"; $row = $db->query_first($sql); if (empty($row)) { $error_dat['status'] = "error"; $error_dat['reason'] = "Registration Failed..."; } else { $db->query_update(MSCTBL, $data, " `MSISDN` = '" . $_POST['MSISDN'] . "' "); $error_dat['regdata'] = $row; $error_dat['regdata']['TMSI'] = $data['TMSI']; $error_dat['status'] = "success"; $error_dat['reason'] = "Registration Complete..."; } sleep(3); echo json_encode($error_dat); } elseif ($_GET['action'] == 'makesim' && !empty($_POST['MSISDN'])) { $preMSISDN = $_POST['MSISDN'][0] . $_POST['MSISDN'][1] . $_POST['MSISDN'][2] . $_POST['MSISDN'][3]; $data['IMSI'] = "91" . $preMSISDN . rand('199999', '999999'); $data['IMEI'] = "956647" . "894467" . rand('199999', '999999'); $data['Ki'] = genRandKey(128); $data['NSP'] = getNSP($preMSISDN); $sql = "SELECT * FROM " . MSCTBL . " WHERE `MSISDN` = '" . $_POST['MSISDN'] . "'"; $row = $db->query_first($sql);
die('Hacking attempt...'); } include '../includes/language/' . $_SESSION['user_language'] . '.php'; include '../includes/settings.php'; header("Content-type: text/html; charset==utf-8"); include 'main.functions.php'; require_once "NestedTree.class.php"; //Connect to mysql server require_once "class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); // CASE where title is changed if (isset($_POST['newtitle'])) { $id = explode('_', $_POST['id']); //update DB $db->query_update('nested_tree', array('title' => mysql_real_escape_string(stripslashes($_POST['newtitle']))), "id=" . $id[1]); //Show value echo $_POST['newtitle']; } else { if (isset($_POST['renewal_period']) && !isset($_POST['type'])) { //Check if renewal period is an integer if (is_int(intval($_POST['renewal_period']))) { $id = explode('_', $_POST['id']); //update DB $db->query_update('nested_tree', array('renewal_period' => mysql_real_escape_string(stripslashes($_POST['renewal_period']))), "id=" . $id[1]); //Show value echo $_POST['renewal_period']; } else { //Show ERROR echo $txt['error_renawal_period_not_integer']; }
<?php require "dbase/config.inc.php"; require "dbase/Database.class.php"; $db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE); $db->connect(); //parent and tutor $user["fname"] = $_POST["user-fname"]; $user["lname"] = $_POST["user-lname"]; $user["email"] = $_POST["user-email"]; $user["city"] = $_POST["user-city"]; $user["postcode"] = $_POST["user-postcode"]; $user["state"] = $_POST["user-state"]; $user["phone"] = $_POST["user-phone"]; $id = substr($_GET["user"], 1); $user_type = substr($_GET["user"], 0, 1); //p or t if ($user_type == "p") { $db->query_update("tblparents", $user, "id='{$id}'"); echo "<script>\n\t window.history.go(-1);\n\t \t</script>"; } else { if ($user_type == "t") { $db->query_update("tbltutor", $user, "id='{$id}'"); echo "<script>\n\t window.history.go(-1);\n\t \t</script>"; } else { $db->query_update("tblstudents", $std, "parent_id='{$id}'"); echo "<script>\n\t window.history.go(-1);\n\t \t</script>"; } }
function excluir($id) { $db = new Database(); $sql = 'delete from periodo where id = '.$id; return $db->query_update($sql); }
<?php require '../common/admin_session.php'; require '../common/database.php'; require '../config/config.php'; $db = new Database($db_host, $db_username, $db_password, $db_name); $db->connect(); // For delete action if ($_GET['action'] == "delete") { if ($_GET['id'] > 0) { $sql = "DELETE FROM " . $TABLE_EYO_MAP . " where id=" . $_GET['id']; $db->query($sql); header("Location: index.php"); die; } } else { if ($_GET['action'] == "update") { $update_array['status'] = $_GET['status'] ? 0 : 1; $db->query_update($TABLE_EYO_MAP, $update_array, " id=" . $_GET['id']); header("Location: index.php"); die; } } header("Location: index.php"); die;
//log $db->query_insert('log_items', array('id_item' => $new_id, 'date' => mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')), 'id_user' => $_SESSION['user_id'], 'action' => 'at_creation')); //Add tags $tags = explode(' ', $_POST['tags']); foreach ($tags as $tag) { if (!empty($tag)) { $db->query_insert('tags', array('item_id' => $new_id, 'tag' => strtolower($tag))); } } // Check if any files have been added if (!empty($_POST['random_id_from_files'])) { $sql = "SELECT id\r\n FROM " . $pre . "files\r\n WHERE id_item=" . $_POST['random_id_from_files']; $rows = $db->fetch_all_array($sql); foreach ($rows as $reccord) { //update item_id in files table $db->query_update('files', array('id_item' => $new_id), "id='" . $reccord['id'] . "'"); } } //Update CACHE table UpdateCacheTable("add_value", $new_id); //Announce by email? if ($_POST['annonce'] == 1) { require_once "class.phpmailer.php"; //envoyer email $destinataire = explode(';', $_POST['diffusion']); foreach ($destinataire as $mail_destinataire) { //envoyer ay destinataire $mail = new PHPMailer(); $mail->SetLanguage("en", "../includes/libraries/phpmailer/language"); $mail->IsSMTP(); // send via SMTP
} else { $manage_kb = true; } if ($manage_kb == true) { //Add category if new $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'"); if ($data[0] == 0) { $cat_id = $db->query_insert("kb_categories", array('category' => mysql_real_escape_string($category))); } else { //get the ID of this existing category $cat_id = $db->fetch_row("SELECT id FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'"); $cat_id = $cat_id[0]; } if (isset($id) && !empty($id)) { //update KB $new_id = $db->query_update("kb", array('label' => $label, 'description' => $description, 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $anyone_can_modify), "id='" . $id . "'"); } else { //add new KB $new_id = $db->query_insert("kb", array('label' => $label, 'description' => $description, 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $anyone_can_modify)); } //delete all associated items to this KB $db->query_delete("kb_items", array('kb_id' => $new_id)); //add all items associated to this KB foreach (explode(',', $kb_associated_to) as $item_id) { $db->query_insert("kb_items", array('kb_id' => $new_id, 'item_id' => $item_id)); } echo '[ { "status" : "done" } ]'; } else { echo '[ { "status" : "none" } ]'; } break;
if (count($_POST['list_f']) > 0) { foreach (explode(';', $_POST['list_f']) as $id) { $data = $db->query_first("\r\n\t\t\t\t\tSELECT valeur\r\n\t\t FROM " . $pre . "misc\r\n\t\t WHERE type = 'folder_deleted'\r\n\t\t AND intitule = '" . $id . "'"); if ($data['valeur'] != 0) { $folder_data = explode(',', $data['valeur']); //insert deleted folder $db->query_insert('nested_tree', array('id' => $folder_data[0], 'parent_id' => $folder_data[1], 'title' => $folder_data[2], 'nleft' => $folder_data[3], 'nright' => $folder_data[4], 'nlevel' => $folder_data[5], 'bloquer_creation' => $folder_data[6], 'bloquer_modification' => $folder_data[7], 'personal_folder' => $folder_data[8], 'renewal_period' => $folder_data[9])); //delete log $db->query("DELETE FROM " . $pre . "misc WHERE type = 'folder_deleted' AND intitule= '" . $id . "'"); } } } //restore ITEMS if (count($_POST['list_i']) > 0) { foreach (explode(';', $_POST['list_i']) as $id) { $db->query_update("items", array('inactif' => '0'), 'id = ' . $id); //log $db->query("INSERT INTO " . $pre . "log_items VALUES ('" . $id . "','" . mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')) . "','" . $_SESSION['user_id'] . "','at_restored','')"); } } break; #---------------------------------- #CASE admin want to delete a list of deleted items #---------------------------------- #CASE admin want to delete a list of deleted items case "really_delete_items": $folders = explode(';', $_POST['folders']); if (count($folders) > 0) { //delete folders foreach ($folders as $f_id) { //get folder ID
ftp_close($conn_id); fclose($handle); //DELETE FILE unlink($local_file); echo '[{"error":"' . $error . '" , "output":"' . $text . '"}]'; break; ########################################################### #CASE for refreshing all Personal Folders ########################################################### #CASE for refreshing all Personal Folders case "admin_action_check_pf": //get through all users $rows = $db->fetch_all_array("SELECT id,login,email FROM " . $pre . "users ORDER BY login ASC"); foreach ($rows as $record) { //update PF field for user $db->query_update('users', array('personal_folder' => '1'), "id='" . $record['id'] . "'"); //if folder doesn't exist then create it $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree WHERE title = '" . $record['id'] . "' AND parent_id = 0"); if ($data[0] == 0) { //If not exist then add it $db->query_insert("nested_tree", array('parent_id' => '0', 'title' => $record['id'], 'personal_folder' => '1')); } else { //If exists then update it $db->query_update('nested_tree', array('personal_folder' => '1'), array("title" => $record['id'], 'parent_id' => '0')); } } //Delete PF for deleted users $db->query("\r\n\t\t\tDELETE " . $pre . "nested_tree\r\n \t\tFROM " . $pre . "nested_tree\r\n \t\tLEFT JOIN " . $pre . "users\r\n \t\tON " . $pre . "nested_tree.title = " . $pre . "users.id\r\n \t\tWHERE " . $pre . "users.id IS NULL AND " . $pre . "nested_tree.parent_id=0 AND " . $pre . "nested_tree.title REGEXP ('[0-9]')\r\n \t"); //rebuild fuild tree folder require_once 'NestedTree.class.php'; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
function smsmAlertFunc($gid, $aid, $src, $nooftime, $inout, $devDateTime, $devImei, $inorout) { $db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE); $db->connect(); //print_r($_GET); //echo $aid." ".$nooftime." cs ". $inorout." ds ".$inout." ".$devDateTime."<br><br>"; //echo "<br><br>"; $getAlertImeiInfo = "SELECT * FROM tb_geoalertinfo WHERE tgai_assignDevId = '" . $devImei . "' AND tgai_createDate like '" . date("Y-m-d", strtotime($devDateTime)) . "%' ORDER BY tgai_id DESC LIMIT 0,1"; $resAlertImeiInfo = $db->query($getAlertImeiInfo); if ($db->affected_rows == 0) { if ($inout == 'in' && $inorout == $inout) { $smsStatus = sendAlert($aid, $devDateTime); //echo "<br>"; if ($smsStatus) { $data['tgai_assignDevId'] = $devImei; $data['tgai_geoAssignId'] = $aid; $data['tgai_inoutStatus'] = 0; $data['tgai_alertCount'] = 1; $data['tgai_alertType'] = $inout; $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_insert("tb_geoalertinfo", $data)) { $res = 1; } else { $res = 0; } echo "SMS"; } } elseif ($inout == 'out' && $inorout != $inout) { $data['tgai_assignDevId'] = $devImei; $data['tgai_geoAssignId'] = $aid; $data['tgai_inoutStatus'] = 0; $data['tgai_alertCount'] = 1; $data['tgai_alertType'] = $inout; $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_insert("tb_geoalertinfo", $data)) { $res = 1; } else { $res = 0; } } } else { $fetAlertImeiInfo = $db->fetch_array($resAlertImeiInfo); $getAlertInfo = "SELECT count(*) as pastTotal FROM tb_geoalertinfo WHERE tgai_geoAssignId = " . $aid . " AND tgai_inoutStatus = 1 AND tgai_createDate like '" . date("Y-m-d", strtotime($devDateTime)) . "%'"; $resAlertInfo = $db->query($getAlertInfo); $fetAlertInfo = $db->fetch_array($resAlertInfo); //echo "<br>".$fetAlertImeiInfo[tgai_geoAssignId]." ".$aid." ".$fetAlertImeiInfo[tgai_inoutStatus]." ".$nooftime." ".$fetAlertImeiInfo[tgai_alertCount]." ". $inorout." ".$inout."<br>"; //print_r($fetAlertInfo); /*echo "<pre>"; print_r($fetAlertImeiInfo); // echo "</pre>";*/ //echo $fetAlertImeiInfo[tgai_id]; //echo "<br> 1 ".$fetAlertInfo[pastTotal]." ".$fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>"; if ($fetAlertImeiInfo[tgai_geoAssignId] == $aid && $fetAlertInfo[pastTotal] < $nooftime) { //echo "<br>".$fetAlertInfo[pastTotal]." ".$fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>"; if ($fetAlertImeiInfo[tgai_inoutStatus] == 0) { //echo $fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>"; if ($inout == 'in' && $inorout != $inout) { $data['tgai_inoutStatus'] = 1; $data['tgai_reachdevTime2'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_update("tb_geoalertinfo", $data, "tgai_id=" . $fetAlertImeiInfo[tgai_id])) { $res = 1; } else { $res = 0; } } elseif ($inout == 'out' && $inorout == $inout) { $smsStatus = sendAlert($aid, $devDateTime); if ($smsStatus) { $data['tgai_inoutStatus'] = 1; $data['tgai_reachdevTime2'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_update("tb_geoalertinfo", $data, "tgai_id=" . $fetAlertImeiInfo[tgai_id])) { $res = 1; } else { $res = 0; } echo "SMS"; } } } else { //echo $fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>"; //echo "<br>".$inout." ".$inorout; if ($inout == 'in' && $inorout == $inout) { $smsStatus = sendAlert($aid, $devDateTime); if ($smsStatus) { $data['tgai_assignDevId'] = $devImei; $data['tgai_geoAssignId'] = $aid; $data['tgai_inoutStatus'] = 0; $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1; $data['tgai_alertType'] = $inout; $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_insert("tb_geoalertinfo", $data)) { $res = 1; } else { $res = 0; } echo "SMS"; } } elseif ($inout == 'out' && $inorout != $inout) { $data['tgai_assignDevId'] = $devImei; $data['tgai_geoAssignId'] = $aid; $data['tgai_inoutStatus'] = 0; $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1; $data['tgai_alertType'] = $inout; $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_insert("tb_geoalertinfo", $data)) { $res = 1; } else { $res = 0; } } } } elseif ($fetAlertImeiInfo[tgai_geoAssignId] != $aid && $fetAlertImeiInfo[tgai_inoutStatus] == 1 && $fetAlertInfo[tgai_alertCount] < $nooftime) { //print_r($fetAlertImeiInfo); if ($inout == 'in' && $inorout == $inout) { $smsStatus = sendAlert($aid, $devDateTime); if ($smsStatus) { $data['tgai_assignDevId'] = $devImei; $data['tgai_geoAssignId'] = $aid; $data['tgai_inoutStatus'] = 0; $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1; $data['tgai_alertType'] = $inout; $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_insert("tb_geoalertinfo", $data)) { $res = 1; } else { $res = 0; } echo "SMS"; } } elseif ($inout == 'out' && $inorout != $inout) { $data['tgai_assignDevId'] = $devImei; $data['tgai_geoAssignId'] = $aid; $data['tgai_inoutStatus'] = 0; $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1; $data['tgai_alertType'] = $inout; $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime)); //print_r($data); //exit; if ($db->query_insert("tb_geoalertinfo", $data)) { $res = 1; } else { $res = 0; } } } } }
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) { die('Hacking attempt...'); } if (isset($_POST['session']) && $_POST['session'] == "expired") { //Include files require_once 'includes/settings.php'; require_once 'includes/include.php'; // connect to the server require_once "sources/class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); // Include main functions used by cpassman require_once 'sources/main.functions.php'; // Update table by deleting ID if (isset($_SESSION['user_id'])) { $db->query_update("users", array('key_tempo' => ''), "id=" . $_SESSION['user_id']); } //Log into DB the user's disconnection if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) { logEvents('user_connection', 'disconnection', $_SESSION['user_id']); } // erase session table $_SESSION = array(); // Kill session session_destroy(); } else { echo ' <div style="width:800px;margin:auto;">'; if ($_SESSION['error'] == 1000) { echo ' <div class="ui-state-error ui-corner-all error" >' . $txt['error_not_authorized'] . '</div>';
$message .= '<table style="border-color: #666;" cellpadding="10" width="100%">'; $message .= "<tr style='background: #eee;'><td><strong>Greetings from:</strong> </td><td>" . strip_tags($fetReseller[ci_clientName]) . "</td></tr>"; $message .= "<tr><td><strong>Vehicle Name:</strong> </td><td>" . strip_tags($devName) . "</td></tr>"; $message .= "<tr><td><strong>Purpose:</strong> </td><td>" . strip_tags(ucfirst($record[tdai_purpose])) . "</td></tr>"; $message .= "<tr><td><strong>Description:</strong> </td><td>" . strip_tags(ucfirst($record[tdai_description])) . "</td></tr>"; $message .= "<tr><td><strong>By -:</strong> </td><td>" . $fetReseller[ci_weburl] . "</td></tr>"; $message .= '<tr><td></td><td><img src="' . $GLOBALS[dataPath] . 'gpsapp/modules/user/client_logo/' . $fetReseller[ci_clientLogo] . '" alt="Website Change Request" /></td></tr>'; $message .= "<tr><td><strong>Note:</strong> </td><td style='font:12px normal Arial, Helvetica, sans-serif; color:red'>Do not reply to this system generated mail</td></tr>"; $message .= "</table>"; $message .= "</body></html>"; //echo $sub; //exit; if ($mailres = sendMail($t, $sub, $message, $fr)) { $data['tdai_status'] = 1; $data['tdai_deliveryTime'] = date("Y-m-d H:i:s"); if ($db->query_update("tb_device_alert_info", $data, "tdai_id=" . $record[tdai_id])) { $maildata['tmi_email'] = $t; $maildata['tmi_tgai_id'] = $record[tdai_id]; $maildata['tmi_mailResult'] = $mailres; $maildata['tmi_message'] = $message; $maildata['tmi_mailType'] = "DATEALERT"; //print_r($maildata); //exit; if ($db->query_insert("tb_mail_info", $maildata)) { echo "done"; } else { echo "no"; } } } } elseif ($record[tdai_alertType] == "Mobile") {
$mail->AddAddress($email); //$mail->AddBCC($email, ''); $mail->WordWrap = 50; $mail->IsHTML(true); $mail->Subject = "Studentbook Team password reset confirmation"; $salt = sha1(uniqid()); //generate salt $now = time(); //get current time //forgot key $forgot_key = sha1($user . $now . $salt); //echo $forgot_key; $update['expire'] = $now; $update['reset'] = $forgot_key; $ip_connection = $_SERVER['SERVER_ADDR']; $db->query_update('student', $update, "email='{$email}'"); //update with password expiry time $db->query_update('users', $update, "email='{$email}'"); //update with password expiry time // start comment out $mailer = "<div style='margin: 0 auto; background-color:f0e1ae; width:520px; padding:12px;'><img src='https://4.bp.blogspot.com/-lXNFwNibdTI/VgGdGkXiNHI/AAAAAAAAA_o/isgC77woXsE/s1600/logo_std.png'><br><br>Hi " . $row->username . ",<br><br> There was recently a request to change the password on your account. If you requested this password change, please set a new password by following the link below:<br><br>\n\t\t\t\t<a href='" . $_SERVER['SERVER_NAME'] . "" . $_SERVER['SCRIPT_NAME'] . "?key=" . $forgot_key . "'>" . $_SERVER['SERVER_NAME'] . "" . $_SERVER['SCRIPT_NAME'] . "?key=" . $forgot_key . "</a><br>\n<a>Ip Connection:</a>{$ip_connection}<br/>\n<br>Please note that this link is valid only for 24 hours.<br><br>If you don't want to change your password, just ignore this message.<br><br>This is sent from a <a href='../user/index.php'>Login Page</a> on StudentBook. If you did not register by yourself let us know at studentbook@e-studentbook.com<br><br>Thanks,<br>Studentbook Team</div>"; // change/edit the confirmation in email user as comment for key activation $mail->Body = $mailer; if (!$mail->Send()) { echo "Message could not be sent.<p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } //echo $mailer; echo '<div class="success">An email has been sent to ' . $email . ' with further instructions.</div>'; //$_SESSION['forgotemail']=$email;
$cdata["tgi_latLong"] = $_GET[param]; //print_r($cdata); if ($db->query_insert("tb_geofence_info", $cdata)) { echo 1; } else { echo 0; } } else { $fetCont = $db->fetch_array($resCont); $cdata["tgi_clientId"] = $_SESSION[clientID]; $cdata["tgi_name"] = $_GET[name]; $cdata["tgi_isActive"] = 1; $cdata["tgi_radius"] = $_GET[radius]; $cdata["tgi_latLong"] = $_GET[param]; //print_r($cdata); if ($db->query_update("tb_geofence_info", $cdata, "tgi_id = " . $fetCont[tgi_id])) { echo 2; } else { echo 0; } } } if (isset($_GET[contType]) && $_GET[contType] != '') { $getCont = "select * from tb_client_contact_info where tcci_srcType = '" . $_GET[contType] . "' AND tcci_clientId =" . $_SESSION[clientID]; $resCont = $db->query($getCont); $str = ''; if ($db->affected_rows > 0) { while ($fetCont = $db->fetch_array($resCont)) { //print_r($fetCont); $str .= '<option value=' . $fetCont[tcci_source] . '>' . $fetCont[tcci_source] . '</option>'; }
<?php require("dbase/config.inc.php"); require("dbase/Database.class.php"); $db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE); $db->connect(); $questionID = $_POST["questionId"]; $data["flagged_message"] = $_POST["flagged_message"]; $data["flagged_for_review"] = 1; $where = "id=".$questionID; $row = $db->query_update("tblquestions",$data,$where); mysql_close(); ?>
//log $db->query_insert('log_items', array('id_item' => $new_id, 'date' => mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')), 'id_user' => $_SESSION['user_id'], 'action' => 'at_creation')); //Add tags $tags = explode(' ', $tags); foreach ($tags as $tag) { if (!empty($tag)) { $db->query_insert('tags', array('item_id' => $new_id, 'tag' => strtolower($tag))); } } // Check if any files have been added if (!empty($data_received['random_id_from_files'])) { $sql = "SELECT id\r\n\t\t FROM " . $pre . "files\r\n\t\t WHERE id_item=" . $data_received['random_id_from_files']; $rows = $db->fetch_all_array($sql); foreach ($rows as $reccord) { //update item_id in files table $db->query_update('files', array('id_item' => $new_id), "id='" . $reccord['id'] . "'"); } } //Update CACHE table UpdateCacheTable("add_value", $new_id); //Announce by email? if ($data_received['annonce'] == 1) { require_once "class.phpmailer.php"; //envoyer email $destinataire = explode(';', $data_received['diffusion']); foreach ($destinataire as $mail_destinataire) { //envoyer ay destinataire $mail = new PHPMailer(); $mail->SetLanguage("en", "../includes/libraries/phpmailer/language"); $mail->IsSMTP(); // send via SMTP
$data['tgi_description'] = urldecode($param2[1]); $k = 1; while ($k < count($param1) - 4) { $param3 = explode("=", $param1[$k]); $k++; $param4 = explode("=", $param1[$k]); $pts .= $param4[1] . "," . $param3[1] . "#"; $k++; } $data['tgi_coordinates'] = $pts; $data['tgi_parameter'] = urldecode($_SERVER['QUERY_STRING']); $data['tgi_clientId'] = $_SESSION[clientID]; $data['tgi_isActive'] = 1; //print_r($data); //exit; if ($db->query_update("tb_geofence_info", $data, "tgi_id =" . $geoId)) { $res = 3; } else { $res = 0; } echo $res; } } } if (isset($_GET[deleteGeoId]) && $_GET[deleteGeoId] != '') { $sql = "UPDATE tb_geofence_info SET tgi_isActive = 0 WHERE tgi_id=" . $_GET[deleteGeoId]; $row = $db->query($sql); if ($row) { echo 4; } else { echo 5;
$userName = $_POST["username"]; $passWord = $_POST["password"]; $adminCheck = $mydb->first("SELECT `gmlevel` FROM `account` WHERE `username`='{$userName}' AND `sha_pass_hash`='" . SHA1(strtoupper($username . ':' . $password)) . "';"); if ($adminCheck === "3") { $isadmin = 1; } elseif (!$adminCheck || $adminCheck == "") { $isadmin = 0; } else { $isadmin = 0; } //echo $adminCheck; if (isset($_POST["assignto"]) && $isadmin == 1) { $assignto = $mydb->clean($_POST["assignto"], '', ''); $assignedname = $mydb->first("SELECT username FROM account WHERE id='{$assignto}'"); $tickid = $mydb->clean($_POST["tickid"], '', ''); $mydb->query_update('list', array('assigned' => $assignto), "id='{$tickid}'"); // echo $isadmin; echo $assignedname; } if (isset($_POST["titlechange"]) && $isadmin == 1) { $tickid = $mydb->clean($_POST["tickid"], '', ''); $mydb->query_update("list", array('title' => $_POST["titlechange"]), "id='{$tickid}'"); echo "Title changed."; } if (isset($_POST["closeticket"]) && $isadmin == 1) { $closeticket = $mydb->clean($_POST["tickid"], '', ''); $mydb->query_update('list', array('status' => 0, 'finished' => time()), "id='{$closeticket}'"); echo "Ok"; } if (isset($_POST["openticket"]) && $isadmin == 1) { $closeticket = $mydb->clean($_POST["tickid"], '', '');
#################################################################################################### session_start(); include '../includes/language/' . $_SESSION['user_language'] . '.php'; include '../includes/settings.php'; header("Content-type: text/html; charset=" . $k['charset']); include 'main.functions.php'; require_once "NestedTree.class.php"; //Connect to mysql server require_once "class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); // CASE where title is changed if (isset($_POST['newtitle'])) { $id = explode('_', $_POST['id']); //update DB $db->query_update('nested_tree', array('title' => mysql_real_escape_string(stripslashes(utf8_decode($_POST['newtitle'])))), "id=" . $id[1]); //Show value echo $_POST['newtitle']; } else { if (isset($_POST['renewal_period']) && !isset($_POST['type'])) { //Check if renewal period is an integer if (is_int(intval($_POST['renewal_period']))) { $id = explode('_', $_POST['id']); //update DB $db->query_update('nested_tree', array('renewal_period' => mysql_real_escape_string(stripslashes(utf8_decode($_POST['renewal_period'])))), "id=" . $id[1]); //Show value echo $_POST['renewal_period']; } else { //Show ERROR echo $txt['error_renawal_period_not_integer']; }
if ($record = $db->fetch_array($parent_check)!=null) { // $prnt_code['email_code'] = md5($record['email'] + microtime());//for email ver. // $db->query_update("tblparents", $prnt_code, "id='$parent_id'"); //check slot available $checkSlot = "SELECT student_id, student_id2, student_id3 FROM tblparents where id='$parent_id'"; $queryCheck = $db->query($checkSlot); while ($record = $db->fetch_array($queryCheck)) { if ($record['student_id']=="" && $student0['fname'] != NULL && $student0['lname'] != NULL && $student0['year_level'] != NULL ) { $primary_id = $db->query_insert("tblstudents", $student0);//insert new student record in the tblstudents $newStdID["student_id"] = $primary_id; $db->query_update("tblparents", $newStdID, "id='$parent_id'"); if ($record['student_id2']=="" && $student1['fname'] != NULL && $student1['lname'] != NULL && $student1['year_level'] != NULL ){ $primary_id = $db->query_insert("tblstudents", $student1);//insert new student record in the tblstudents $newStdID["student_id2"] = $primary_id; $db->query_update("tblparents", $newStdID, "id='$parent_id'"); } if($record['student_id3']=="" && $student2['fname'] != NULL && $student2['lname'] != NULL && $student2['year_level'] != NULL ){ $primary_id = $db->query_insert("tblstudents", $student2);//insert new student record in the tblstudents $newStdID["student_id3"] = $primary_id; $db->query_update("tblparents", $newStdID, "id='$parent_id'"); }
$res = 1; } else { $res = 0; } echo "SMS"; } } } } else { $fetAlertImeiInfo = $db->fetch_array($resAlertImeiInfo); if ($fetAlertImeiInfo[tgai_geoAssignId] == $aid) { if ($fetAlertImeiInfo[tgai_inoutStatus] == 0) { if ($_GET[inoutFlag] != $_GET[inoutPoint]) { $data['tgai_inoutStatus'] = 1; $data['tgai_reachdevTime2'] = date("Y-m-d H:i:s", strtotime($_GET[devDateTime])); if ($db->query_update("tb_geoalertinfo", $data, "tgai_id=" . $fetAlertImeiInfo[tgai_id])) { $res = 1; } else { $res = 0; } } } else { if ($_GET[inoutFlag] == $_GET[inoutPoint] && ($_GET[notime] == 0 || $fetAlertImeiInfo[tgai_alertCount] < $_GET[notime])) { $smsStatus = sendSMSAlert($aid); if ($smsStatus) { $data['tgai_assignDevId'] = $devImei; $data['tgai_geoAssignId'] = $aid; $data['tgai_inoutStatus'] = 0; $data['tgai_alertCount'] = $fetAlertImeiInfo[tgai_alertCount] + 1; $data['tgai_alertType'] = $_GET[inoutPoint]; $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($_GET[devDateTime]));
$new_groupes = $data[0]; if (!empty($data[0])) { $groupes = explode(';', $data[0]); if (in_array($val[1], $groupes)) { $new_groupes = str_replace($val[1], "", $new_groupes); } else { $new_groupes .= ";" . $val[1]; } } else { $new_groupes = $val[1]; } while (substr_count($new_groupes, ";;") > 0) { $new_groupes = str_replace(";;", ";", $new_groupes); } //Store id DB $db->query_update("users", array($_POST['type'] => $new_groupes), "id = " . $val[0]); break; case "fonction": $val = explode(';', $_POST['valeur']); $valeur = $_POST['valeur']; //vérifier si l'id est déjà présent $data = $db->fetch_row("SELECT fonction_id FROM " . $pre . "users WHERE id = {$val['0']}"); $new_fonctions = $data[0]; if (!empty($data[0])) { $fonctions = explode(';', $data[0]); if (in_array($val[1], $fonctions)) { $new_fonctions = str_replace($val[1], "", $new_fonctions); } else { if (!empty($new_fonctions)) { $new_fonctions .= ";" . $val[1]; } else {