<?php
include '../core/main.class.php';
$main = new Main();
//check for loged in
$id = Security::secureString($_GET['id']);
$status = Security::secureString($_GET['status']);
if (session::check() && session::get_param('admin')) {
$main->con()->db_query("UPDATE feedback_ideas SET status='{$status}' WHERE id='{$id}'");
$info = array('status' => '<div id="status_' . $id . '" class="nr_votes ' . render::giveStatus($status, "class") . '">' . render::giveStatus($status, "text") . '</div>', 'adm_com' => '<div id="com_status_' . $id . '" class="ad_' . render::giveStatus($status, "class") . '"></div>');
echo json_encode($info);
}
<?php
include '../core/main.class.php';
$main = new Main();
//check for loged in
$id = Security::secureString($_GET['id']);
$idea = mysql_fetch_array($main->con()->db_query("SELECT votes FROM feedback_ideas WHERE id='{$id}'"));
if (session::check()) {
$voter_id = session::get_param('user_id');
$main->con()->db_query("UPDATE feedback_ideas SET votes=votes+1 WHERE id='{$id}'");
$main->con()->db_query("INSERT INTO feedback_votes (idea_id,voter_id) VALUES('{$id}','{$voter_id}')");
}
echo render::dynamicFont(number_format($idea['votes'] + 1, 0, '', ','), 32);
?>
<br/>
votes<br/>
<?php
include '../../../core/main.class.php';
$main = new Main();
//check for loged in
$title = Security::secureString($_GET['title']);
$descr = Security::secureString($_GET['description']);
$auth_id = session::get_param('user_id');
$main->con()->db_query("INSERT INTO feedback_ideas (idea,description,sub_date,auth_id) VALUES('{$title}','{$descr}',NOW(),'{$auth_id}')");
//insert si in votes votu lu asta!
$id = mysql_insert_id();
$idea = mysql_fetch_array($main->con()->db_query("SELECT idea,id FROM feedback_ideas WHERE id='{$id}'"));
$url = HTTP_CORE_BASE . 'idea/id/' . $idea['id'] . '/' . render::makeTitle($idea['idea']);
echo '&url=' . $url;
$email = strtolower(Security::secureString($_GET['email']));
$password = Security::secureString($_GET['password']);
$rpassword = Security::secureString($_GET['rpassword']);
if ($password == $rpassword) {
$pass = md5($password);
} else {
$msg = 'The passwords did not match!';
}
if ($main->con()->db_query("INSERT INTO members (username,email,password,joindate) VALUES('{$username}','{$email}','{$pass}',NOW())")) {
$msg = 'The user was created!';
}
echo $msg;
break;
case 'login':
$username = strtolower(Security::secureString($_GET['username']));
$password = md5(Security::secureString($_GET['password']));
$error = '0';
$msg = '';
$admin = false;
$sql_check = $main->con()->db_query("SELECT username,password,id,admin FROM members WHERE username='******' AND password='******'");
if (mysql_num_rows($sql_check)) {
$row = mysql_fetch_assoc($sql_check);
session::start_secure_session();
session::add_param("admin", $row['admin']);
session::add_param("user_id", $row['id']);
session::add_param("username", $username);
} else {
$error = '1';
$msg = 'Acest user nu exista!';
}
echo '&error=' . $error . '&msg=' . $msg;
<?php
/**
* Copyright: ajaxmasters.com
* Original Authors: ajaxmasters.com
*/
include 'core/main.class.php';
$main = new Main();
$users = new Users();
//get pars except for page
$pars = parseUrl::get_pars($_GET['pars']);
//get page name and store it in a variable
$pagename = parseUrl::get_page(Security::secureString($_GET['pars']));
$filename = $main->modulesUrl($pagename);
//include the header of every module
$controller = $main->controllerUrl($pagename);
if (is_file($controller)) {
include_once $controller;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<?php
include_once CORE_DIR . "meta_tags.php";
?>
<link rel="stylesheet" href="<?php
echo HTTP_CORE_BASE;
?>
<?php
include '../../../core/main.class.php';
$main = new Main();
$term = Security::secureString($_GET['term']);
$result_resources = $main->con()->db_query("SELECT *, MATCH(idea, description) AGAINST('{$term}') AS score FROM feedback_ideas\n WHERE MATCH(idea, description) AGAINST('{$term}') ORDER BY score DESC LIMIT 30");
while ($info = mysql_fetch_array($result_resources)) {
$ideas[] = $info;
}
$voted_ideas = array();
if (session::check()) {
$videas_q = $main->con()->db_query("SELECT idea_id FROM feedback_votes WHERE voter_id='" . session::get_param('user_id') . "'");
while ($i_videas = mysql_fetch_assoc($videas_q)) {
$voted_ideas[] = $i_videas;
}
}
$highliter = '<span style="background:yellow;">\\1</span>';
if (!empty($ideas)) {
foreach ($ideas as $idea) {
?>
<div id="idea_<?php
echo $idea['id'];
?>
" class="idea_container">
<div class="votes">
<div id="nr_votes_<?php
echo $idea['id'];
?>
" class="nr_votes <?php
echo $idea['status'] == 4 || render::checkVoted($idea['id'], $voted_ideas) ? 'full' : '';
?>
<?php
include '../../../core/main.class.php';
$main = new Main();
if (session::check()) {
$user_id = session::get_param('user_id');
$idea_id = Security::secureString($_GET['idea_id']);
$comment = Security::secureString(strip_tags($_GET['comment']));
$admin_change = Security::secureString(strip_tags($_GET['admin_change']));
if ($admin_change == '1') {
$main->con()->db_query("UPDATE feedback_ideas SET admin_comment='{$comment}' WHERE id='{$idea_id}'");
} else {
$main->con()->db_query("INSERT INTO feedback_comments (idea_id,user_id,comment,date) VALUES('{$idea_id}','{$user_id}','{$comment}',NOW())");
$main->con()->db_query("UPDATE feedback_ideas SET comments=comments+1 WHERE id='{$idea_id}'");
}
}
?>
