$get->assignVar('site');
$get->assignVar('type');
/**sortieren ***/
$get->assignVar('order');
$get->assignVar('order_by');
/**sortieren ***/
if($get->validateVars()){
$e= new pExploit();
$e->dbh($dbh);
$n=$e->mysqlCountByCategory($get->view()); //anpassen
//-----lsExploits--------------------------------------------------------------------------------------------------------------------------------------------------------------
$e= new pExploit();
$e->dbh($dbh);
$c=new pCategory();
$c->dbh($dbh);
$c->mysqlSelect($get->view());
/*******order*******************/
$currentVars=array("view"=>$get->view());
$order="asc"; //asc||desc
$orderBy="date"; //order by column field
if ($get->order_by()!="" && $get->order()!=""){
$orderBy=$get->order_by();
$order=$get->order();
}
$vars= new Getvars();
$vars->requireVar('catname');
$vars->requireVar('category');
$vars->requireVar('platform');
$vars->requireVar('content');
$vars->assignVar('url_upload');
$vars->assignVar('pc_upload');
$vars->assignVar('verified');
/*benutzereingaben auswerten*/
if($vars->validateVars()){
$e= new pExploit();
$e->autor('anonymous');
$e->title($vars->catname());
$e->category($vars->category());
$e->platform($vars->platform());
$e->content($vars->content());
$e->codeLanguage($vars->language());
$verified=false;
if ($vars->verified()=='on')
$verified=true;
$e->verified($verified);
$e->dbh($dbh);
$upload=new Upload($vars->url_upload(),$_FILES['pc_upload']);
$upload->uploaddir('upload');
$e->file($upload->upload());
unlink($e->file());
}
$e->file($upload->upload());
$e->mysqlUpdate();
echo "<h4>{$vars->catname()} geändert :)</h4>";
}else {
;
}
/**Formular erzeugen***/
$edit=new Getvars();
$edit->requireVar('edit');
if ($edit->validateVars()){
$e=new pExploit();
$e->dbh($dbh);
$e->mysqlSelect($edit->edit());
$categories = array($e->category() =>$e->loadCategory()) + $category->mysqlSelect();
$platforms=array($e->platform() =>$e->loadPlatform()) + $platform->mysqlSelect();
$languages=array_merge(array($e->codeLanguage()), $languages);
$path=pathinfo(__FILE__);
$form=new Formgen("post", $path['filename'].'.'.$path['extension']);
$form->addTextField("Name", "catname", $e->title());
$form->addSelect("kategorie", "category",$categories);
$form->addSelect("platform", "platform",$platforms);
$form->addSelect("Spache", "language", $languages);
$form->addTextArea("beschreibung", "content",$e->content(), 30,65);
<h1>list exploits</h1>
<img src="img/logo.png" alt="logo" />
</div>
<div>
<div class="list">
<table class="exploits-list">
<?php
//LOESCHEN
$getDelete=new Getvars();
$getDelete->requireVar('delete');
if ($getDelete->validateVars()){
$exploit=new pExploit();
$exploit->dbh($dbh);
$exploit->id($getDelete->delete());
$exploit->mysqlDelete();
}
foreach ($exploits as $e){
$view=$fgen->getLink($e->title(), 'ShowExploit.php', array("view" =>$e->id()));
$edit=$fgen->getLink('edit', 'EditExploit.php', array("edit" =>$e->id()));
$delete=$fgen->getLink('delete', 'ListExploit.php',array('delete'=>$e->id()),true, "{$e->title()} löschen?");
echo "<tr><td>$view</td><td>$edit</td><td>$delete</td></tr>\n";
}
public function mysqlSelect($id=""){
if(!$this->dbh())
return false;
if (empty($id)){
$sql="SELECT * FROM cms_exploit";
$stmt=$this->dbh->prepare($sql);
$stmt->execute();
$exploits=array();
foreach($stmt->fetchAll() as $value){
$e=new pExploit();
$e->id($value['id']);
$e->date=$value['date'];
$e->verified=$value['verified'];
$e->hits=$value['hits'];
$e->autor=$value['autor'];
$e->codeLanguage=$value['code_language'];
$e->title=$value['title'];
$e->content=$value['content'];
$e->file=$value['file'];
$e->category=$value['category'];
$e->platform=$value['platform'];
$e->dbh=$e->dbh();
$exploits[]=$e;
}
return $exploits;
} else {
$sql="SELECT * FROM cms_exploit WHERE id=?";
$stmt=$this->dbh->prepare($sql);
$stmt->bindParam(1, $id, PDO::PARAM_INT);
$stmt->execute();
$value=$stmt->fetch(PDO::FETCH_ASSOC);
if($value==null)
return false;
$this->id($value['id']);
$this->date=$value['date'];
$this->verified=$value['verified'];
$this->hits=$value['hits'];
$this->autor=$value['autor'];
$this->codeLanguage=$value['code_language'];
$this->title=$value['title'];
$this->content=$value['content'];
$this->file=$value['file'];
$this->category=$value['category'];
$this->platform=$value['platform'];
}
}//function
<title>show exploit</title>
<link rel="stylesheet" media="all" href="layout.css">
</head>
<body>
<div id="head">
<h1><a href="index.php">ue-cr3w exploits</a></h1>
<img src="img/logo.png" alt="logo" />
</div>
<div>
<?php
$varExploit=new Getvars();
$varExploit->requireVar('view');
if ($varExploit->validateVars()){
//load
$e=new pExploit();
$e->dbh($dbh);
$e->mysqlSelect($varExploit->view());
$f=new Formgen();
//output
$link= $f->getLink("download", $e->file());
echo $f->getHeading($e->title(), 4);
echo "<div class=\"exploit-autor\">author:{$e->autor()}</div>";
echo "<div class=\"exploit-date\">date:{$e->date()}</div>";
echo "<div class=\"exploit-hits\">hits:{$e->hits()}</div>";
echo "<div class=\"exploit-verified\">verified:{$e->verified()}</div>";
public function loadBy(){
if ($this->userVars->validateVars()){
$e= new pExploit();
$e->dbh($this->dbh);
if($this->userVars->id()){
$this->exploits=$e->mySqlSelectByCategory($this->userVars->id(), 0, 15);
$this->navigation->nElements($e->mysqlCountByCategory($this->userVars->id()));
}
}
}//loadBy
