echo " " . str_pad("Preis", 15, ".") . ": " . $preis . "\n";
// site_file: sql bauen
$sql = "SELECT * FROM site_file WHERE ffname='" . $pic . "' AND funder='Wening-Stich " . $serial . "'";
echo " " . str_pad("Ueberpruefung", 15, ".") . ": " . $sql . "\n";
$result = $db->query($sql);
echo " " . str_pad("Num_Rows", 15, ".") . ": " . $db->num_rows($result) . "\n";
if ($db->num_rows($result) == 0) {
$sql = "INSERT INTO site_file (ffname,\n fdesc,\n funder,\n fhit,\n ffart,\n fuid,\n fdid)\n VALUES ('" . $pic . "',\n 'Wening-Stiche:\n" . $desc . "\n" . $size . "\n" . $format . "',\n 'Wening-Stich " . $serial . "',\n 'Wening-Stiche:\n" . $desc . "\n" . $size . "\n" . $format . "',\n 'jpg',\n '1',\n '')";
// echo " ".str_pad("Einfuegen",15,".").": ".$sql."\n";
if ($result = $db->query($sql)) {
echo " " . str_pad("Einfuegen", 15, ".") . ": erfolgreich\n";
$pic_source = $path_pics . "/" . $pic;
echo " " . str_pad("Quelle", 15, ".") . ": " . $pic_source . "\n";
$file_id = $db->lastid();
echo " " . str_pad("last-id", 15, ".") . ": " . $file_id . "\n";
arrange($file_id, $path_pics . "/" . $pic, $pic, 0);
}
}
// db_produkte: sql bauen
$sql = "SELECT * FROM db_produkte WHERE seriennr='" . $serial . "' AND typ='wening' AND titel='" . $titel . "'";
echo " " . str_pad("Ueberpruefung", 15, ".") . ": " . $sql . "\n";
$result = $db->query($sql);
echo " " . str_pad("Num_Rows", 15, ".") . ": " . $db->num_rows($result) . "\n";
if ($db->num_rows($result) == 0) {
$sql = "INSERT INTO db_produkte (seriennr,\n typ,\n titel,\n beschreibung,\n preis,\n changed,\n created,\n pics)\n VALUES ('" . $serial . "',\n 'wening',\n '" . $titel . "',\n '" . $desc . "\n" . $size . "\n" . $format . "',\n '" . $preis . "',\n '" . date("Y-m-d") . "',\n '" . date("Y-m-d") . "',\n '" . $file_id . "')";
// echo " ".str_pad("Einfuegen",15,".").": ".$sql."\n";
// $result = $db -> query($sql);
if ($result = $db->query($sql)) {
echo " " . str_pad("Einfuegen", 15, ".") . ": erfolgreich\n";
}
}
$sqla .= ", ffart";
$sqlb .= ", '" . strtolower(substr(strrchr($file, "."), 1)) . "'";
$sqla .= ", fuid";
$sqlb .= ", '" . $_SESSION["uid"] . "'";
$sqla .= ", fdid";
$sqlb .= ", '" . $_SESSION["custom"] . "'";
$sql = "insert into " . $cfg["fileed"]["db"]["file"]["entries"] . " (" . $sqla . ") VALUES (" . $sqlb . ")";
if ($debugging["sql_enable"]) {
$debugging["ausgabe"] .= "sql: " . $sql . $debugging["char"];
}
$result = $db->query($sql);
#if ( !$result ) $ausgaben["form_error"] .= $db -> error("#(error_result)<br />");
if ($result) {
$file_id = $db->lastid();
$source = $cfg["file"]["base"]["maindir"] . $cfg["file"]["base"]["new"] . $file;
arrange($file_id, $source, $file);
} else {
$ausgaben["form_error"] .= $db->error("#(error_result)<br />");
}
if ($header == "") {
$header = $cfg["fileed"]["basis"] . "/add.html";
}
}
// wenn es keine fehlermeldungen gab, die uri $header laden
if ($ausgaben["form_error"] == "") {
header("Location: " . $header);
}
}
} else {
header("Location: " . $pathvars["virtual"] . "/");
}
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="format-detection" content="telephone=no" />
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<BODY bgcolor=#4a93e9>
<?php
include 'include.php';
$charid = strtoupper(md5(uniqid(rand(), true)));
$name1Err = "";
if (empty($_POST["name1"])) {
$name1Err = "请输入姓名";
} else {
$name1 = arrange($_POST["name1"]);
if (!preg_match("/^[\\x{4e00}-\\x{9fa5}]+\$/u", $name1)) {
$name1Err = "请输入中文姓名";
}
}
if (in_array($judge, array(39))) {
$dbconn = mysql_connect("localhost", "minecraft", "passwd");
mysql_select_db("lostandfound", $dbconn);
mysql_query("set name 'utf8'");
$result = mysql_query("select number1 from number1 where number1={$_POST['number1']}");
if (mysql_num_rows($result) == 0) {
mysql_query("INSERT INTO number1 (name,number1,event) VALUES ('{$_POST['name']}','{$_POST['number1']}','{$charid}')");
mysql_query("INSERT INTO picker (name,number,phone,qq,email,event) VALUES ('{$_POST['name1']}','{$_POST['number']}','{$_POST['phone']}','{$_POST['qq']}','{$_POST['email']}','{$charid}')");
$judge = 1;
} else {
$judge = 0;
if ($environment["parameter"][3] == "verify" && ($_POST["send"] != "" || $_POST["extract"] != "" || $_POST["extension2"] != "")) {
// form eingaben pruefen
form_errors($form_options, $_POST);
// evtl. zusaetzliche datensatz aendern
if ($ausgaben["form_error"] == "") {
if ($owner_error == "") {
// funktions bereich fuer erweiterungen
// ***
// file ersetzen
if ($_FILES["upload"]["name"] != "") {
$error = file_validate($_FILES["upload"]["tmp_name"], $_FILES["upload"]["size"], $cfg["file"]["filesize"], array($form_values["ffart"]), "upload");
if ($error == 0) {
$newname = $cfg["file"]["base"]["maindir"] . $cfg["file"]["base"]["new"] . $_SESSION["uid"] . "_" . $_FILES["upload"]["name"];
rename($_FILES["upload"]["tmp_name"], $newname);
$file_id = $form_values["fid"];
arrange($file_id, $newname, $_FILES["upload"]["name"]);
} else {
$ausgaben["form_error"] .= "#(error_replace) " . $file["name"] . " g(file_error" . $error . ")";
}
}
if ($_POST["extract"] != "") {
// naechste freie compilation-id suchen
if ($_POST["selection"] == -1) {
$buffer = compilation_list();
reset($buffer);
$compid = key($buffer) + 1;
} else {
$compid = "";
}
// zip auspacken
$not_extracted = zip_handling($file_srv, $cfg["file"]["base"]["maindir"] . $cfg["file"]["base"]["new"], $cfg["file"]["filetyp"], $cfg["file"]["filesize"], "", $compid, $cfg["fileed"]["zip_handling"]["sektions"]);
} else {
$qq = arrange($_POST["qq"]);
if (!preg_match("/^[0-9]{5,11}\$/", $qq)) {
$qqErr = "QQ号格式错误";
$judge = "0";
}
}
if (empty($_POST["email"])) {
$_POST["email"] = "0";
} else {
$email = arrange($_POST["email"]);
}
if (empty($_POST["number1"])) {
$number1Err = "请输入卡号";
} else {
$number1 = arrange($_POST["number1"]);
if (!preg_match("/^[0-9]{11}\$/", $number1)) {
$number1Err = "卡号格式错误";
} else {
$judge += 32;
}
}
}
function arrange($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
// +++
// page basics
if ($environment["parameter"][2] == "verify" && ($HTTP_POST_VARS["send"] != "" || $HTTP_POST_VARS["extension1"] != "" || $HTTP_POST_VARS["extension2"] != "")) {
// form eingaben prüfen
form_errors($form_options, $HTTP_POST_VARS);
// evtl. zusaetzliche datensatz aendern
if ($ausgaben["form_error"] == "") {
// funktions bereich fuer erweiterungen
// ***
// file ersetzen
if ($_FILES["upload"]["name"] != "") {
$file = file_verarbeitung($pathvars["filebase"]["new"], "upload", $cfg["filesize"], array($form_values["ffart"]), $pathvars["filebase"]["maindir"]);
if ($file["returncode"] == 0) {
$file_id = $form_values["fid"];
$source = $pathvars["filebase"]["maindir"] . $pathvars["filebase"]["new"] . $file["name"];
arrange($file_id, $source, $file["name"]);
} else {
$ausgaben["form_error"] .= "Ergebnis: " . $file["name"] . " " . file_error($file["returncode"]);
}
}
### put your code here ###
if ($error) {
$ausgaben["form_error"] .= $db->error("#(error_result)<br />");
}
// +++
// funktions bereich fuer erweiterungen
}
// datensatz aendern
if ($ausgaben["form_error"] == "") {
$kick = array("PHPSESSID", "form_referer", "send", "image", "image_x", "image_y");
foreach ($HTTP_POST_VARS as $name => $value) {
arrange();
for ($i = 0; $i < count($header); $i++) {
$pdf->myCell($width[$i], $height[2], '', 'BLR');
}
detailsprint();
$firsttime = 1;
hallwise();
mainarranger('AN');
$cursession = 'AN';
unset($dpt_hal);
$dpt_hal = array();
$final_hall = 0;
$final_reg = 0;
$allhalls = $sessioneHalls2;
unset($hall_no);
$hall_no;
unset($hallwise);
$hallwise = array(array(array()));
arrange();
for ($i = 0; $i < count($header); $i++) {
$pdf->myCell($width[$i], $height[2], '', 'BLR');
}
detailsprint();
$firsttime = 1;
hallwise();
}
$pdf->Output($pdfName, 'I');
end:
if ($error == 1) {
header('Location: blunder.php');
}
function insert_file($file, $under, $migrate_file)
{
global $db, $sql, $cfg;
/* db-eintrag machen */
$extension = strtolower(substr(strrchr($file, "."), 1));
/* testen, ob schon ein identischer eintrag vorhanden ist */
$sql = "SELECT *\n FROM site_file\n WHERE fuid=1\n AND ffname='" . basename($file) . "'\n AND ffart='" . $extension . "'\n AND fdesc='" . $under . "'\n AND funder='" . $under . "'\n AND fhit LIKE '%from " . $migrate_file . "%'";
$result = $db->query($sql);
$num = $db->num_rows($result);
if ($num == 0) {
$sql = "INSERT INTO site_file (fuid,\n ffname,\n ffart,\n fdesc,\n funder,\n fhit)\n VALUES (1,\n '" . basename($file) . "',\n '" . $extension . "',\n '" . $under . "',\n '" . $under . "',\n 'from " . $migrate_file . "')";
$result = $db->query($sql);
/* zu dateiablage hinzufuegen */
if ($result) {
$file_id = $db->lastid();
arrange($file_id, $file, basename($file), 0);
}
} else {
$data = $db->fetch_array($result, 1);
$file_id = $data["fid"];
if ($cfg["migrate"]["replace_files"] == True) {
arrange($file_id, $file2insert, $match[2][$key], 0);
}
}
return $file_id;
}
$sql = "SELECT *\n FROM site_file\n WHERE fuid=1\n AND ffname='" . str_replace($_SESSION["uid"] . "_", "", $name) . "'\n AND ffart='" . $extension . "'\n AND fdesc='" . $value["fdesc"] . "'\n AND funder='" . $value["funder"] . "'\n AND fhit LIKE '%from " . $file . "%'";
$result = $db->query($sql);
$num = $db->num_rows($result);
if ($num == 0) {
$sql = "INSERT INTO site_file (fuid,\n ffname,\n ffart,\n fdesc,\n funder,\n fhit)\n VALUES (1,\n '" . str_replace($_SESSION["uid"] . "_", "", $name) . "',\n '" . $extension . "',\n '" . $value["fdesc"] . "',\n '" . $value["funder"] . "',\n '" . $comp_tag . " from " . $file . "')";
$result = $db->query($sql);
/* zu dateiablage hinzufuegen */
if ($result) {
$file_id = $db->lastid();
arrange($file_id, $file2insert, str_replace($_SESSION["uid"] . "_", "", $name));
}
} else {
$data = $db->fetch_array($result, 1);
$file_id = $data["fid"];
if ($cfg["migrate"]["replace_files"] == True) {
arrange($file_id, $file2insert, str_replace($_SESSION["uid"] . "_", "", $name), 0);
}
preg_match("/#p([0-9]*),[0-9]*/", $data["fhit"], $match_compid);
$compid = $match_compid[1];
}
if ($i < $cfg["migrate"]["tags"]["selektion"]["pics"]) {
$pics[] = $file_id;
}
@unlink($file2insert);
}
}
/* vorschaubilder suchen */
if (count($pics) > 0) {
$pics = array_slice($pics, 0, $cfg["fileed"]["compilation"]["items"]);
$ersetzung = str_replace(array("compid", "pics"), array($compid, implode(":", $pics)), $cfg["migrate"]["tags"]["selektion"]["start"]) . $match[3][$key] . $cfg["migrate"]["tags"]["selektion"]["end"] . "\n";
$content = str_replace($group, $ersetzung, $content);
