function write_file($filename, $text, $db_escape = false) { $text = General::input_clean($text); $filename = RheinaufFile::get_enc($filename); if (!is_file($filename) && defined('USE_FTP') && USE_FTP === true) { $filename = str_replace(docroot(), '', $filename); $root_dir = FTP_ROOTDIR; $tmpname = TMPDIR . '/' . uniqid('RheinaufCMS_tmp_' . basename($filename)); $file = fopen($tmpname, "wb"); $fwrite = fwrite($file, $text); fclose($file); $ftp_filename = $root_dir . $filename; RheinaufFile::ftpcmd("ftp_put(\$conn_id,'{$ftp_filename}','{$tmpname}',FTP_BINARY);"); RheinaufFile::chmod($filename, 777); RheinaufFile::delete($tmpname); } else { if (is_file($filename) && !is_writable($filename)) { RheinaufFile::chmod($filename, '0777'); } $file = fopen($filename, "wb"); $fwrite = fwrite($file, $text); fclose($file); if (is_file($filename)) { RheinaufFile::chmod($filename, 777); } return $fwrite; } }
function new_user_input() { $new_user_name = General::input_clean($_POST['new_user_name'], true); $new_user_pass = General::input_clean($_POST['new_user_pass'], true); $new_user_mail = General::input_clean($_POST['new_user_mail'], true); $new_user_gruppe = General::input_clean(rawurldecode($_POST['gruppe']), true); $this->connection->db_query("INSERT INTO `{$this->user_table}` ( `id` , `Name` , `Password`, `E-Mail`, `Group` )\r\n\t\t\t\t\t\t\tVALUES ('', '{$new_user_name}', '{$new_user_pass}','{$new_user_mail}', '{$new_user_gruppe}')"); }
function overview() { $this->pics_scaff->add_search_field('Name'); $this->pics_scaff->add_search_field('Jahr'); $this->pics_scaff->template_vars['Name_value'] = $_GET['Name'] ? $_GET['Name'] : ''; if ($name = $_GET['Name']) { $_GET['Name'] = "%{$name}%"; } $this->pics_scaff->template_vars['Jahr_value'] = $_GET['Jahr'] ? $_GET['Jahr'] : ''; if ($jahr = $_GET['Jahr']) { $_GET['Jahr'] = "%{$jahr}%"; } $where = array(); foreach ($this->pics_scaff->enable_search_for as $spalte) { if ($_GET[$spalte]) { $value = General::input_clean($_GET[$spalte], true); $where[] = "`{$spalte}` LIKE '{$value}'"; } } $where = $where ? "WHERE " . implode($this->pics_scaff->search_combinate, $where) : ''; $images_sql = $all_images_sql = "SELECT * FROM `{$this->pics_db_table}` {$where}"; $order = $_GET['order'] ? "&order=" . $_GET['order'] : ''; if ($_GET['dir'] == 'desc') { $auf = 'Aufsteigend'; $ab = Html::bold(Html::italic('Absteigend')); $dir = 'DESC'; $desc = '&dir=asc'; } else { if ($_GET['dir'] == 'asc') { $auf = Html::bold(Html::italic('Aufsteigend')); $ab = 'Absteigend'; $dir = 'ASC'; $desc = '&dir=desc'; } else { $dir = 'ASC'; $desc = '&dir=desc'; } } $return .= ' '; $this->pics_scaff->edit_enabled = true; foreach ($this->pics_scaff->cols_array as $col) { $name = $_GET['order'] == $col['name'] ? Html::bold(Html::italic($col['name'])) : $col['name']; $desc = $_GET['order'] == $col['name'] ? $_GET['dir'] == 'desc' ? '&dir=asc' : '&dir=desc' : '&dir=desc'; $this->pics_scaff->template_vars[$col['name'] . '_button'] = Html::a('/Admin/RheinaufExhibitionAdmin/Pictures?order=' . rawurlencode($col['name']) . $desc, $name); } $this->pics_scaff->results_per_page = 30; $pages = $this->pics_scaff->get_pages($all_images_sql); $pagination = $this->pics_scaff->num_rows . " Bilder auf {$pages} Seiten "; $prev_link = ($prev = $this->pics_scaff->prev_link()) ? Html::a(SELF . '?order=' . $_GET['order'] . '&dir=' . $_GET['dir'] . '&' . $prev, '<<<', array('class' => 'button')) : ''; $next_link = ($next = $this->pics_scaff->next_link()) ? Html::a(SELF . '?order=' . $_GET['order'] . '&dir=' . $_GET['dir'] . '&' . $next, '>>>', array('class' => 'button')) : ''; $this->pics_scaff->template_vars['pagination'] = $pagination . $prev_link . "Seite " . $this->pics_scaff->get_page() . ' von ' . $pages . ' ' . $next_link; $order = $_GET['order'] ? rawurldecode($_GET['order']) : 'Name'; return Html::h(2, 'Alle Bilder') . $this->pics_scaff->make_table("{$images_sql} ORDER BY {$order} {$dir}", INSTALL_PATH . '/Module/RheinaufExhibition/Backend/Templates/ExhibitionPicturesOverview.template.html'); }
function check_login(&$system) { if (!isset($_SESSION)) { session_start(); } if (isset($_GET['logout'])) { if ($_GET['logout'] == '') { $_GET['logout'] = $_SESSION['RheinaufCMS_User']['Anrede'] . ' ' . $_SESSION['RheinaufCMS_User']['Name']; } unset($_SESSION['RheinaufCMS_User']); setcookie('RheinaufCMS_user', false, time() - 3600, '/'); } if ($_SESSION['RheinaufCMS_User']) { $system->user = $_SESSION['RheinaufCMS_User']; $system->valid_user = true; return true; } $user = General::input_clean($_POST['user']); $pass = General::input_clean($_POST['pass']); $a = array(); foreach ($system->user_tables as $t) { $sql = "SELECT * FROM `{$t}` WHERE `Login`='{$user}' AND `Password`='{$pass}'"; $result = $system->connection->db_single_row($sql); if ($result) { break; } } if ($user && $pass && $result['Login'] == $user && $result['Password'] == $pass && $_SESSION['uuid'] == $_POST['uuid']) { $_SESSION['RheinaufCMS_User'] = $system->user = General::multi_unserialize($result); $_SESSION['RheinaufCMS_User']['user_found_in'] = $t; setcookie('RheinaufCMS_user', $user, 0, '/'); $system->connection->db_update($t, array('last_login' => Date::now()), "id = '" . $result['id'] . "'"); if (isset($_SESSION['RheinaufCMS_User'])) { $system->rechte = array(); if ($_SESSION['RheinaufCMS_User']['Group'] == 'dev') { $rechte = $system->connection->db_assoc("SELECT * FROM `RheinaufCMS>Rechte`"); for ($i = 0; $i < count($rechte); $i++) { $system->rechte[] = $rechte[$i]['id']; } $_SESSION['RheinaufCMS_User']['allowed_actions'] = $system->rechte; } else { $rechte = General::multi_unserialize($system->connection->db_single_row("SELECT * FROM `RheinaufCMS>Groups` WHERE `Name` ='" . $_SESSION['RheinaufCMS_User']['Group'] . "'")); $_SESSION['RheinaufCMS_User']['allowed_actions'] = $system->rechte = $rechte['Rechte']; } } unset($_SESSION['uuid']); $system->valid_user = true; return true; } else { } return false; }
function write_file($filename, $text, $db_escape = false) { $text = General::input_clean($text); if (!is_file($filename) && USE_FTP) { $filename = str_replace(docroot(), '', $filename); $root_dir = FTP_ROOTDIR; $file = fopen('ftp://' . FTP_USER . ':' . FTP_PASS . '@' . FTP_SERVER . '/' . FTP_ROOTDIR . $filename, "wb"); $fwrite = fwrite($file, $text); fclose($file); RheinaufFile::chmod($filename, 777); return $fwrite; } else { if (!is_writable($filename)) { RheinaufFile::chmod($filename, 777); } $file = fopen($filename, "wb"); $fwrite = fwrite($file, $text); fclose($file); return $fwrite; } }
function send_mail() { $empfaenger = $this->empfaenger; $regex = array('email' => '/^[0-9a-z.+-]{2,}\\@[0-9a-z.-]{2,}\\.[a-z]{2,6}$/i', 'name_betreff' => '/^[[:print:]]+$/', 'text' => '/^[[:print:][:space:]]+$/s'); $betreff = General::input_clean($_POST['Betreff'], false, true); preg_match($regex['text'], General::input_clean($_POST['Mailtext'], false, true), $text); $text = $text[0]; preg_match($regex['name_betreff'], General::input_clean($_POST['Name'], false, true), $absender); $absender = $absender[0]; preg_match($regex['email'], General::input_clean($_POST['E-Mail'], false, true), $email); $email = $email[0]; $datum = date("d.m."); $uhr = date("H:i"); $betreff .= ' (via Kontaktformular)'; $mail_header = "From: {$absender} <{$email}>\n"; if ($_POST['copy']) { $mail_header .= "cc: {$absender} <{$email}>\n"; } $mail_header .= "X-Mailer: powered by PHP\n"; if (mail($empfaenger, $betreff, $text, $mail_header)) { $this->mail_sent = true; } }
function new_group_input() { if ($_POST['name'] == 'dev') { return; } $name = General::input_clean($_POST['name'], true); $new_rechte = isset($_POST['Recht']) ? serialize($_POST['Recht']) : serialize(array()); $this->connection->db_query("INSERT INTO `{$this->groups_table}` ( `id` , `Name` , `Rechte` ) VALUES ('', '{$name}', '{$new_rechte}')"); $this->group_table_update(); }
function integrated_dec($str) { return $this->path_decode(General::input_clean(rawurldecode($str))); }
function db_insert() { $insert_sql = 'REPLACE INTO `' . $this->table . '` ('; $field_names = array(); foreach ($this->cols_array as $key => $col) { $field_name = $key; $field_names[] = '`' . $field_name . '`'; } $insert_sql .= implode(', ', $field_names); $insert_sql .= ") VALUES ("; $field_values = array(); foreach ($this->cols_array as $key => $col) { $field_value = $col['value'] ? $col['value'] : $_POST[rawurlencode($key)]; $field_value = !strstr($field_value, '--') ? $field_value : ''; $field_value = is_array($field_value) ? implode(', ', $field_value) : $field_value; if ($col['type'] == 'timestamp') { $t = Date::unify_timestamp($_POST[rawurlencode($key) . '_jahr'] . $_POST[rawurlencode($key) . '_monat'] . $_POST[rawurlencode($key) . '_tag'] . $_POST[rawurlencode($key) . '_stunde'] . $_POST[rawurlencode($key) . '_minute'] . '00'); $field_value = $t; } if ($col['type'] == 'email') { $field_value = $_POST[rawurlencode($key) . '_name']; if ($_POST[rawurlencode($key) . '_mail']) { $field_value .= ' <' . $_POST[rawurlencode($key) . '_mail'] . '>'; } } if ($col['type'] == 'upload') { if ($_FILES[rawurlencode($key) . '_upload']['name']) { if ($this->upload_folder) { if (!RheinaufFile::is_dir($folder = $this->upload_path . $_POST[$this->upload_folder])) { RheinaufFile::mkdir($folder); RheinaufFile::chmod($folder, '777'); } $upload_folder = $_POST[$this->upload_folder] . "/"; } $file = $this->upload_path . $upload_folder . $_FILES[rawurlencode($key) . '_upload']['name']; move_uploaded_file($_FILES[rawurlencode($key) . '_upload']['tmp_name'], $file); RheinaufFile::chmod($file, '777'); $field_value = $upload_folder . $_FILES[rawurlencode($key) . '_upload']['name']; } } if ($key == 'id') { $field_value = $_POST['edit_id'] ? $_POST['edit_id'] : ''; } $field_values[] = "'" . General::input_clean(rawurldecode($field_value), true) . "'"; } $insert_sql .= implode(', ', $field_values) . ')'; $this->connection->db_query($insert_sql); }
function new_db_insert() { $uniqid = md5(uniqid(rand(), true)); $schulname = General::input_clean($_POST['Schulname']); $plz = General::input_clean($_POST['PLZ']); $bilder_pfade = array(); if ($_FILES['bild']['name'][0] != '') { $output_path = DOCUMENT_ROOT . INSTALL_PATH . '/Images/BuddyListe/' . $plz . '_' . $schulname . '/'; if (!is_dir($output_path)) { RheinaufFile::mkdir($output_path); RheinaufFile::chmod($output_path, 777); } for ($i = 0; $i < count($_FILES['bild']); $i++) { if ($_FILES['bild']['error'][$i] == '0') { $bild = new Bilder($_FILES['bild']['tmp_name'][$i], $output_path . $_FILES['bild']['name'][$i]); $bild->scaleMaxX(200); $bild->output(); $bilder_pfade[] = 'Images/BuddyListe/' . $plz . '_' . $schulname . '/' . $_FILES['bild']['name'][$i]; } } } $insert_sql = 'INSERT INTO `RheinaufCMS>BuddyListe` ( `id` ,'; $field_names = array(); for ($i = 0; $i < count($this->fields); $i++) { $field_name = $this->fields[$i]['name']; $field_names[] = '`' . $field_name . '`'; } $insert_sql .= implode(', ', $field_names); $insert_sql .= ",`Bilder`,`angenommen`,`uniqid`) VALUES ('',"; $field_values = array(); for ($i = 0; $i < count($this->fields); $i++) { $field_value = $_POST[rawurlencode($this->fields[$i]['name'])]; $field_value = !strstr($field_value, '--') ? $field_value : ''; $field_value = is_array($field_value) ? implode(', ', $field_value) : $field_value; $field_values[] = "'" . General::input_clean(rawurldecode($field_value), true) . "'"; } $insert_sql .= implode(', ', $field_values) . ",'" . implode(';', $bilder_pfade) . "','0','{$uniqid}')"; $this->connection->db_query($insert_sql); }
function check_login() { if (!isset($_SESSION)) { session_start(); } $user = General::input_clean($_POST['user']); $pass = General::input_clean($_POST['pass']); $result = $this->connection->db_assoc("SELECT * FROM `{$this->user_table}` WHERE `Name`='{$user}' AND `Password`='{$pass}'"); if ($result[0]['Name'] == $user && $result[0]['Password'] == $pass) { $_SESSION['RheinaufCMS_User'] = General::multi_unserialize($result[0]); setcookie('RheinaufCMS_user', $user, 0, '/'); if (isset($_SESSION['RheinaufCMS_User'])) { $this->rechte = array(); if ($_SESSION['RheinaufCMS_User']['Group'] == 'dev') { $rechte = $this->connection->db_assoc("SELECT * FROM `{$this->rechte_table}`"); for ($i = 0; $i < count($rechte); $i++) { $this->rechte[] = $rechte[$i]['id']; } $_SESSION['RheinaufCMS_User']['allowed_actions'] = $this->rechte; } else { $this->rechte = General::multi_unserialize($this->connection->db_assoc("SELECT * FROM `{$this->groups_table}` WHERE `Name` ='" . $_SESSION['RheinaufCMS_User']['Group'] . "'")); $_SESSION['RheinaufCMS_User']['allowed_actions'] = $this->rechte[0]['Rechte']; } } return true; } else { return false; } }
function page_edit() { $navi_id = $_GET['edit']; $page_id = $_POST['page_id']; $new_name = General::input_clean($_POST['name'], true); $this->navi[$navi_id]['Subnavi'][$page_id]['Seite'] = $new_name; $this->navi[$navi_id]['Subnavi'][$page_id]['Show'] = isset($_POST['Show']) ? $_POST['Show'] : '0'; $this->navi[$navi_id]['Subnavi'][$page_id]['Show_to'] = $this->input_group_array(); $this->navi[$navi_id]['Subnavi'][$page_id]['ext_link'] = $_POST['ext_link']; $this->navi[$navi_id]['Subnavi'][$page_id]['Modul'] = $_POST['module']; $oldname = $this->I18n_get_real(General::input_clean($_POST['oldname'])); $oldname_encoded = $this->path_encode($oldname); $name_encoded = $this->path_encode($this->I18n_get_real($new_name)); $rubrik_name = $this->path_encode($this->I18n_get_real($this->navi[$navi_id]['Rubrik'])); $path = DOCUMENT_ROOT . INSTALL_PATH . '/Content/' . $rubrik_name . '/'; RheinaufFile::rename($path . $oldname_encoded, $path . $name_encoded); $this->make_the_new_navi(); $this->htaccess_update(); }
function overview() { $this->pics_scaff->add_search_field('Name'); $this->pics_scaff->add_search_field('Jahr'); $this->pics_scaff->template_vars['Name_value'] = $_GET['Name'] ? $_GET['Name'] : ''; if ($name = $_GET['Name']) { $_GET['Name'] = "%{$name}%"; } $this->pics_scaff->template_vars['Jahr_value'] = $_GET['Jahr'] ? $_GET['Jahr'] : ''; if ($jahr = $_GET['Jahr']) { $_GET['Jahr'] = "%{$jahr}%"; } $where = array(); foreach ($this->pics_scaff->enable_search_for as $spalte) { if ($_GET[$spalte]) { $value = General::input_clean($_GET[$spalte], true); $where[] = "`{$spalte}` LIKE '{$value}'"; } } $where = $where ? "WHERE " . implode($this->pics_scaff->search_combinate, $where) : ''; $images_sql = $all_images_sql = "SELECT * FROM `{$this->pics_db_table}` {$where}"; $order = $_GET['order'] ? "&order=" . $_GET['order'] : ''; if ($_GET['dir'] == 'desc') { $auf = 'Aufsteigend'; $ab = Html::bold(Html::italic('Absteigend')); $dir = 'DESC'; $desc = '&dir=asc'; } else { if ($_GET['dir'] == 'asc') { $auf = Html::bold(Html::italic('Aufsteigend')); $ab = 'Absteigend'; $dir = 'ASC'; $desc = '&dir=desc'; } else { $dir = 'ASC'; $desc = '&dir=desc'; } } $return .= ' '; $this->pics_scaff->edit_enabled = true; foreach ($this->pics_scaff->cols_array as $col) { $name = $_GET['order'] == $col['name'] ? Html::bold(Html::italic($col['name'])) : $col['name']; $desc = $_GET['order'] == $col['name'] ? $_GET['dir'] == 'desc' ? '&dir=asc' : '&dir=desc' : '&dir=desc'; $this->pics_scaff->template_vars[$col['name'] . '_button'] = Html::a('/Admin/RheinaufExhibitionAdmin/Pictures?order=' . rawurlencode($col['name']) . $desc, $name); } $this->pics_scaff->results_per_page = 30; $pages = $this->pics_scaff->get_pages($all_images_sql); $pagination = $this->pics_scaff->num_rows . " Bilder auf {$pages} Seiten "; $prev_link = ($prev = $this->pics_scaff->prev_link()) ? Html::a(SELF . '?order=' . $_GET['order'] . '&dir=' . $_GET['dir'] . '&' . $prev, htmlspecialchars('<<<'), array('class' => 'button')) : ''; $next_link = ($next = $this->pics_scaff->next_link()) ? Html::a(SELF . '?order=' . $_GET['order'] . '&dir=' . $_GET['dir'] . '&' . $next, htmlspecialchars('>>>'), array('class' => 'button')) : ''; $this->pics_scaff->template_vars['pagination'] = $pagination . $prev_link . "Seite " . $this->pics_scaff->get_page() . ' von ' . $pages . ' ' . $next_link; $order = $_GET['order'] ? rawurldecode($_GET['order']) : 'Name'; //Bild des Monats $sql = "SELECT * FROM `{$this->db_table}` WHERE `BildDesMonats` != '' ORDER BY `BildDesMonats` DESC"; //BDM_Monat`='$month' AND `BDM_Jahr`='$year'"; $result = $this->connection->db_single_row($sql); $last_bdm = $result['BildDesMonats']; $this->pics_scaff->template_vars['next_bdm'] = $next_bdm = substr(Date::add($last_bdm . '01', 'month', 1), 0, 6); $this->pics_scaff->template_vars['next_bdm_str'] = substr($next_bdm, 4, 2) . '/' . substr($next_bdm, 0, 4); $this->pics_scaff->cols_array['BildDesMonats']['transform'] = '($value) ? substr($value,4,2). "/" .substr($value,0,4):"";'; $this->pics_scaff->cols_array['Beschreibung']['transform'] = '($value) ? "ja":"nein";'; $this->pics_scaff->cols_array['Höhe']['transform'] = '($value) ? $value :"n.a.";'; $this->pics_scaff->cols_array['Breite']['transform'] = '($value) ? $value :"n.a.";'; $this->pics_scaff->cols_array['Name']['transform'] = 'General::wrap_string($value,20);'; $sql = "{$images_sql} ORDER BY {$order} {$dir}"; return Html::h(2, 'Alle Bilder') . $this->pics_scaff->make_table($sql, INSTALL_PATH . '/Module/RheinaufExhibition/Backend/Templates/ExhibitionPicturesOverview.template.html'); }
function edit_group_update() { $edit_user_gruppe = General::input_clean(rawurldecode($_POST['gruppe']), true); $edit_user_id = $_POST['id']; $this->connection->db_query("UPDATE `{$this->user_table}` SET `Group` = '{$edit_user_gruppe}' WHERE `id` = '{$edit_user_id}'"); }
function db_insert($update = 0) { if (isset($_POST['cancel'])) { return; } if ($update) { $update_array = array(); } $insert_sql = 'REPLACE INTO `' . $this->table . '` ('; $field_names = array(); foreach ($this->cols_array as $key => $col) { $field_name = $key; $field_names[] = '`' . $field_name . '`'; } $insert_sql .= implode(', ', $field_names); $insert_sql .= ") VALUES ("; $field_values = array(); foreach ($_POST as $key => $value) { if ($key != rawurldecode($key)) { $_POST[rawurldecode($key)] = $value; unset($_POST[$key]); } } foreach ($_FILES as $key => $value) { if ($key != rawurldecode($key)) { $_POST[rawurldecode($key)] = $value; unset($_POST[$key]); } } foreach ($this->cols_array as $key => $col) { $field_value = $_POST[$key] ? $_POST[$key] : $col['value']; if ($col['type'] == 'select' && strstr($field_value, '--')) { $field_value = ''; } if ($col['type'] == 'check') { $t = array(); $c = count($field_value); for ($i = 0; $i < $c; ++$i) { // was bedeutet das hier wohl? ah ja, sonsiges feld mit komma getrennt wird gesplitted und einzeln behandelt if (strstr($field_value[$i], ',')) { $t = explode(',', $field_value[$i]); unset($field_value[$i]); } } foreach ($t as $v) { $field_value[] = trim($v); } $field_value = is_array($field_value) ? implode('&delim;', General::trim_array($field_value)) : $field_value; if (!$fieldvalue) { $_POST[$key] = ''; } } if ($col['type'] == 'timestamp') { $t = Date::unify_timestamp($_POST[$key . '_jahr'] . $_POST[$key . '_monat'] . $_POST[$key . '_tag'] . $_POST[$key . '_stunde'] . $_POST[$key . '_minute'] . '00'); $field_value = $t; } if ($col['type'] == 'email') { $field_value = $_POST[$key . '_name']; if ($_POST[$key . '_mail']) { $field_value .= ' <' . $_POST[$key . '_mail'] . '>'; } } if ($col['type'] == 'changed') { $field_value .= $_POST[$key] ? "\n" : ''; $field_value .= Date::timestamp2datum(Date::now()); } if ($col['type'] == 'upload') { if ($col['upload_extensions']) { $upload_extensions = array(); foreach ($col['upload_extensions'] as $ext) { $upload_extensions[] = '\\.' . $ext . '$'; } $upload_extensions = implode('|', $upload_extensions); } if ($col['upload_size']) { $max_upload = $col['upload_size'] * 1024; } $field_value = $_POST[$key] ? $_POST[$key] : array(); $_POST[$key] = isset($_POST[$key]) ? $_POST[$key] : true; if ($this->upload_folder) { $upload_folder = ''; if (is_string($this->upload_folder)) { $this->upload_folder = array($this->upload_folder); } foreach ($this->upload_folder as $col_name) { $upload_folder .= $_POST[$col_name]; } if (!RheinaufFile::is_dir($folder = $this->upload_path . $upload_folder)) { RheinaufFile::mkdir($folder); RheinaufFile::chmod($folder, '777'); } $upload_folder = $upload_folder . "/"; } if ($_FILES[$key . '_upload']['name']) { if (is_array($_FILES[$key . '_upload']['name'])) { $c = count($_FILES[$key . '_upload']['name']); for ($i = 0; $i < $c; ++$i) { $f_name = preg_replace("/[^0-9a-z.]/i", '_', $_FILES[$key . '_upload']['name'][$i]); if ($f_name && $upload_extensions && !preg_match("/{$upload_extensions}/i", $f_name)) { $GLOBALS['scripts'] .= Html::script('onLoad.push(function() {alert("Dieses Dateiformat ist nicht erlaubt.")})'); continue; } if ($f_name && $max_upload && $_FILES[$key . '_upload']['size'][$i] > $max_upload) { $GLOBALS['scripts'] .= Html::script('onLoad.push(function() {alert("Die Dateigröße übersteigt das erlaubte Maximum")})'); continue; } $file = $this->upload_path . $upload_folder . $f_name; $uploaded_file = $_FILES[$key . '_upload']['tmp_name'][$i]; RheinaufFile::move_uploaded_file($uploaded_file, $file); RheinaufFile::chmod($file, '777'); $max_scale = $col['max_scale'] ? $col['max_scale'] : $this->max_scale; $this->max_scale_image($file, $max_scale); $field_value[] = $f_name; } //$field_value = (is_array($field_value)) ? implode('&delim;',General::trim_array( $field_value )) : $field_value; } else { $f_name = preg_replace("/[^0-9a-z.]/i", '_', $_FILES[$key . '_upload']['name']); if ($f_name && $upload_extensions && !preg_match("/{$upload_extensions}/", $f_name)) { $GLOBALS['scripts'] .= Html::script('onLoad.push(function() {alert("Dieses Dateiformat ist nicht erlaubt.")})'); continue; } if ($f_name && $max_upload && $_FILES[$key . '_upload']['size'] > $max_upload) { $GLOBALS['scripts'] .= Html::script('onLoad.push(function() {alert("Die Dateigröße übersteigt das erlaubte Maximum")})'); continue; } $file = $this->upload_path . $upload_folder . $f_name; $uploaded_file = $_FILES[$key . '_upload']['tmp_name']; RheinaufFile::move_uploaded_file($uploaded_file, $file); RheinaufFile::chmod($file, '777'); $max_scale = $col['max_scale'] ? $col['max_scale'] : $this->max_scale; $this->max_scale_image($file, $max_scale); $field_value[] = $f_name; } } if (is_array($_POST[$key . "_delfile"])) { $field_value = array_diff($field_value, $_POST[$key . "_delfile"]); foreach ($_POST[$key . "_delfile"] as $file) { RheinaufFile::delete($this->upload_path . $upload_folder . $file); } } } if (is_array($field_value)) { $field_value = implode('&delim;', General::trim_array($field_value)); } if ($key == 'id') { $field_value = $_POST['edit_id'] !== '' ? $_POST['edit_id'] : ''; } $field_value = General::input_clean($field_value, true); $field_values[] = "'" . $field_value . "'"; if ($update && isset($_POST[$key])) { $update_array[$key] = $field_value; } } if ($update) { $this->connection->db_update($this->table, $update_array, "`id` = {$update}"); } else { $insert_sql .= implode(', ', $field_values) . ')'; $this->connection->db_query($insert_sql); $this->last_insert_id = $this->connection->db_last_insert_id(); } }
function gb_input() { $name = General::input_clean($_POST['x1']); $email = General::input_clean($_POST['email']); $url = General::input_clean($_POST['url']); if(!$name) return; if (!preg_match('#^http://.+#',$url) && $url != '') $url = 'http://'.$url; $beitrag = General::input_clean($_POST['beitrag']); $this->connection->db_query("INSERT INTO `RheinaufCMS>Gästebuch` ( `id` , `name` , `datum`,`email` , `url`, `beitrag` ) VALUES ('', '$name', NOW(),'$email', '$url', '$beitrag')"); $_SESSION['last_id']['id'] = $this->connection->db_last_insert_id(); $_SESSION['last_id']['timestamp'] = time(); }
function insert_loc_edit() { $values = array(); $values['Location_id'] = $locid = $_POST['Location_id']; $values['Location_name'] = $_POST['Location_name']; $values['Adresse'] = $_POST['Adresse']; $values['PLZ'] = $_POST['PLZ']; $values['Stadt'] = $_POST['Stadt']; $values['Ortszusatz'] = $_POST['Ortszusatz']; $values['Land'] = $_POST['Land']; $values['Website'] = $_POST['Website']; $values['Breite'] = $_POST['Breite']; $values['Länge'] = $_POST[rawurlencode('Länge')]; foreach ($values as $key => $value) { $values[$key] = General::input_clean(rawurldecode($value), true); } $this->connection->db_update($this->db_table, $values, "`Location_id`='{$locid}'"); }
function gb_input() { if (is_array($_POST['name']) || !$_POST['x1'] && !$_POST['x4']) { return; } $name = General::input_clean($_POST['x1'], true); $email = General::input_clean($_POST['x2'], true); $url = General::input_clean($_POST['x3'], true); if (!preg_match('#^http://.+#', $url) && $url != '') { $url = 'http://' . $url; } $beitrag = General::input_clean($_POST['x4'], true); if ($_SESSION['last_id']['txt'] == $beitrag) { return; } #2005-10-13 22-01 $now = Date::now(); $sql = "INSERT INTO `RheinaufCMS>Guestbook` ( `id` , `name` , `datum`,`email` , `url`, `beitrag` )\n\t\t\t\t\t\t\t\t\t\t\t\tVALUES ('', '{$name}','{$now}','{$email}', '{$url}', '{$beitrag}')"; $this->connection->db_query($sql); $_SESSION['last_id']['id'] = $this->connection->db_last_insert_id(); $_SESSION['last_id']['timestamp'] = time(); $_SESSION['last_id']['txt'] = $beitrag; }