function insert($table, $params) { try { $values = array(); foreach ($params as $k => $V) { $values[] = ":" . $k; } $con = connect(); $strValues = implode(",", $values); $stmt = $con->prepare("INSERT INTO {$table} VALUES({$strValues})"); foreach ($params as $k => $v) { $stmt->bindValue($k, $v); } $stmt->execute(); } catch (Exception $e) { dbLog($e->getMessage()); } }
function dbQuery($sql, $params = NULL) { global $dbConn; if (dbLog($sql, true)) { return; } $result = NULL; try { if (isset($params)) { $result = $dbConn->prepare($sql); $result->execute($params); } else { $result = $dbConn->query($sql); } } catch (PDOException $e) { Fatal("SQL-ERR '" . $e . getMessage() . "', statement was '" . $sql . "'"); } return $result; }
function dbNumRows($sql) { dbLog($sql); if (!($result = mysql_query($sql))) { dbError($sql); } return mysql_num_rows($result); }
// exclusive lock if (flock($file, LOCK_EX)) { fwrite($file, '<?xml version="1.0" encoding="iso-8859-7"?>' . "\n"); fwrite($file, "<Records>\n"); foreach ($events as $event) { fwrite($file, "\t<Event>\n"); fwrite($file, "\t\t<Year>" . substr($event['date'], 0, 4) . "</Year>\n"); fwrite($file, "\t\t<Month>" . getMonth(substr($event['date'], 5, 2)) . "</Month>\n"); fwrite($file, "\t\t<Day>" . sprintf("%d", substr($event['date'], 8, 2)) . "</Day>\n"); fwrite($file, "\t\t<Desc_en>" . htmlspecialchars($event['msg_en'], ENT_QUOTES) . "</Desc_en>\n"); fwrite($file, "\t\t<Desc_gr>" . htmlspecialchars($event['msg_gr'], ENT_QUOTES) . "</Desc_gr>\n"); fwrite($file, "\t\t<Link>" . htmlspecialchars($event['link'], ENT_QUOTES) . "</Link>\n"); fwrite($file, "\t</Event>\n"); } fwrite($file, "</Records>\n"); flock($file, LOCK_UN); $connection = dbConnect(); dbLog('update XML event file', $connection); } else { echo 'Error locking file!'; } fclose($file); header('Location: manageevents.php'); } } } } $title = 'Foss UoA - Κοινότητα Ανοιχτού Λογισμικού Καποδιστριακού Πανεπιστημίου Αθηνών - Manage Events'; $bodyfile = 'dot_body/manageevents.body'; $lang = 'gr'; require '../template.txt';
$verif = 0; } else { if ($ModUltimoEstado == 4) { while ($i < count($ModRightValues)) { $sentenciaInsertObs = "INSERT INTO AM.ALLT_OBSERVACIONES (ALOS_NU_ID, ALOS_ALES_NU_OBS, ALOS_ALTR_NU_COD_RECHAZO, ALOS_CD_MOTIVO_RECHAZO, ALOS_CD_TIPO_RECHAZO, ALOS_CD_RESPONSABLE) VALUES (AM.ALLQ_ALOS_SEQ.NEXTVAL, AM.ALLQ_ALES_SEQ.CURRVAL, '{$ModRightValues[$i]}', NULL, NULL, NULL)"; $sentenciaInsertObsExec = oci_parse($c, $sentenciaInsertObs); $errorInsert = @oci_execute($sentenciaInsertObsExec); if (!$errorInsert) { $e = oci_error($sentenciaInsertObsExec); $message = $e['message']; $error = "Error. {$message}"; } else { $resultLog = dbLog("AM", "ALLT_OBSERVACIONES", "INSERT", "{$sentenciaInsertObs}"); } $i++; } $resultLog = dbLog("AM", "ALLT_ESTADOS", "INSERT", "Registro {$ModID} ingresado por {$user} ({$apellido}, {$nombre})."); oci_free_statement($sentenciaInsertExec); oci_free_statement($sentenciaInsertObsExec); } else { $resultLog = dbLog("AM", "ALLT_ESTADOS", "INSERT", "Registro {$ModID} ingresado por {$user} ({$apellido}, {$nombre})."); oci_free_statement($sentenciaInsertExec); } } if ($verif == 0) { $respuesta->estado = false; $respuesta->mensaje = $error; } else { $respuesta->estado = true; } echo json_encode($respuesta);
$user = $_SESSION["username"]; $apellido = $_SESSION["APELLIDO"]; $nombre = $_SESSION["NOMBRE"]; $ModID = $_REQUEST['ModID']; $ModIDObservacion = $_REQUEST['ModIDObservacion']; $ModObservacion = $_REQUEST['ModObservacion']; $ModTipo = $_REQUEST['ModTipo']; $ModResponsable = $_REQUEST['ModResponsable']; $respuesta = new stdClass(); $verif = 1; /*Actualizo la observacion*/ $sentenciaUpdate = "UPDATE AM.ALLT_OBSERVACIONES SET ALOS_CD_MOTIVO_RECHAZO = UPPER(TRIM('{$ModObservacion}')), ALOS_CD_TIPO_RECHAZO = {$ModTipo}, ALOS_CD_RESPONSABLE = {$ModResponsable} WHERE ALOS_NU_ID = {$ModIDObservacion}"; $sentenciaUpdateExec = oci_parse($c, $sentenciaUpdate); $errorUpdate = @oci_execute($sentenciaUpdateExec); if (!$errorUpdate) { $e = oci_error($sentenciaUpdateExec); $message = $e['message']; $error = "Error al actualizar la observacion {$ModID}. Ver Logs."; $resultLog = dbLog("AM", "ALLT_OBSERVACIONES", "UPDATE", "Error {$ModID}: {$message}."); $verif = 0; } else { $resultLog = dbLog("AM", "ALLT_OBSERVACIONES", "UPDATE", "Observacion {$ModID} actualizado por {$user} ({$apellido}, {$nombre})."); oci_free_statement($sentenciaUpdateExec); } if ($verif == 0) { $respuesta->estado = false; $respuesta->mensaje = $error; } else { $respuesta->estado = true; } echo json_encode($respuesta);
$emptyPass = false; $valid_err = false; // LOGIN if (isset($_POST['loginForm'])) { if (empty($_POST['username'])) { $emptyName = true; } if (empty($_POST['pass'])) { $emptyPass = true; } if (!$emptyName && !$emptyPass) { $connection = dbConnect(); $query = sprintf("SELECT * FROM web_admins WHERE username='******'", dbEsc($_POST['username'])); $res = dbQuery($query, $connection); if (crypt($_POST['pass'], $res[0]['pass']) == $res[0]['pass']) { $_SESSION['loggedIn'] = true; $_SESSION['username'] = $res[0]['username']; $_SESSION['postLang'] = 'gr'; $_SESSION['feedLang'] = 'gr'; dbLog('login', $connection); header('Location: admincp.php'); } else { dbLog('failed login', $connection); $valid_err = true; } } } $title = 'Foss UoA - Κοινότητα Ανοιχτού Λογισμικού Καποδιστριακού Πανεπιστημίου Αθηνών - Admin Login'; $bodyfile = 'dot_body/adminlogin.body'; $lang = 'gr'; require '../template.txt';
fwrite($file, "\t<title>Foss UoA RSS Feed" . ($type == 'General RSS' ? '' : ' - Meetings\' RSS') . "</title>\n"); fwrite($file, "\t<description>Foss UoA RSS Feed" . ($type == 'General RSS' ? '' : ' - Meetings\' RSS') . "</description>\n"); fwrite($file, "\t<copyright>2008-2009 Refsnes Data as. All rights reserved.</copyright>\n"); foreach ($entries as $entry) { fwrite($file, "\t<item>\n"); fwrite($file, "\t\t<title>" . htmlspecialchars($entry['title'], ENT_QUOTES) . "</title>\n"); fwrite($file, "\t\t<link>" . htmlspecialchars($entry['link'], ENT_QUOTES) . "</link>\n"); fwrite($file, "\t\t<description>" . htmlspecialchars($entry['description'], ENT_QUOTES) . "</description>\n"); fwrite($file, "\t\t<guid isPermaLink=\"false\">foss-uoa/gr/rss/item_" . $entry['id'] . "</guid>\n"); fwrite($file, "\t\t<author>foss.uoa@gmail.com</author>\n"); fwrite($file, "\t\t<pubDate>" . substr($entry['date'], 8, 2) . " " . substr($entry['date'], 5, 2) . " " . substr($entry['date'], 0, 4) . "</pubDate>\n"); fwrite($file, "\t</item>\n"); } fwrite($file, "</channel>\n"); fwrite($file, "</rss>\n"); flock($file, LOCK_UN); $connection = dbConnect(); dbLog('update ' . $_SESSION['feedLang'] . ' ' . $type . ' RSS file', $connection); } else { die('Error locking file!'); } fclose($file); header('Location: managefeeds.php'); } } } } $title = 'Foss UoA - Κοινότητα Ανοιχτού Λογισμικού Καποδιστριακού Πανεπιστημίου Αθηνών - Manage Feeds'; $bodyfile = 'dot_body/managefeeds.body'; $lang = 'gr'; require '../template.txt';
if (isset($_POST['editPostForm'])) { if (empty($_POST['title'])) { $emptyTitle = true; } if (empty($_POST['body'])) { $emptyBody = true; } $errors = $emptyTitle || $emptyBody; if (!$errors && !isset($_POST['preview'])) { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE posts SET web_admins_username='******', title='%s', edit_date='%s', body='%s', lang='%s' WHERE id=%s", $_SESSION['username'], dbEsc($_POST['title']), date("Y-m-d"), dbEsc($_POST['body']), $_SESSION['postLang'], $mid); dbUpdate($query, $connection); dbLog('edit post ' . $mid, $connection); header('Location: manageposts.php'); } } else { if (isset($_GET['action']) && $_GET['action'] === "delete") { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE posts SET deleted=true WHERE id=%s", $mid); dbUpdate($query, $connection); dbLog('delete post ' . $mid, $connection); header('Location: manageposts.php'); } } } $title = 'Foss UoA - Κοινότητα Ανοιχτού Λογισμικού Καποδιστριακού Πανεπιστημίου Αθηνών - Manage Posts'; $bodyfile = 'dot_body/manageposts.body'; $lang = 'gr'; require '../template.txt';
if (empty($_POST['pass2'])) { $emptyPassword2 = true; } if (!$emptyPassword1 && !$emptyPassword2 && $_POST['pass1'] !== $_POST['pass2']) { $passMismatch = true; } $errors = $emptyCurrent || $emptyName || $emptyPassword1 || $emptyPassword2; if (!$errors) { $connection = dbConnect(); $query = sprintf("SELECT pass FROM web_admins WHERE username='******'", $_SESSION['username']); $res = dbQuery($query, $connection); if (crypt($_POST['current'], $res[0]['pass']) != $res[0]['pass']) { $valid_err = true; } } $errors = $errors || $valid_err || $passMismatch; if (!$errors) { $newpass = crypt($_POST['pass1']); $query = sprintf("INSERT INTO web_admins (username, pass) VALUES('%s', '%s')", $_POST['username'], $newpass); dbUpdate($query, $connection); dbLog('add site admin ' . $_POST['username'], $connection); header('Location: admincp.php'); } } } else { $title .= 'Admin Control Panel'; $bodyfile = 'dot_body/admincp.body'; } } $lang = 'gr'; require '../template.txt';