function closeConnection()
{
if (self::$con) {
@mysql_close(self::$con);
self::$con = FALSE;
return TRUE;
} else {
return FALSE;
}
}
<?php
include '../core/main.class.php';
$main = new Main();
//check for loged in
$id = Security::secureString($_GET['id']);
$status = Security::secureString($_GET['status']);
if (session::check() && session::get_param('admin')) {
$main->con()->db_query("UPDATE feedback_ideas SET status='{$status}' WHERE id='{$id}'");
$info = array('status' => '<div id="status_' . $id . '" class="nr_votes ' . render::giveStatus($status, "class") . '">' . render::giveStatus($status, "text") . '</div>', 'adm_com' => '<div id="com_status_' . $id . '" class="ad_' . render::giveStatus($status, "class") . '"></div>');
echo json_encode($info);
}
<?php
include '../core/main.class.php';
$main = new Main();
//check for loged in
$id = Security::secureString($_GET['id']);
$idea = mysql_fetch_array($main->con()->db_query("SELECT votes FROM feedback_ideas WHERE id='{$id}'"));
if (session::check()) {
$voter_id = session::get_param('user_id');
$main->con()->db_query("UPDATE feedback_ideas SET votes=votes+1 WHERE id='{$id}'");
$main->con()->db_query("INSERT INTO feedback_votes (idea_id,voter_id) VALUES('{$id}','{$voter_id}')");
}
echo render::dynamicFont(number_format($idea['votes'] + 1, 0, '', ','), 32);
?>
<br/>
votes<br/>
<?php
include '../core/main.class.php';
$main = new Main();
//check for loged in
$id = Security::secureString($_GET['id']);
if (session::check() && session::get_param('admin')) {
$main->con()->db_query("DELETE FROM feedback_ideas WHERE id='{$id}'");
}
<?php
include '../../../core/main.class.php';
$main = new Main();
//check for loged in
$id = Security::secureString($_GET['id']);
if (session::check() && session::get_param('admin')) {
$idea = mysql_fetch_array($main->con()->db_query("SELECT * FROM feedback_comments WHERE id='{$id}'"));
$main->con()->db_query("DELETE FROM feedback_comments WHERE id='{$id}'");
$main->con()->db_query("UPDATE feedback_ideas SET comments=comments-1 WHERE id='" . $idea['idea_id'] . "'");
}
<?php
include '../../../core/main.class.php';
$main = new Main();
//check for loged in
$title = Security::secureString($_GET['title']);
$descr = Security::secureString($_GET['description']);
$auth_id = session::get_param('user_id');
$main->con()->db_query("INSERT INTO feedback_ideas (idea,description,sub_date,auth_id) VALUES('{$title}','{$descr}',NOW(),'{$auth_id}')");
//insert si in votes votu lu asta!
$id = mysql_insert_id();
$idea = mysql_fetch_array($main->con()->db_query("SELECT idea,id FROM feedback_ideas WHERE id='{$id}'"));
$url = HTTP_CORE_BASE . 'idea/id/' . $idea['id'] . '/' . render::makeTitle($idea['idea']);
echo '&url=' . $url;
include '../../../core/main.class.php';
$main = new Main();
$action = Security::secureString($_GET['action']);
switch ($action) {
case 'signup':
$username = strtolower(Security::secureString($_GET['username']));
$email = strtolower(Security::secureString($_GET['email']));
$password = Security::secureString($_GET['password']);
$rpassword = Security::secureString($_GET['rpassword']);
if ($password == $rpassword) {
$pass = md5($password);
} else {
$msg = 'The passwords did not match!';
}
if ($main->con()->db_query("INSERT INTO members (username,email,password,joindate) VALUES('{$username}','{$email}','{$pass}',NOW())")) {
$msg = 'The user was created!';
}
echo $msg;
break;
case 'login':
$username = strtolower(Security::secureString($_GET['username']));
$password = md5(Security::secureString($_GET['password']));
$error = '0';
$msg = '';
$admin = false;
$sql_check = $main->con()->db_query("SELECT username,password,id,admin FROM members WHERE username='******' AND password='******'");
if (mysql_num_rows($sql_check)) {
$row = mysql_fetch_assoc($sql_check);
session::start_secure_session();
session::add_param("admin", $row['admin']);
public function __construct()
{
if (!empty($this->exception_handler)) {
set_exception_handler($this->exception_handler);
}
$this->plugins_dir = PLUGINS_DIR;
//data encapsulation
self::$con = new Conn();
Session::start(SESSION_NAME);
}
<?php
include '../../../core/main.class.php';
$main = new Main();
$term = Security::secureString($_GET['term']);
$result_resources = $main->con()->db_query("SELECT *, MATCH(idea, description) AGAINST('{$term}') AS score FROM feedback_ideas\n WHERE MATCH(idea, description) AGAINST('{$term}') ORDER BY score DESC LIMIT 30");
while ($info = mysql_fetch_array($result_resources)) {
$ideas[] = $info;
}
$voted_ideas = array();
if (session::check()) {
$videas_q = $main->con()->db_query("SELECT idea_id FROM feedback_votes WHERE voter_id='" . session::get_param('user_id') . "'");
while ($i_videas = mysql_fetch_assoc($videas_q)) {
$voted_ideas[] = $i_videas;
}
}
$highliter = '<span style="background:yellow;">\\1</span>';
if (!empty($ideas)) {
foreach ($ideas as $idea) {
?>
<div id="idea_<?php
echo $idea['id'];
?>
" class="idea_container">
<div class="votes">
<div id="nr_votes_<?php
echo $idea['id'];
?>
" class="nr_votes <?php
echo $idea['status'] == 4 || render::checkVoted($idea['id'], $voted_ideas) ? 'full' : '';
?>
<?php
include '../../../core/main.class.php';
$main = new Main();
if (session::check()) {
$user_id = session::get_param('user_id');
$idea_id = Security::secureString($_GET['idea_id']);
$comment = Security::secureString(strip_tags($_GET['comment']));
$admin_change = Security::secureString(strip_tags($_GET['admin_change']));
if ($admin_change == '1') {
$main->con()->db_query("UPDATE feedback_ideas SET admin_comment='{$comment}' WHERE id='{$idea_id}'");
} else {
$main->con()->db_query("INSERT INTO feedback_comments (idea_id,user_id,comment,date) VALUES('{$idea_id}','{$user_id}','{$comment}',NOW())");
$main->con()->db_query("UPDATE feedback_ideas SET comments=comments+1 WHERE id='{$idea_id}'");
}
}
?>
