/**
 * Reverse IP filter
 */
function fn_settings_actions_addons_access_restrictions_admin_reverse_ip_access(&$new_value, $old_value)
{
    $ip = fn_get_ip(true);
    if ($new_value == 'Y') {
        $ip_data = db_get_row("SELECT item_id, status FROM ?:access_restriction WHERE ip_from = ?i AND ip_to = ?i AND type IN ('aas', 'aab', 'aar')", $ip['host'], $ip['host']);
        if (empty($ip_data) || empty($ip_data['item_id'])) {
            // Add IP
            $restrict_ip = array('ip_from' => $ip['host'], 'ip_to' => $ip['host'], 'type' => 'aas', 'timestamp' => TIME, 'expires' => '0', 'status' => 'A');
            $__data = array();
            $__data['item_id'] = db_query("REPLACE INTO ?:access_restriction ?e", $restrict_ip);
            $__data['type'] = 'aas';
            foreach (fn_get_translation_languages() as $__data['lang_code'] => $_v) {
                $__data['reason'] = __('store_admin', '', $__data['lang_code']);
                db_query("REPLACE INTO ?:access_restriction_reason_descriptions ?e", $__data);
            }
            fn_set_notification('W', __('warning'), __('your_ip_added', array('[ip]' => long2ip($ip['host']))));
        } elseif (empty($ip_data['status']) || $ip_data['status'] != 'A') {
            // Change IP status to available
            db_query("UPDATE ?:access_restriction SET ?u WHERE item_id = ?i", array('status' => 'A'), $ip_data['item_id']);
            fn_set_notification('W', __('warning'), __('your_ip_enabled', array('[ip]' => long2ip($ip['host']))));
        }
    } else {
        // Delete IP
        $ips_data = db_get_array("SELECT item_id, type FROM ?:access_restriction WHERE ip_from <= ?i AND ip_to >= ?i AND type IN ('aas', 'aab', 'aar')", $ip['host'], $ip['host']);
        if (!empty($ips_data)) {
            foreach ($ips_data as $ip_data) {
                db_query("DELETE FROM ?:access_restriction WHERE item_id = ?i", $ip_data['item_id']);
                db_query("DELETE FROM ?:access_restriction_reason_descriptions WHERE item_id = ?i AND type = ?s", $ip_data['item_id'], $ip_data['type']);
            }
            fn_set_notification('W', __('warning'), __('your_ip_removed', array('[ip]' => long2ip($ip['host']))));
        }
    }
    return true;
}
示例#2
0
function session_require($req)
{
    global $Language;
    /*
    	Codendi admins always return true
    */
    if (user_is_super_user()) {
        return true;
    }
    if (isset($req['group']) && $req['group']) {
        $query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']);
        if (isset($req['admin_flags']) && $req['admin_flags']) {
            $query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'";
        }
        if (db_numrows(db_query($query)) < 1 || !$req['group']) {
            exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view'));
        }
    } elseif (isset($req['user']) && $req['user']) {
        if (user_getid() != $req['user']) {
            exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view'));
        }
    } elseif (isset($req['isloggedin']) && $req['isloggedin']) {
        if (!user_isloggedin()) {
            exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login'));
        }
    } else {
        exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access'));
    }
}
  /**
   * Overrides \RestfulEntityBase::getQueryForList().
   */
  public function getQueryForList() {
    $query = parent::getQueryForList();
    // Get the configured roles.
    if (!$options = $this->getPluginKey('options')) {
      return $query;
    }

    // Get a list of role ids for the configured roles.
    $roles_list = user_roles();
    $selected_rids = array();
    foreach ($roles_list as $rid => $role) {
      if (in_array($role, $options['roles'])) {
        $selected_rids[] = $rid;
      }
    }
    if (empty($selected_rids)) {
      return $query;
    }

    // Get the list of user ids belonging to the selected roles.
    $uids = db_query('SELECT uid FROM {users_roles} WHERE rid IN (:rids)', array(
      ':rids' => $selected_rids,
    ))->fetchAllAssoc('uid');

    // Restrict the list of entities to the nodes authored by any user on the
    // list of users with the administrator role.
    if (!empty($uids)) {
      $query->propertyCondition('uid', array_keys($uids), 'IN');
    }

    return $query;
  }
示例#4
0
 public function load($node)
 {
     $sql = "SELECT author_name, media_source, url, pubdate FROM {newsarticle} WHERE vid = %d";
     $na = db_fetch_object(db_query($sql, $node->vid));
     $na->datestr = scf_date_string($na->pubdate);
     return $na;
 }
示例#5
0
文件: db.php 项目: Digitalbil/Choose
function db_insert($table, $hash)
{
    $fields = array_keys($hash);
    $sql = "INSERT INTO `{$table}` (`" . implode('`,`', $fields) . "`) VALUES ('" . implode("','", $hash) . "')";
    $result = db_query($sql);
    return mysql_insert_id();
}
示例#6
0
 function get_associations()
 {
     $d = new DBSelector();
     $d->add_table('ar', 'allowable_relationship');
     $d->add_table('allowable_relationship');
     $d->add_table('relationship');
     $d->add_table('entity');
     $d->add_relation('allowable_relationship.name = "site_to_type"');
     $d->add_relation('allowable_relationship.id = relationship.type');
     $d->add_relation('relationship.entity_a = ' . $this->admin_page->site_id);
     $d->add_relation('relationship.entity_b = ar.relationship_b');
     $d->add_relation('entity.id = ar.relationship_b');
     $d->add_field('entity', 'id', 'e_id');
     $d->add_field('entity', 'name', 'e_name');
     $d->add_field('ar', '*');
     $d->add_relation('ar.relationship_a = ' . $this->admin_page->type_id);
     if (reason_relationship_names_are_unique()) {
         $d->add_relation('ar.type = "association"');
     } else {
         $d->add_relation('ar.name != "owns"');
     }
     $d->add_relation('(ar.custom_associator IS NULL OR ar.custom_associator = "")');
     $r = db_query($d->get_query(), 'Error selecting relationships');
     $return_me = array();
     while ($row = mysql_fetch_array($r, MYSQL_ASSOC)) {
         $return_me[$row['id']] = $row;
     }
     $this->associations = $return_me;
     if (empty($this->admin_page->rel_id)) {
         reset($this->associations);
         list($key, ) = each($this->associations);
         $this->admin_page->rel_id = $key;
     }
 }
function viewcommentaryargs_dohook($hook, $args)
{
    global $currentCommentaryArea;
    switch ($hook) {
        case 'blockcommentarea':
            $currentCommentaryArea = $args['section'];
            break;
        case 'viewcommentary':
            $accounts = db_prefix('accounts');
            $commentary = db_prefix('commentary');
            preg_match("/bio.php\\?char=(.*)&ret/", $args['commentline'], $matches);
            $acctid = filter_var($matches[1], FILTER_SANITIZE_NUMBER_INT);
            $sql = db_query_cached("SELECT login, name FROM {$accounts} WHERE acctid = {$acctid}", "commentary-author_name-{$acctid}", 86400);
            $row = db_fetch_assoc($sql);
            $name = $row['name'];
            $login = $row['login'];
            $temp = explode($row['name'], $args['commentline']);
            $temp = str_replace('`3 says, "`#', '', $temp[1]);
            $temp = str_replace('`3"', '', $temp);
            $temp = str_replace('/me', '', $temp);
            $temp = str_replace(':', '', $temp);
            $temp = str_replace('</a>', '', $temp);
            $temp = full_sanitize($temp);
            $temp = addslashes(implode('%', str_split(trim($temp))));
            $sql = db_query("SELECT commentid, comment, postdate FROM {$commentary}\n                WHERE comment LIKE '%{$temp}%'\n                AND section = '{$currentCommentaryArea}'");
            $row = db_fetch_assoc($sql);
            $args = ['commentline' => $args['commentline'], 'section' => $currentCommentaryArea, 'commentid' => $row['commentid'], 'comment' => $row['comment'], 'author_acctid' => $acctid, 'author_login' => $login, 'author_name' => $name, 'date' => $row['postdate']];
            unset($row);
            unset($temp);
            break;
    }
    return $args;
}
示例#8
0
/**
 * Retrieves what Twitter accounts the given user can post to.
 */
function hook_twitter_accounts($drupal_user, $full_access = FALSE) {
  $accounts = array();
  if (user_access('use global twitter account') &&
      ($name = variable_get('twitter_global_name', NULL)) &&
      ($pass = variable_get('twitter_global_password', NULL))) {

    $accounts[$name] = array(
      'screen_name' => $name,
      'password' => $pass,
    );
  }

  $sql = " SELECT ta.*, tu.uid, tu.password, tu.import FROM {twitter_user} tu ";
  $sql .= "LEFT JOIN {twitter_account} ta ON (tu.screen_name = ta.screen_name) ";
  $sql .= "WHERE tu.uid = %d";

  if ($full_access) {
    $sql .= " AND tu.password IS NOT NULL";
  }
  $args = array($drupal_user->uid);
  $results = db_query($sql, $args);

  while ($account = db_fetch_array($results)) {
    $accounts[$account['screen_name']] = $account;
  }
  return $accounts;
}
示例#9
0
/**
 * Act on user objects when loaded from the database.
 *
 * Due to the static cache in user_load_multiple() you should not use this
 * hook to modify the user properties returned by the {users} table itself
 * since this may result in unreliable results when loading from cache.
 *
 * @param $users
 *   An array of user objects, indexed by uid.
 *
 * @see user_load_multiple()
 * @see profile_user_load()
 */
function hook_user_load($users)
{
    $result = db_query('SELECT uid, foo FROM {my_table} WHERE uid IN (:uids)', array(':uids' => array_keys($users)));
    foreach ($result as $record) {
        $users[$record->uid]->foo = $record->foo;
    }
}
示例#10
0
/**
 * Function update_access_time
 * This function updates the time a template was last edited
 * @param array $row_edit = an array returned from a mysql query
 * @return bool True or False if two params match
 * @version 1.0
 * @author Patrick Lockley
 */
function update_access_time($row_edit)
{
    global $xerte_toolkits_site;
    /* This function is called even if the template is new - in which case it fails as a record doesn't exist */
    db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET date_accessed=? WHERE template_id = ?", array(date('Y-m-d'), $row_edit['template_id']));
    return true;
}
示例#11
0
 /**
  * Cleans up variables by template.
  */
 public static function doVariablesCleanupByTemplate($template)
 {
     $result = db_query("\n    SELECT name FROM {variable}\n    WHERE name LIKE '" . $template . "'");
     foreach ($result as $row) {
         variable_del($row->name);
     }
 }
function cw_ps_bundle_update($product_id)
{
    global $tables, $config;
    $product_id = (int) $product_id;
    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
        cw_ps_bundle_redirect($product_id);
    }
    $offer_id = cw_call('cw_ps_offer_bundle_update', array($product_id, $_POST));
    // Delete selected products
    if (is_array($_POST['del_cond'])) {
        foreach ($_POST['del_cond'] as $k => $v) {
            $k = intval($k);
            db_query("DELETE FROM {$tables['ps_cond_details']} WHERE offer_id='{$offer_id}' AND object_id='{$k}' AND object_type='" . PS_OBJ_TYPE_PRODS . "'");
            db_query("DELETE FROM {$tables['ps_bonus_details']} WHERE offer_id='{$offer_id}' AND object_id='{$k}' AND object_type='" . PS_OBJ_TYPE_PRODS . "'");
        }
    }
    $cond_products = cw_query_column("SELECT object_id FROM {$tables['ps_cond_details']} WHERE offer_id='{$offer_id}' AND object_type='" . PS_OBJ_TYPE_PRODS . "'");
    if (count($cond_products) <= 1) {
        //delete offer
        cw_call('cw_ps_offer_delete', array($offer_id));
    }
    cw_array2update('ps_offers', array('auto' => 0), "offer_id='{$offer_id}'");
    // TODO: Domain assignation
    cw_ps_bundle_redirect($product_id);
}
示例#13
0
function teacher_login($login, $password)
{
    $sql = "SELECT teacher_id FROM teachers WHERE login='******' AND passwd='%s'";
    $res = db_query($sql, $login, md5($password));
    $row = mysql_fetch_assoc($res);
    return $row;
}
 /**
  * Displays links to all products that have not been categorized.
  *
  * @return
  *   Renderable form array.
  */
 public function orphans()
 {
     $build = array();
     if ($this->config('taxonomy.settings')->get('maintain_index_table')) {
         $vid = $this->config('uc_catalog.settings')->get('vocabulary');
         $product_types = uc_product_types();
         $field = FieldStorageConfig::loadByName('node', 'taxonomy_catalog');
         //@todo - figure this out
         // $field is a config object, not an array, so this doesn't work.
         //$types = array_intersect($product_types, $field['bundles']['node']);
         $types = $product_types;
         //temporary to get this to work at all
         $result = db_query('SELECT DISTINCT n.nid, n.title FROM {node_field_data} n LEFT JOIN (SELECT ti.nid, td.vid FROM {taxonomy_index} ti LEFT JOIN {taxonomy_term_data} td ON ti.tid = td.tid WHERE td.vid = :vid) txnome ON n.nid = txnome.nid WHERE n.type IN (:types[]) AND txnome.vid IS NULL', [':vid' => $vid, ':types[]' => $types]);
         $rows = array();
         while ($node = $result->fetchObject()) {
             $rows[] = $this->l($node->title, Url::fromRoute('entity.node.edit_form', ['node' => $node->nid], ['query' => ['destination' => 'admin/store/products/orphans']]));
         }
         if (count($rows) > 0) {
             $build['orphans'] = array('#theme' => 'item_list', '#items' => $rows);
         } else {
             $build['orphans'] = array('#markup' => $this->t('All products are currently listed in the catalog.'), '#prefix' => '<p>', '#suffix' => '</p>');
         }
     } else {
         $build['orphans'] = array('#markup' => $this->t('The node terms index is not being maintained, so Ubercart can not determine which products are not entered into the catalog.'), '#prefix' => '<p>', '#suffix' => '</p>');
     }
     return $build;
 }
function getPeriods($yr, $mo, $account, $dimension, $dimension2, $balance = false)
{
    //$begin = date2sql(begin_fiscalyear());
    $date13 = date('Y-m-d', mktime(0, 0, 0, $mo + 12, 1, $yr));
    $date12 = date('Y-m-d', mktime(0, 0, 0, $mo + 11, 1, $yr));
    $date11 = date('Y-m-d', mktime(0, 0, 0, $mo + 10, 1, $yr));
    $date10 = date('Y-m-d', mktime(0, 0, 0, $mo + 9, 1, $yr));
    $date09 = date('Y-m-d', mktime(0, 0, 0, $mo + 8, 1, $yr));
    $date08 = date('Y-m-d', mktime(0, 0, 0, $mo + 7, 1, $yr));
    $date07 = date('Y-m-d', mktime(0, 0, 0, $mo + 6, 1, $yr));
    $date06 = date('Y-m-d', mktime(0, 0, 0, $mo + 5, 1, $yr));
    $date05 = date('Y-m-d', mktime(0, 0, 0, $mo + 4, 1, $yr));
    $date04 = date('Y-m-d', mktime(0, 0, 0, $mo + 3, 1, $yr));
    $date03 = date('Y-m-d', mktime(0, 0, 0, $mo + 2, 1, $yr));
    $date02 = date('Y-m-d', mktime(0, 0, 0, $mo + 1, 1, $yr));
    $date01 = date('Y-m-d', mktime(0, 0, 0, $mo, 1, $yr));
    if (!$balance) {
        $sql = "SELECT SUM(CASE WHEN tran_date >= '{$date01}' AND tran_date < '{$date02}' THEN amount ELSE 0 END) AS per01,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date02}' AND tran_date < '{$date03}' THEN amount ELSE 0 END) AS per02,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date03}' AND tran_date < '{$date04}' THEN amount ELSE 0 END) AS per03,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date04}' AND tran_date < '{$date05}' THEN amount ELSE 0 END) AS per04,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date05}' AND tran_date < '{$date06}' THEN amount ELSE 0 END) AS per05,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date06}' AND tran_date < '{$date07}' THEN amount ELSE 0 END) AS per06,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date07}' AND tran_date < '{$date08}' THEN amount ELSE 0 END) AS per07,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date08}' AND tran_date < '{$date09}' THEN amount ELSE 0 END) AS per08,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date09}' AND tran_date < '{$date10}' THEN amount ELSE 0 END) AS per09,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date10}' AND tran_date < '{$date11}' THEN amount ELSE 0 END) AS per10,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date11}' AND tran_date < '{$date12}' THEN amount ELSE 0 END) AS per11,\n\t\t   \t\tSUM(CASE WHEN tran_date >= '{$date12}' AND tran_date < '{$date13}' THEN amount ELSE 0 END) AS per12\n    \t\t\tFROM " . TB_PREF . "gl_trans\n\t\t\t\tWHERE account='{$account}'";
    } else {
        $sql = "SELECT SUM(CASE WHEN tran_date < '{$date02}' THEN amount ELSE 0 END) AS per01,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date03}' THEN amount ELSE 0 END) AS per02,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date04}' THEN amount ELSE 0 END) AS per03,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date05}' THEN amount ELSE 0 END) AS per04,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date06}' THEN amount ELSE 0 END) AS per05,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date07}' THEN amount ELSE 0 END) AS per06,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date08}' THEN amount ELSE 0 END) AS per07,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date09}' THEN amount ELSE 0 END) AS per08,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date10}' THEN amount ELSE 0 END) AS per09,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date11}' THEN amount ELSE 0 END) AS per10,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date12}' THEN amount ELSE 0 END) AS per11,\n\t\t   \t\tSUM(CASE WHEN tran_date < '{$date13}' THEN amount ELSE 0 END) AS per12\n    \t\t\tFROM " . TB_PREF . "gl_trans\n\t\t\t\tWHERE account='{$account}'";
    }
    if ($dimension != 0) {
        $sql .= " AND dimension_id = " . ($dimension < 0 ? 0 : db_escape($dimension));
    }
    if ($dimension2 != 0) {
        $sql .= " AND dimension2_id = " . ($dimension2 < 0 ? 0 : db_escape($dimension2));
    }
    $result = db_query($sql, "Transactions for account {$account} could not be calculated");
    return db_fetch($result);
}
示例#16
0
function svn_data_get_revision_detail($group_id, $commit_id, $rev_id = 0, $order = '')
{
    $order_str = "";
    if ($order) {
        if ($order != 'filename') {
            // SQLi Warning: no real possibility to escape $order here.
            // We rely on a proper filtering of user input by calling methods.
            $order_str = " ORDER BY " . $order;
        } else {
            $order_str = " ORDER BY dir, file";
        }
    }
    //check user access rights
    $pm = ProjectManager::instance();
    $project = $pm->getProject($group_id);
    $forbidden = svn_utils_get_forbidden_paths(user_getname(), $project->getSVNRootPath());
    $where_forbidden = "";
    if (!empty($forbidden)) {
        while (list($no_access, ) = each($forbidden)) {
            $where_forbidden .= " AND svn_dirs.dir not like '%" . db_es(substr($no_access, 1)) . "%' ";
        }
    }
    // if the subversion revision id is given then it akes precedence on
    // the internal commit_id (this is to make it easy for users to build
    // URL to access a revision
    if ($rev_id) {
        // To be done -> get the commit ID from the svn-commit table
        $sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.revision=" . db_ei($rev_id) . " " . "AND svn_commits.group_id=" . db_ei($group_id) . " " . $where_forbidden . $order_str;
    } else {
        $sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.id=" . db_ei($commit_id) . " " . $where_forbidden . $order_str;
    }
    $result = db_query($sql);
    return $result;
}
示例#17
0
function fn_product_price_calculator_clone_product_post($product_id, $pid, $orig_name, $new_name)
{
    if (fn_check_price_calc($product_id) == 'Y') {
        $fields = fn_get_fields($product_id);
        if (!empty($fields)) {
            foreach ($fields as $v) {
                $v['product_id'] = $pid;
                db_query('INSERT INTO ?:ppc ?e', $v);
            }
        }
        $formula = db_get_field('SELECT formula FROM ?:ppc_formula WHERE product_id = ?i', $product_id);
        $for_des = fn_get_formula_description($product_id);
        $product_options = fn_get_product_options($product_id, CART_LANGUAGE);
        $new_product_options = fn_get_product_options($pid, CART_LANGUAGE);
        foreach ($product_options as $k => $v) {
            foreach ($new_product_options as $k1 => $v1) {
                if ($v['option_name'] == $v1['option_name']) {
                    $formula = str_replace("[opt_{$k}]", "[opt_{$k1}]", $formula);
                    $formula = str_replace("[optw_{$k}]", "[optw_{$k1}]", $formula);
                    break;
                }
            }
        }
        db_query('INSERT INTO ?:ppc_formula VALUES (?i, ?s, ?s)', $pid, $formula, $for_des);
    }
}
示例#18
0
 public function getMails()
 {
     // Note: The mail system may be hardcoded in settings.php.
     $mail_array = array();
     if ($this->maillog) {
         $results = db_query("SELECT idmaillog, header_from, header_to, header_reply_to, header_all, subject, body FROM {maillog}");
         foreach ($results as $result) {
             $mail = array();
             // Reformat the results to match what TestMailSystem creates.
             $mail['to'] = $result->header_to;
             $mail['from'] = $result->header_from;
             $mail['subject'] = $result->subject;
             $mail['body'] = $result->body;
             $mail_array[] = $mail;
         }
         return $mail_array;
     }
     // We can't use variable_get() because $conf is only fetched once per
     // scenario... (TODO IS THIS TRUE? seems like it should work fine because of variable_set()
     // setting the database and $conf (settings cache) --Frank)
     $variables = array_map('unserialize', db_query("SELECT name, value FROM {variable} WHERE name = 'drupal_test_email_collector'")->fetchAllKeyed());
     if (isset($variables['drupal_test_email_collector'])) {
         return $variables['drupal_test_email_collector'];
     }
     return $mail_array;
 }
示例#19
0
 public static function login($name, $email, $user)
 {
     if (!$name || !$user) {
         throw new Exception('Wypełnij wszystkie pola.');
     }
     $user = new ChatUser(array('name' => $name, 'gravatar' => $user));
     include_once "../db_connect.php";
     include_once "../include/ust.php";
     $Querys = 'SELECT * FROM ' . $pre . 'user WHERE user_id=' . $_SESSION['user_id'] . '';
     $results = db_query($Querys) or die(db_error());
     while ($rows = db_fetch($results)) {
         $ile_pkt = $rows['user_money'];
         if ($rows['user_vip'] >= time()) {
             $czy_vp = 1;
         }
         $user_chat = $rows['user_chat'];
     }
     if ($user_chat == 1) {
         throw new Exception('Masz zablokowany dostęp do czatu.');
     }
     if ($czy_vp != 1) {
         if ($ile_pkt > $ust['chatp']) {
             $up = "UPDATE " . $pre . "user SET user_money=user_money-" . $ust['chatp'] . " WHERE user_id='" . db_real_escape_string($_SESSION['user_id']) . "'";
             db_query($up);
         } else {
             throw new Exception('Masz zamało punktów by dołączyć do czatu.');
         }
     }
     // The save method returns a MySQLi object
     if ($user->save()->affected_rows != 1) {
         throw new Exception('Nick jest zajęty.');
     }
     $_SESSION['user'] = array('name' => $name, 'gravatar' => $user);
     return array('status' => 1, 'name' => $name, 'gravatar' => $user);
 }
 /**
  * Fill the arrays $this->source_refs_datas and $this->target_refs_datas
  * for the current CrossReferenceFactory  
  */
 function fetchDatas()
 {
     $sql = "SELECT * \n                FROM cross_references \n                WHERE  (target_gid=" . $this->entity_gid . " AND target_id='" . $this->entity_id . "' AND target_type='" . $this->entity_type . "' ) \n                     OR (source_gid=" . $this->entity_gid . " AND source_id='" . $this->entity_id . "' AND source_type='" . $this->entity_type . "' )";
     $res = db_query($sql);
     if ($res && db_numrows($res) > 0) {
         $this->source_refs_datas = array();
         $this->target_refs_datas = array();
         while ($field_array = db_fetch_array($res)) {
             $target_id = $field_array['target_id'];
             $target_gid = $field_array['target_gid'];
             $target_type = $field_array['target_type'];
             $target_key = $field_array['target_keyword'];
             $source_id = $field_array['source_id'];
             $source_gid = $field_array['source_gid'];
             $source_type = $field_array['source_type'];
             $source_key = $field_array['source_keyword'];
             $user_id = $field_array['user_id'];
             $created_at = $field_array['created_at'];
             if ($target_id == $this->entity_id && $target_gid == $this->entity_gid && $target_type == $this->entity_type) {
                 $this->source_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
             }
             if ($source_id == $this->entity_id && $source_gid == $this->entity_gid && $source_type == $this->entity_type) {
                 $this->target_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
             }
         }
     }
 }
示例#21
0
 function query($sql, $params = array(), $security_override = false)
 {
     global $db_prefix, $user_info, $user_info;
     if (empty($sql)) {
         return false;
     }
     // Set this in global space
     $this->params = $params;
     // Figure out the file and line
     if (function_exists('debug_backtrace')) {
         $trace = debug_backtrace();
         $file = $trace[0]['file'];
         $line = $trace[0]['line'];
     } else {
         $file = __FILE__;
         $line = __LINE__;
     }
     // Perform the replace
     if (!$security_override) {
         $this->sql = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', array(&$this, '_replace_callback'), $sql);
     } else {
         $this->sql = $sql;
     }
     // Perform the query
     $this->result = db_query($this->sql, $file, $line);
 }
示例#22
0
 /**
  * Confirms that we can update two blob columns in the same table.
  */
 function testUpdateMultipleBlob()
 {
     $id = db_insert('test_two_blobs')->fields(array('blob1' => 'This is', 'blob2' => 'a test'))->execute();
     db_update('test_two_blobs')->condition('id', $id)->fields(array('blob1' => 'and so', 'blob2' => 'is this'))->execute();
     $r = db_query('SELECT * FROM {test_two_blobs} WHERE id = :id', array(':id' => $id))->fetchAssoc();
     $this->assertTrue($r['blob1'] === 'and so' && $r['blob2'] === 'is this', 'Can update multiple blobs per row.');
 }
示例#23
0
function register_valid()
{
    if (!$GLOBALS["Update"]) {
        return 0;
    }
    // check against old pw
    $res = db_query("SELECT user_pw, status FROM users WHERE user_id=" . user_getid());
    $row_pw = db_fetch_array($res);
    if ($row_pw[user_pw] != md5($GLOBALS[form_oldpw])) {
        $GLOBALS[register_error] = "Old password is incorrect.";
        return 0;
    }
    if ($row_pw[status] != 'A') {
        $GLOBALS[register_error] = "Account must be active to change password.";
        return 0;
    }
    if (!$GLOBALS[form_pw]) {
        $GLOBALS[register_error] = "You must supply a password.";
        return 0;
    }
    if ($GLOBALS[form_pw] != $GLOBALS[form_pw2]) {
        $GLOBALS[register_error] = "Passwords do not match.";
        return 0;
    }
    if (!account_pwvalid($GLOBALS[form_pw])) {
        return 0;
    }
    // if we got this far, it must be good
    $user =& user_get_object(user_getid());
    if (!$user->setPasswd($GLOBALS['form_pw'])) {
        $GLOBALS['register_error'] = $user->getErrorMessage();
        return 0;
    }
    return 1;
}
 /**
  * build pie chart properties
  *
  * @param Pie_Engine $engine object
  */
 function buildProperties($engine)
 {
     parent::buildProperties($engine);
     $engine->data = array();
     $engine->legend = null;
     $result = array();
     $ff = Tracker_FormElementFactory::instance();
     $af = $ff->getFormElementById($this->chart->getField_base());
     if ($af && $af->userCanRead()) {
         $select = " SELECT count(a.id) AS nb, " . $af->getQuerySelect();
         $from = " FROM tracker_artifact AS a INNER JOIN tracker_changeset AS c ON (c.artifact_id = a.id) " . $af->getQueryFrom();
         $where = " WHERE a.id IN (" . $this->artifacts['id'] . ") \n                          AND c.id IN (" . $this->artifacts['last_changeset_id'] . ") ";
         $sql = $select . $from . $where . ' GROUP BY ' . $af->getQueryGroupBy();
         $res = db_query($sql);
         while ($data = db_fetch_array($res)) {
             if ($data[$af->name] !== null) {
                 $engine->data[] = $data['nb'];
                 $engine->legend[] = $af->fetchRawValue($data[$af->name]);
             } else {
                 $engine->data[] = $data['nb'];
                 $engine->legend[] = $GLOBALS['Language']->getText('global', 'none');
             }
         }
     }
     return $result;
 }
示例#25
0
/**
 * Perform a single batch operation.
 *
 * Callback for batch_set().
 *
 * @param $MULTIPLE_PARAMS
 *   Additional parameters specific to the batch. These are specified in the
 *   array passed to batch_set().
 * @param $context
 *   The batch context array, passed by reference. This contains the following
 *   properties:
 *   - 'finished': A float number between 0 and 1 informing the processing
 *     engine of the completion level for the operation. 1 (or no value
 *     explicitly set) means the operation is finished: the operation will not
 *     be called again, and execution passes to the next operation or the
 *     callback_batch_finished() implementation. Any other value causes this
 *     operation to be called again; however it should be noted that the value
 *     set here does not persist between executions of this callback: each time
 *     it is set to 1 by default by the batch system.
 *   - 'sandbox': This may be used by operations to persist data between
 *     successive calls to the current operation. Any values set in
 *     $context['sandbox'] will be there the next time this function is called
 *     for the current operation. For example, an operation may wish to store a
 *     pointer in a file or an offset for a large query. The 'sandbox' array key
 *     is not initially set when this callback is first called, which makes it
 *     useful for determining whether it is the first call of the callback or
 *     not:
 *     @code
 *       if (empty($context['sandbox'])) {
 *         // Perform set-up steps here.
 *       }
 *     @endcode
 *     The values in the sandbox are stored and updated in the database between
 *     http requests until the batch finishes processing. This avoids problems
 *     if the user navigates away from the page before the batch finishes.
 *   - 'message': A text message displayed in the progress page.
 *   - 'results': The array of results gathered so far by the batch processing.
 *     This array is highly useful for passing data between operations. After
 *     all operations have finished, this is passed to callback_batch_finished()
 *     where results may be referenced to display information to the end-user,
 *     such as how many total items were processed.
 */
function callback_batch_operation($MULTIPLE_PARAMS, &$context)
{
    if (!isset($context['sandbox']['progress'])) {
        $context['sandbox']['progress'] = 0;
        $context['sandbox']['current_node'] = 0;
        $context['sandbox']['max'] = db_query('SELECT COUNT(DISTINCT nid) FROM {node}')->fetchField();
    }
    // For this example, we decide that we can safely process
    // 5 nodes at a time without a timeout.
    $limit = 5;
    // With each pass through the callback, retrieve the next group of nids.
    $result = db_query_range("SELECT nid FROM {node} WHERE nid > %d ORDER BY nid ASC", $context['sandbox']['current_node'], 0, $limit);
    while ($row = db_fetch_array($result)) {
        // Here we actually perform our processing on the current node.
        $node = node_load($row['nid'], NULL, TRUE);
        $node->value1 = $options1;
        $node->value2 = $options2;
        node_save($node);
        // Store some result for post-processing in the finished callback.
        $context['results'][] = check_plain($node->title);
        // Update our progress information.
        $context['sandbox']['progress']++;
        $context['sandbox']['current_node'] = $node->nid;
        $context['message'] = t('Now processing %node', array('%node' => $node->title));
    }
    // Inform the batch engine that we are not finished,
    // and provide an estimation of the completion level we reached.
    if ($context['sandbox']['progress'] != $context['sandbox']['max']) {
        $context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
    }
}
 function ArtifactFromID($id, $data = false)
 {
     if ($data) {
         $art_arr =& $data;
     } else {
         $res = db_query("SELECT * FROM artifact_vw WHERE artifact_id='{$id}'");
         if (!$res || db_numrows($res) < 1) {
             $this->setError("Invalid Artifact ID");
             return false;
         } else {
             $art_arr =& db_fetch_array($res);
         }
     }
     $at = artifactType_get_object($art_arr['group_artifact_id']);
     if (!$at || !is_object($at)) {
         $this->setError("Could Not Create ArtifactType");
         return false;
     } elseif ($at->isError()) {
         $this->setError($at->getErrorMessage());
         return false;
     }
     $this->ArtifactType =& $at;
     $a = artifact_get_object($id, $art_arr);
     if (!$a || !is_object($a)) {
         $this->setError("Could Not Create Artifact");
         return false;
     } elseif ($a->isError()) {
         $this->setError($a->getErrorMessage());
         return false;
     }
     $this->Artifact =& $a;
     return true;
 }
/**
* Act on profiles being loaded from the database.
*
* This hook is invoked during profile loading, which is handled by
* entity_load(), via the EntityCRUDController.
*
* @param $entities
*   An array of profile2 entities being loaded, keyed by id.
*
* @see hook_entity_load()
*/
function hook_profile2_load($entities)
{
    $result = db_query('SELECT pid, foo FROM {mytable} WHERE pid IN(:ids)', array(':ids' => array_keys($entities)));
    foreach ($result as $record) {
        $entities[$record->pid]->foo = $record->foo;
    }
}
示例#28
0
 public static function apiUpdateOrder($order, $response)
 {
     if (!defined('ORDER_MANAGEMENT')) {
         define('ORDER_MANAGEMENT', true);
     }
     if (!empty($order['status'])) {
         $statuses = fn_get_statuses(STATUSES_ORDER, false, true);
         if (!isset($statuses[$order['status']])) {
             $response->addError('ERROR_OBJECT_UPDATE', str_replace('[object]', 'orders', __('twgadmin_wrong_api_object_data')));
         } else {
             fn_change_order_status($order['order_id'], $order['status']);
         }
     }
     $cart = array();
     fn_clear_cart($cart, true);
     $customer_auth = fn_fill_auth(array(), array(), false, 'C');
     fn_form_cart($order['order_id'], $cart, $customer_auth);
     $cart['order_id'] = $order['order_id'];
     // update only profile data
     $profile_data = fn_check_table_fields($order, 'user_profiles');
     $cart['user_data'] = fn_array_merge($cart['user_data'], $profile_data);
     fn_calculate_cart_content($cart, $customer_auth, 'A', true, 'I');
     if (!empty($order['details'])) {
         db_query('UPDATE ?:orders SET details = ?s WHERE order_id = ?i', $order['details'], $order['order_id']);
     }
     if (!empty($order['notes'])) {
         $cart['notes'] = $order['notes'];
     }
     list($order_id, $process_payment) = fn_place_order($cart, $customer_auth, 'save');
     return array($order_id, $process_payment);
 }
function dwellings_run()
{
    checkday();
    page_header("Dwellings");
    global $session;
    $op = httpget("op");
    $dwid = httpget('dwid');
    $type = httpget('type');
    debug(get_module_pref("location_saver"));
    if ($type == "" && $dwid > 0) {
        $sql = "SELECT type FROM " . db_prefix("dwellings") . " WHERE dwid={$dwid}";
        $result = db_query($sql);
        $row = db_fetch_assoc($result);
        $type = $row['type'];
    }
    $cityid = httpget('cityid');
    require_once "modules/dwellings/run/case_{$op}.php";
    if ($op != "list" && $op != "") {
        addnav("Leave");
        addnav("Return to Hamlet", "runmodule.php?module=dwellings");
    } else {
        addnav("Navigation");
        villagenav();
    }
    page_footer();
}
示例#30
0
function del_same_editor_rights()
{
    /*Проверка прав на выполнение действия*/
    if (!check_rights('add_same_editor_rights')) {
        return "У вас нет соответствующих прав";
    }
    /*Получаем и проверяем данные от пользователя*/
    $editor_id = (int) $_GET['editor'];
    /*Получаем и проверяем данные от пользователя*/
    $user_id = (int) $_GET['user'];
    /*Проверка входных данных*/
    if (db_easy_count("SELECT * FROM `phpbb_users` WHERE `user_id`={$editor_id} AND `timetable_editor`=1") == 0) {
        return "Ошибка в формате входных данных (editor)";
    }
    /*Проверка входных данных*/
    if (db_easy_count("SELECT * FROM `phpbb_users` WHERE `user_id`={$user_id}") == 0) {
        return "Ошибка в формате входных данных (user)";
    }
    //Запрос к базе
    if (db_easy_count("SELECT * FROM `phpbb_timetable_editors_rights` WHERE `user_id`={$user_id} AND `editor_id`={$editor_id}") > 0) {
        $insertRES = db_query("DELETE FROM `phpbb_timetable_editors_rights` WHERE `user_id`={$user_id} AND `editor_id`={$editor_id}");
    }
    /*Проверка правильности выполнения запроса к БД*/
    if (!db_result($insertRES)) {
        return "Ошибка при выполнении (DELETE)";
    }
    //Выполняем HTTP запрос
    header("location: /manager.php?action=show_timetable_rights");
}