function m__set_level() { global $dbm; $_POST = helper::sqlxss($_POST); $aid = isset($_POST['aid']) ? intval($_POST['aid']) : 0; $gid = isset($_POST['gid']) ? intval($_POST['gid']) : 0; $_POST['level'] = isset($_POST['level']) ? $_POST['level'] : array(); if ($aid < 0 && $gid < 0) { die('{"code":"1","msg":"请选择权限设置对象,无法设置"}'); } if ($gid > 0) { if ($gid == 1) { die('{"code":"100","msg":"超级管理组权限无需设置"}'); } check_level("B0301"); $fields['g_urank'] = implode(',', $_POST['level']); $rs = $dbm->single_update(TB_PREFIX . 'admin_group', $fields, "group_id='{$gid}'"); logs("设置组权限成功:" . $fields['g_urank']); die('{"code":"0","msg":"设置用户组权限成功"}'); } if ($aid > 0) { check_level("B0302"); //die(print_r($_POST)); $fields['alevel'] = implode(',', $_POST['level']); $rs = $dbm->single_update(TB_PREFIX . 'admin_list', $fields, "admin_id='{$aid}'"); logs("设置组权限成功:" . $fields['alevel']); die('{"code":"0","msg":"设置用户权限成功"}'); } }
function m__save() { global $l_obj; check_level("A0201"); // 其他站点配置 $config = $_SERVER['DOCUMENT_ROOT'] . SITE_PATH . '/core/config.php'; $cf = @file_get_contents($config); if (!$cf) { die('{"code":"0","msg":"读取失败"}'); } if (!empty($_POST)) { foreach ($_POST as $k => $v) { $v = urldecode($v); if (get_magic_quotes_gpc()) { $v = stripslashes($v); } if ($k == 'comment_code') { } else { $v = preg_replace('~"~', '"', $v); } $v = preg_replace('~"~', '\\\\"', $v); set_config(strtoupper($k), $v, $cf); } } $cf = @file_put_contents($config, $cf); if (!$cf) { die('{"code":"0","msg":"写入失败"}'); } //$c->url_config(); //$c->update_cate(); //$c->update_externs(); $l_obj->insert("修改配置成功"); die('{"code":"100","msg":"配置成功"}'); }
function createmenuitems() { global $PAGESACCESS; // $menubar['id'] = array("href" => , "label" => ); $menubar['main'] = array("href" => "./", "label" => T_("Status")); $menubar['users'] = array("href" => "display", "label" => T_("Users"), "submenu" => array('createuser' => array("href" => "newuser", "label" => T_("New User")), 'createtickets' => array("href" => "newtickets", "label" => T_("Batch Users")), 'createmachine' => array("href" => "newuser?computer", "label" => T_("Computer Account")))); $menubar['sessions'] = array("href" => "sessions", "label" => T_("Monitor Sessions"), "submenu" => array('reports' => array("href" => "reports", "label" => T_("Reports")), 'dhcpleases' => array("href" => "dhcpleases", "label" => T_("DHCP Leases")))); $menubar['settings'] = array("href" => "settings", "label" => T_("Settings"), "submenu" => array('uploadlogo' => array("href" => "uploadlogo", "label" => T_("Site Logo")), 'netconfig' => array("href" => "netconfig", "label" => T_("Network Settings")), 'chilliconfig' => array("href" => "chilliconfig", "label" => T_("Coova Chilli Settings")), 'loginconfig' => array("href" => "loginconfig", "label" => T_("Portal Customisation")), 'ticketprintconfig' => array("href" => "ticketprintconfig.php", "label" => T_("Ticket Print Settings")), 'groups' => array("href" => "groupconfig", "label" => T_("Groups")))); $menubar['passwd'] = array("href" => "passwd", "label" => T_("Admin Users"), "submenu" => array('adminlog' => array("href" => "adminlog", "label" => T_("Admin Log")))); $menubar['logout'] = array("href" => "./?logoff", "label" => T_("Logoff")); // Filter out menu items user doesn't have access to $newmenubar = array(); foreach ($menubar as $label => $toplevel) { // If they don't have access to top level of a menu section, they also don't have access to the levels below it via the menu (still up to the PAGESACCESS to prevent access if (check_level($PAGESACCESS[$label])) { $submenu = array(); if (isset($toplevel['submenu']) && is_array($toplevel['submenu'])) { foreach ($toplevel['submenu'] as $secondlabel => $secondlevel) { if (check_level($PAGESACCESS[$secondlabel])) { $submenu[$secondlabel] = $secondlevel; } } } $item = $toplevel; unset($item['submenu']); if (sizeof($submenu)) { $item['submenu'] = $submenu; } $newmenubar[$label] = $item; } } return $newmenubar; }
/** * 删除选中的数据 * 支持单个删除 根据post数据来获取需要删除的数据的信息 */ function m__del() { global $dbm; //判断操作权限 check_level("E08"); if (isset($_POST['resource_id'])) { $_POST['params'][] = $_POST['resource_id']; } //循环删除 foreach ($_POST['params'] as $id) { $id = intval($id); $res = $dbm->query("SELECT id,info_id,resource_url from " . TB_PREFIX . "resource_list WHERE id='" . $id . "'"); if (count($res['list']) != 1) { continue; } $res = check_resource($res['list'][0]['id'], $res['list'][0]['info_id'], $res['list'][0]['resource_url']); if ($res['info']['table_name'] != 'undefined' || $res['info']['id_name'] != 'undefined' || $res['info']['id_zhi'] != 'undefined') { continue; } $img_path = str_replace('\\', '/', dirname(__FILE__)) . '/..' . $res['info']['resource_url']; @unlink($img_path); $x = strripos($img_path, '/'); $thumb_img = substr($img_path, 0, $x + 1) . "thumb_" . substr($img_path, $x + 1); @unlink($thumb_img); @rmdir(dirname($thumb_img)); $where = " id = '" . $id . "'"; $res = $dbm->single_del(TB_PREFIX . "resource_list", $where); if (!empty($res['error'])) { continue; } } logs("删除资源成功"); die('{"code":"0","msg":"删除成功"}'); }
function check_page_access() { global $ACCESS_LEVEL, $templateEngine; if (!check_level($ACCESS_LEVEL)) { $templateEngine->displayPage('accessdenied.tpl'); exit; } }
function m__edit() { global $url_re_obj, $logs_obj; check_level("A0301"); $post = $_POST; //解码数据 foreach ($post as $key => $val) { $post[$key] = urldecode($val); } if (!is_numeric($post['url_id'])) { die('{"code":"210","msg":"规则节点ID必须是数字"}'); } if (empty($post['url_title'])) { die('{"code":"220","msg":"规则节点名称不能为空"}'); } if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $post['url_title'])) { die('{"code":"230","msg":"规则节点名称必须以字母开头,只允许字母、下划线"}'); } if (empty($post['url_true'])) { die('{"code":"230","msg":"动态地址规则不能为空"}'); } if (empty($post['url_rule'])) { die('{"code":"230","msg":"伪静态地址规则不能为空"}'); } if ($post['url_id'] > 0) { // 编辑 $res = $url_re_obj->update($post, $post['url_id']); //更新缓存 //$c -> update_url_config(); //$c -> update_cate(); //生成伪静态文件(.htaccess) //htaccess(); //iis_httpd_ini(); $logs_obj->insert("更新伪静态成功"); if ($res) { die('{"code":"0","msg":"更新规则成功"}'); } die('{"code":"240","msg":"更新规则失败"}'); } else { // 添加 //判断节点是否存在 /*$rs=$dbm->query("select * from ".TB_PREFIX . "url_rewrite where url_title='{$_POST['url_title']}'"); if(count($rs['list'])>0) die('{"code":"100","msg":"'.$_POST['url_title'].'节点名称不能重复"}'); unset($_POST['url_id']); $res = $dbm -> single_insert(TB_PREFIX . "url_rewrite", $_POST);*/ //更新缓存 $c->update_url_config(); $c->update_cate(); //生成伪静态文件(.htaccess) htaccess(); iis_httpd_ini(); if (empty($res['error']) && $res['autoid'] > 0) { die('{"code":"0","msg":"添加规则成功"}'); } die('{"code":"250","msg":"添加规则失败,请核对重试"}'); } }
public function del() { check_login(); check_level(3); $del_id = I("get.del_id", '', 'number_int'); $data['comment_content'] = "我们要做个爱国的文明人哦~大家来争当爱国小能手吧O(∩_∩)O哈哈~"; if ($del_id) { D('scomment')->where('comment_id=' . $del_id)->save($data); $this->success('屏蔽成功', 'index.php?s=Home/comment/index'); } else { $this->error('非法操作!'); } }
public function del() { check_login(); check_level(3); $del_id = I("get.del_id", '', 'number_int'); if ($del_id) { $data['use_time'] = "90"; D('rank')->where('id=' . $del_id)->save($data); $this->success('废除成功', 'index.php?s=Home/rank/index'); } else { $this->error('非法操作!'); } }
/** * 获取编辑或添加管理组 */ function m__edit() { global $dbm; check_level("B0101"); $params = array(); foreach ($_POST as $k => $v) { $_POST[$k] = helper::escape($v, 1); } if (!is_numeric($_POST['group_id'])) { die('{"code":"210","msg":"用户组ID必须是数字"}'); } // 验证会员信息是否合法 if (empty($_POST['g_name'])) { die('{"code":"220","msg":"用户组名字不能为空"}'); } //if(!isset($_POST['g_urank']) || trim($_POST['g_urank']) =='') die('{"code":"230","msg":"用户组权限不能为空"}'); //if (!preg_match('~^[A-Za-z][A-Za-z]*[a-z0-9_]*$~', $_POST['g_name'])) die('{"code":"230","msg":"用户组名必须以字母开头,只允许字母、数字、下划线"}'); $params['g_name'] = $_POST['g_name']; //$params['g_urank'] = $_POST['g_urank']; $params['g_remark'] = isset($_POST['g_remark']) && !empty($_POST['g_remark']) ? htmlspecialchars($_POST['g_remark']) : ''; $params['create_time'] = time(); if (intval($_POST['group_id']) > 0) { $where = " group_id ='" . $_POST['group_id'] . "'"; $res = $dbm->single_update(TB_PREFIX . "admin_group", $params, $where); if (empty($res['error'])) { logs("用户组编辑成功,用户组ID为:{$_POST['group_id']}"); die('{"code":"0","msg":"操作成功"}'); } logs("编辑用户组失败,请核实后再添加,用户组ID为:{$_POST['group_id']}"); die('{"code":"280","msg":"编辑用户组失败,请核实后再添加"}'); } else { // 添加会员 $where = " g_name='" . $_POST['g_name'] . "'"; $a = $dbm->single_query(array('where' => $where, 'table_name' => TB_PREFIX . "admin_group")); if (count($a['list']) > 0) { die('{"code":"260","msg":"用户组名字不能重复"}'); } $res = $dbm->single_insert(TB_PREFIX . "admin_group", $params); if ($res['autoid'] > 0) { logs("添加用户组成功,用户组名字为:{$_POST['g_name']}"); die('{"code":"0","msg":"添加用户组成功"}'); } logs("添加用户组失败,请核实后再添加,用户组名字为:{$_POST['g_name']}"); die('{"code":"270","msg":"添加用户组失败,请核实后再添加"}'); } }
function m__set_auth() { check_level("A0501"); $config = '../core/config.php'; $cf = file_get_contents($config); $_POST = helper::sqlxss($_POST); $code = isset($_POST['auth']) ? $_POST['auth'] : ''; if (!preg_match('~^[a-z_A-Z0-9=]{1,64}~', $code)) { die('{"code":"1","msg":"授权码格式错误' . $code . '"}'); } if (AUTH_CODE != $code) { set_config('AUTH_CODE', $code, $cf); if (helper::getChmod($config) != '0777') { die('{"code":"1","msg":"/core/config.php 配置文件没有写权限"}'); } file_put_contents($config, $cf); } die('{"code":"0","msg":"成功设置授权码"}'); }
function m__edit_group() { global $page, $dbm; check_level("E1004"); if ($_POST['act'] == 'search') { $sql = "select * from " . TB_PREFIX . "keyword"; $rs = $dbm->query($sql); $group = array(); $id = array(); foreach ($rs['list'] as $k => $v) { if (!in_array($v['qgroup'], $group)) { $group[$k] = $v['qgroup']; } $group_ = array_flip($group); if (!empty($id[$group_[$v['qgroup']]])) { $id[$group_[$v['qgroup']]] .= ',' . $v['keyword_id']; } else { $id[$group_[$v['qgroup']]] = $v['keyword_id']; } } $str = '<tr><td width="50%">组名</td><td class="alignleft" width="30%">关键字数</td><td class="alignleft"></td></tr>'; foreach ($group as $k => $v) { $id_shu = count(explode(',', $id[$k])); $str .= '<tr><td width="80"><input title="' . $id[$k] . '" type="text" value="' . $v . '" name="qgroup" id="qgroup' . $k . '" class="ipt" ></td><td>' . $id_shu . '</td><td><a href="javascript:void(0);" class="but2 but2" id="subtn" onclick="del_group(' . $k . ')">保存</a></td></tr>'; } die(urlencode($str)); } elseif ($_POST['act'] == 'save') { $sql = "UPDATE " . TB_PREFIX . "keyword SET qgroup = '" . $_POST['v'] . "' WHERE keyword_id in(" . $_POST['k'] . ")"; $rs = $dbm->query_update($sql); if (!$rs['error']) { die("{'code':'0','msg':'保存成功'}"); } else { die("{'code':'1','msg':'保存失败'}"); } } }
public function del() { check_login(); check_level(3); $del_id = I("get.del_id", '', 'number_int'); $shop_id = I("get.shop_id", '', 'number_int'); if ($del_id && $shop_id) { //echo $del_id.$shop_id; D('dish')->where('dish_id=' . $del_id)->delete(); $this->success('删除成功', 'index.php?s=Admin/menu/shop_edit/edit_id/' . $shop_id); } else { $this->error('非法操作!'); } }
public function del() { /*不要乱删店,评论等也会全没了*/ check_login(); check_level(3); $del_id = I("get.del_id", '', 'number_int'); if ($del_id) { //echo $del_id; D('shop')->where('shop_id=' . $del_id)->delete(); D('dcomment')->where('shop_id=' . $del_id)->delete(); D('dish')->where('shop_id=' . $del_id)->delete(); $this->success('删除成功', 'index.php?s=Admin/node/index'); } else { $this->error('非法操作!'); } }
function m__order() { global $t_obj, $l_obj; //判断操作权限 check_level("H0703"); $ids = json_decode(stripslashes(urldecode($_POST['params'])), true); foreach ($ids as $a) { $params['qorder'] = $a['val']; $res = $t_obj->update($params, $a['id']); } if ($res['state'] == 0) { $l_obj->insert("修改排序成功"); die('{"code":"0","msg":"排序修改成功"}'); } die('{"code":"100","msg":"排序修改失败"}'); }
function m__del_attr() { global $m_obj, $l_obj; check_level("D0304"); $post = $_POST; $model_id = isset($_GET['mid']) ? $_GET['mid'] : 0; $where = " model_id = " . $model_id . " and field = '" . $post['field'] . "'"; $res = $m_obj->delete_model_field($where); if ($res) { $l_obj->insert("删除字段成功"); die('{"code":0,"msg":"删除成功"}'); } else { die('{"code":1,"msg":"删除失败 "}'); } }
function m__update_state() { global $u_obj, $l_obj; check_level("B0103"); $user_id = isset($_GET['uid']) ? $_GET['uid'] : 0; $state = isset($_GET['ustate']) ? $_GET['ustate'] : 1; //把状态修改为需要更改的状态,因为传过来的是原始状态 $update_state = $state == 0 ? 1 : 0; $update_msg = $state == 0 ? "停用" : "启用"; $params['ustate'] = $update_state; $res = $u_obj->update($params, $user_id); if ($res['state'] == 0) { $l_obj->insert($update_msg . "用户成功【{$user_id}】"); die('{"code":"0","msg":"' . $update_msg . '用户成功","gid":"' . $user_id . '"}'); } die('{"code":"100","msg":"' . $update_msg . '用户失败"}'); }
<?php // ****************************************************************************************************************************** // MCMS Copyright (c) 2012-2013 ZhangYiYeTai Inc. // The program developed by loyjers core architecture, individual all rights reserved, if you have any questions please contact loyjers@126.com // ****************************************************************************************************************************** require_once dirname(__FILE__) . "/inc_common.php"; //加载共用代码 check_level("W02"); // ****************************************************************************************************************************** // 页面动作函数载入 // ****************************************************************************************************************************** call_mfunc(); // ****************************************************************************************************************************** // 模板载入 // ****************************************************************************************************************************** $tpl = assign_tpl_admin(basename(__FILE__)); $template = $tpl[0]; require_once $tpl[1]; // // ****************************************************************************************************************************** // 页面动作函数方法,必须以 m__ 开头 // ****************************************************************************************************************************** // 列表 function m__list() { global $dbm, $list; // 查询 $params['where'] = " 1=1"; if (isset($_GET['search_type']) && $_GET['search_type'] == 'msg_key' && isset($_GET['search_txt']) && $_GET['search_txt'] != '') { $params['where'] .= " and(msg_key like '%" . $_GET['search_txt'] . "%' or msg_key1 like '%" . $_GET['search_txt'] . "%' or msg_key2 like '%" . $_GET['search_txt'] . "%' or msg_key3 like '%" . $_GET['search_txt'] . "%' or msg_key4 like '%" . $_GET['search_txt'] . "%' or msg_key5 like '%" . $_GET['search_txt'] . "%')";
public function del() { check_login(); check_level(3); $del_id = I("get.del_id", '', 'number_int'); if ($del_id) { //echo $del_id; D('job')->where('job_id=' . $del_id)->delete(); $this->success('删除成功', 'index.php?s=Admin/job/index'); } else { $this->error('非法操作!'); } }
break; } if (check_level() >= 2 && !in_array($menu, array('4', '5', '6', '7', '8', '9', '10', '11', '12'))) { $tpl->parse('cp_' . $menu . '_' . $sub_menu); } elseif (check_level() >= 3 && !in_array($menu, array('6', '7', '8', '9', '10', '11', '12'))) { $tpl->parse('cp_' . $menu . '_' . $sub_menu); } elseif (check_level() >= 4 && !in_array($menu, array('11', '12'))) { $tpl->parse('cp_' . $menu . '_' . $sub_menu); } elseif (check_level() >= 9) { $tpl->parse('cp_' . $menu . '_' . $sub_menu); } elseif (in_array($menu, array('13', '14', '15', '16'))) { $tpl->parse('cp_' . $menu . '_' . $sub_menu); } $menu_level = ''; if (check_level() >= 2) { $menu_level .= @file_get_contents('templates/level_2.html'); } if (check_level() >= 3) { $menu_level .= @file_get_contents('templates/level_3.html'); } if (check_level() >= 4) { $menu_level .= @file_get_contents('templates/level_4.html'); } if (check_level() >= 9) { $menu_level .= @file_get_contents('templates/level_9.html'); } $tpl->assign(array('menu_level' => $menu_level, 'version' => $version['name'] . ' ' . $version['value'], 'this_menu' => $this_menu, 'messages_new' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_messages WHERE message_to = '" . $_SESSION['user']['id'] . "' and message_read = 0")), 'total_user' => @mysql_num_rows(@mysql_query("SELECT id FROM cnt_users")), 'menu' => $menu, 'sub_menu' => $sub_menu)); $tpl->tpl_out(); } else { header('Location: ../cnt-login.php'); }
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; if (check_log() == true && check_level() >= 4) { if ($_GET['type'] == 'add' && strlen($_POST['name']) >= 3 && strlen($_POST['img']) > 1) { @mysql_query("INSERT INTO cnt_ads (ad_name, ad_image, ad_link, ad_type) VALUES ('" . $_POST['name'] . "', '" . $_POST['img'] . "', '" . $_POST['url'] . "', " . $_POST['type'] . ")"); header('Location: index.php?m=6'); } elseif ($_GET['type'] == 'edit') { @mysql_query("UPDATE cnt_ads SET ad_name = '" . $_POST['name'] . "', ad_image = '" . $_POST['img'] . "', ad_link = '" . $_POST['url'] . "', ad_type = " . $_POST['type'] . " WHERE id = " . $_POST['id']); header('Location: index.php?m=6'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_ads WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=6'); } else { header('Location: index.php?m=6'); } } else { echo "Hacking attempt"; }
function check_profile() { global $_POST; global $CONST; if (isset($_POST["question"]) && filter_var($_POST["question"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^{$_SESSION["level"]}[1-{$CONST["questions"]}]\$/")))) { return check_question($_POST["question"]); } else { if (isset($_POST["advance"]) && filter_var($_POST["advance"], FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => "/^[a-z\\d]+\$/i")))) { return check_level($_POST["advance"]); } else { return NULL; } } }
function m__reply() { global $dbm, $c; check_level("E0703"); if (!isset($_POST['comment_id']) || !is_numeric($_POST['comment_id'])) { die('{"code":"101","msg":"回复评论ID出错"}'); } if (!isset($_POST['comment']) || trim($_POST['comment']) == '') { die('{"code":"101","msg":"回复评论不能为空"}'); } $comment = helper::escape(htmlspecialchars($_POST['comment']), 1); $comment_id = intval($_POST['comment_id']); $rs = $dbm->query_update("UPDATE " . TB_PREFIX . "comment SET reply = '{$comment}' WHERE comment_id = '{$comment_id}'"); if ($rs['error'] == '') { die('{"code":"0","msg":"回复成功"}'); } die('{"code":"1","msg":"评论失败"}'); }
| Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; include '../cnt-includes/functions.php'; if (check_log() == true) { if ($_GET['type'] == 'add' && strlen($_POST['content']) >= 10 && $_POST['captcha'] == $_SESSION['captcha']) { @mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")"); header('Location: ' . $_POST['back']); } elseif ($_GET['type'] == 'reply' && check_level() >= 2) { @mysql_query("INSERT INTO cnt_comments (comment_content, comment_pid, comment_sid, comment_user, comment_time) VALUES ('" . br($_POST['content']) . "', " . $_POST['pid'] . ", " . $_POST['id'] . ", " . $_SESSION['user']['id'] . ", " . time() . ")"); header('Location: index.php?m=2'); } elseif ($_GET['type'] == 'edit' && check_level() >= 2) { @mysql_query("UPDATE cnt_comments SET comment_content = '" . br($_POST['content']) . "' WHERE id = " . $_POST['id']); header('Location: index.php?m=2'); } elseif ($_GET['type'] == 'del' && $_POST['action'] == 1 && $_POST['id'] && check_level() >= 2) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_comments WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=2'); } else { echo "Hacking attempt"; } } else { echo "Hacking attempt"; }
$t_id = check_t_id($id); $query = "SELECT id, f_id, t_id, author, title, data, replyof, last, ora, date \n\t\t FROM " . __PREFIX__ . "topic \n\t\t WHERE id = '" . $id . "' \n\t\t OR replyof = '" . $id . "' \n\t\t ORDER BY id, last DESC"; $res = mysql_query($query); while ($row = mysql_fetch_row($res)) { $query_2 = "SELECT email, web_site, msn, level, id, firma \n\t\t\t\t FROM " . __PREFIX__ . "users \n\t\t\t\t WHERE username = '******'"; $row_info = mysql_fetch_row(mysql_query($query_2)); $mail = login($username, $password) == FALSE ? '<i>Login richiesto!</i>' : check_null($row_info[0], 1); ?> <div id="content"> <div id="userinfo"> <div><div style="float: left;"><b><?php print $row[3]; ?> </b></div><div style="float: right;"><?php print check_level($row_info[3]); ?> </div></div><hr /> <div><div style="float: left;">Post:</div><div style="float:right;"><?php print check_num_topic($row[3]); ?> </div></div><hr /> <div><div style="float: left;">E-Mail:</div><div style="float: right;"><?php print $mail; ?> </div></div><hr /> <div><div style="float: left;">MsN:</div><div style="float: right;"><?php print check_null($row_info[2], 1); ?> </div></div><hr /> <div><div style="float: left;">Sito Web:</div><div style="float: right;"><?php
<?php /*! * ************************************************************** **************** ProQuiz V2 ****************************** ***************************************************************/ /* documentation at: http://proquiz.softon.org/documentation/ /* Designed & Maintained by /* - Softon Technologies /* Developer /* - Manzovi /* For Support Contact @ /* - proquiz@softon.org /* Release Date : 02 Feb 2011 /* Licensed under GPL license: /* http://www.gnu.org/licenses/gpl.html */ ?> <ul> <?php foreach ($headMenu as $value) { if (check_level($value) && check_auth($value)) { if (preg_match('/' . $value['link'] . '/', $_SERVER['PHP_SELF'], $matches)) { echo '<li><a class="current" href="' . $value['link'] . '">' . $value['title'] . '</a></li>'; } else { echo '<li><a href="' . $value['link'] . '">' . $value['title'] . '</a></li>'; } } } ?> </ul>
<?php /*-----------------------------------*\ | Copyright © CNT | | Phone: 0986.901.797 | | Y!m: banmai_xanhmai | | Website: CongNgheTre.Vn | | Email: PeakOfMusic@Gmail.Com | \*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; if (check_log() & check_level() >= 3) { $total = @mysql_num_rows(@mysql_query("SELECT id FROM cnt_products")); $data = '<?xml version="1.0"?> <?mso-application progid="Excel.Sheet"?> <Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:html="http://www.w3.org/TR/REC-html40"> <DocumentProperties xmlns="urn:schemas-microsoft-com:office:office"> <Author>Admin</Author> <LastAuthor>Admin</LastAuthor> <Created>2010-08-12T12:09:16Z</Created> <Company>- ETH0 -</Company> <Version>11.9999</Version> </DocumentProperties> <ExcelWorkbook xmlns="urn:schemas-microsoft-com:office:excel"> <WindowHeight>9720</WindowHeight> <WindowWidth>15195</WindowWidth> <WindowTopX>480</WindowTopX>
function m__del() { global $dbm; //判断操作权限 check_level("E0302"); // 直接传过来的删除动作 if (isset($_POST['nlink_id'])) { $_POST['params'][] = $_POST['nlink_id']; } if (empty($_POST['params'])) { die('{"code":"100","msg":"没有选中要删除的友链"}'); } foreach ($_POST['params'] as $id) { $id = intval($id); $where = " nlink_id = '" . $id . "'"; $res = $dbm->single_del(TB_PREFIX . "nlink", $where); if (!empty($res['error'])) { continue; } } logs("删除内链词成功"); die('{"code":"0","msg":"删除成功"}'); }
function m__set_state() { global $a_obj, $l_obj; check_level("B0503"); if (!is_numeric($_GET['astate'])) { die('{"code":"210","msg":"状态必须是数字"}'); } $astate = $_GET['astate']; //需要操作的状态 $params['astate'] = $astate; $action = $_GET['astate'] == 1 ? "停用" : "启用"; $uids = explode(',', stripslashes($_POST['params'])); $count = 0; $html = " ID 分别是:"; //初步处理信息。比如超级管理员不能停用等 foreach ($uids as $kuid => $vuid) { if (!is_numeric($vuid)) { die('{"code":"220","msg":"账号ID必须是数字"}'); } //不能停用当前用户 if ($vuid == $_SESSION['admin']['admin_id']) { die('{"code":"230","msg":"不能停用当前账户,请核对后再操作"}'); exit; } //不能停用超级管理员用户 if ($a_obj->is_super_admin($vuid)) { die('{"code":"240","msg":"不能启用或停用超级管理员用户"}'); exit; } } foreach ($uids as $kuid => $vuid) { $res = $a_obj->update($params, $vuid); $count++; $html .= $vuid . ","; } $msg = "成功" . $action . "了 " . $count . " 个账号," . $html; //$msg = '设置成功'; $l_obj->insert($msg); die('{"code":"0","msg":"' . $msg . '"}'); }
<?php //if returns yes in sched.php this page will be executed include '../../config/connection.php'; include '../../config/sy.php'; require '../../auth.php'; confirm_logged_in(); check_level(); $course = $_REQUEST['course']; $yrlvl = $_REQUEST['yrlvl']; $sem = $_REQUEST['sem']; $s = mysql_query("SELECT * FROM scheds WHERE course_id='{$course}' AND yrlvl='{$yrlvl}' AND sem='{$sem}'"); while ($t = mysql_fetch_array($s)) { $trappings = mysql_query("SELECT * FROM schedules WHERE `subject_id`='{$t['subject_id']}' AND `course_id`='{$t['course_id']}' AND `section_id`='{$t['section_id']}' OR `time_id`='{$t['time_id']}' AND `room_id`='{$t['room_id']}' AND `sy_id`='{$sy['sy_id']}' AND `sem`='{$sem}' "); if (mysql_num_rows($trappings) > 0) { } else { $insert = mysql_query("INSERT INTO schedules(`sched_id`,`subject_id`,`course_id`,`yrlvl`,`time_id`,`section_id`,`room_id`,`size`,`pop`,`sy_id`,`sem`,`status`)VALUES('','{$t['subject_id']}','{$t['course_id']}','{$t['yrlvl']}','{$t['time_id']}','{$t['section_id']}','{$t['room_id']}','{$t['size']}','{$t['pop']}','{$t['sy_id']}','{$t['sem']}','{$t['status']}')"); } } //$deleteexist=mysql_query("DELETE FROM scheds WHERE EXISTS (SELECT * FROM schedules WHERE scheds.sched_id=schedules.sched_id)"); echo "<meta http-equiv='refresh' content='0; url=classmenu.php'><script>alert('Schedules has been set successfully!')</script>";
\*-----------------------------------*/ define('CNT', true); include '../cnt-includes/config.php'; include '../cnt-includes/functions.php'; if (check_log() == true) { if ($_GET['type'] == 'my') { if ($_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_bills WHERE bill_user = "******" and id = " . $_POST['id'][$i]); } header('Location: index.php?m=14'); } else { header('Location: index.php?m=14'); } } elseif (check_level() >= 3) { if ($_POST['action'] == 1 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("DELETE FROM cnt_bills WHERE id = " . $_POST['id'][$i]); } header('Location: index.php?m=4'); } elseif ($_POST['action'] == 2 && $_POST['id']) { $total = count($_POST['id']); for ($i = 0; $i < $total; $i++) { @mysql_query("UPDATE cnt_bills SET bill_pay = 1 WHERE id = " . $_POST['id'][$i]); $bill = @mysql_fetch_array(@mysql_query("SELECT bill_name, bill_phone, bill_fax, bill_email, bill_add, bill_content, bill_time FROM cnt_bills WHERE id = " . $_POST['id'][$i])); $mail = '<div> <p> <strong>Đơn đặt hàng (Đã thanh toán)</strong> <em>(' . format_time($bill['bill_time'], 2) . ')</em> </p>