function storeData($title, $meanings, $synonyms)
{
global $insert_count, $db;
$meanings_str = finalClean(join("\n", $meanings));
$synonyms_str = finalClean(join("\n", $synonyms));
$query = sprintf("INSERT INTO wiktionary (headword, meanings, synonyms) VALUES ('%s', '%s', '%s')", addslashes($title), myaddslashes($meanings_str), myaddslashes($synonyms_str));
$db->query($query);
$insert_count++;
#print "<p>$title:<br> MEAN:".join(',', $meanings)."<br>";
#print " SYNO:".join(',', $synonyms);
}
function openthesaurus_searchSynonyms($query)
{
$start = getmicrotime();
$items = array();
$query_str = sprintf("\n\t\tSELECT words.id AS word_id, word, meaning_id\n\t\tFROM words, word_meanings, meanings\n\t\tWHERE \n\t\t\tword = '%s' AND\n\t\t\twords.id = word_meanings.word_id AND\n\t\t\tword_meanings.meaning_id = meanings.id AND\n\t\t\tmeanings.hidden = 0\n\t\n\t\tUNION\n\n\t\tSELECT words.id AS word_id, word, meaning_id\n\t\tFROM words, word_meanings, meanings\n\t\tWHERE \n\t\t\tlookup = '%s' AND\n\t\t\twords.id = word_meanings.word_id AND\n\t\t\tword_meanings.meaning_id = meanings.id AND\n\t\t\tmeanings.hidden = 0\n\n\t\tORDER BY word", myaddslashes($query), myaddslashes($query), myaddslashes($query), myaddslashes($query));
$db = new DB_Thesaurus();
$db->query($query_str);
$synmatches = 1;
if ($db->nf() == 0) {
$item['words'] = array();
$items[] = $item;
}
while ($db->next_record()) {
$mid = $db->f('meaning_id');
$item['words'] = getSynsetWithUsage($db->f('meaning_id'), 1);
$items[] = $item;
}
$_GET['search'] = 1;
# otherwise logSearch ignores the search
logSearch($db, $query, $db->nf(), 0, getEndTimer(), 1);
XMLRPC_response(XMLRPC_prepare($items), KD_XMLRPC_USERAGENT);
}
}
$query = "";
if ($auth->auth['uname'] == 'admin') {
$query = sprintf("UPDATE meanings\n\t\t\tSET subject_id = %s,\n\t\t\t\t%s\n\t\t\t\thidden = %s\n\t\t\tWHERE\n\t\t\t\tid = %d", $new_id, $distinction_sql, myaddslashes($new_hidden), myaddslashes(uservar('mid')));
} else {
$query = sprintf("UPDATE meanings\n\t\t\tSET subject_id = %s\n\t\t\tWHERE\n\t\t\t\tid = %d", $new_id, myaddslashes(uservar('mid')));
}
$db->query($query);
$query = sprintf("SELECT subject FROM subjects WHERE id = %d", $new_id);
$db->query($query);
$db->next_record();
$new_subject = $db->f('subject');
doLog(getSynsetString(uservar('mid'), 3), uservar('mid'), CHANGE_SUBJECT, uservar('oldsubject') . "->" . $new_subject);
$changed = 1;
}
$query = sprintf("SELECT id, subject_id, distinction, hidden\n\tFROM meanings\n\tWHERE id = %d", myaddslashes(uservar('mid')));
$db->query($query);
if ($db->nf() == 0) {
print "ID not found";
return;
}
$db->next_record();
$subject_id = $db->f('subject_id');
$title = sprintf(_("Details for synset '%s'"), getSynsetString(uservar('mid'), 3));
function popdownlist()
{
global $db, $subject_id;
$query = "SELECT id, subject FROM subjects ORDER By subject";
$db->query($query);
$i = 0;
print '<select name="subject_id">';
include "../include/phplib/prepend.php3";
$cancel_login = 1;
page_open(array("sess" => "Thesaurus_Session", "auth" => "Thesaurus_Default_Auth"));
include "../include/tool.php";
$db = new DB_Thesaurus();
$title = _("All words A-Z");
$stop_robots = 1;
include "../include/top.php";
?>
<br />
<?php
$start_chars = "";
if (array_key_exists('start', $_GET) && $_GET['start']) {
$start_chars = myaddslashes($_GET['start']);
} else {
$start_chars = "A";
}
$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z');
$subchar = "";
// first level:
$i = 0;
print "<div class=\"allchars\">";
foreach ($chars as $char) {
if ($i > 0) {
print " | ";
}
if ($start_chars && strpos($start_chars, $char) === 0) {
print "<strong>" . $char . "</strong>";
$subchar = $char;
function setNewAntonym($thisWMID, $newWMID)
{
global $db;
$this_id = myaddslashes($thisWMID);
$new_antonym_id = myaddslashes($newWMID);
$query = sprintf("SELECT id FROM antonyms\n\t\tWHERE word_meaning_id1 = %d OR word_meaning_id2 = %d", $this_id, $this_id);
#print $query."<p>";
$db->query($query);
if ($db->nf() == 0) {
$next_id = $db->nextid("antonyms");
# The INSERT statement can lead to an duplicate key error if the new antonym
# is already connected to a different word as its antonym, so check before:
$query = sprintf("SELECT * FROM antonyms WHERE word_meaning_id1 = %d OR word_meaning_id2 = %d", myaddslashes($newWMID), myaddslashes($newWMID));
$db->query($query);
if ($db->nf() > 0) {
print T_("Error: the antonym you selected is already connected to a different word.");
exit;
}
$query = sprintf("INSERT INTO antonyms (id, word_meaning_id1, word_meaning_id2)\n\t\t\tVALUES (%d, %d, %d)", $next_id, myaddslashes($newWMID), myaddslashes($thisWMID));
#print $query;
$db->query($query);
// Logging:
// FIXME: should be moved before the INSERT query is executed, but the
// INSERT can lead to an error and we don't want to log the action in that case:
list($word1, $mid) = getAntonymWord($this_id, $db);
list($word2, $mid) = getAntonymWord($newWMID, $db);
doLog(join(', ', getSynset($this_id, 3)), $mid, ADD_ANTONYM, $word1 . "<->" . $word2);
} else {
if ($db->nf() == 1) {
// Logging:
list($word1, $mid) = getAntonymWord($this_id, $db);
list($word2, $mid) = getAntonymWord($newWMID, $db);
doLog(join(', ', getSynset($this_id, 3)), $mid, CHANGE_ANTONYM, $word1 . "<->" . $word2);
# one of the next two UPDATE statements will succeed:
$query = sprintf("UPDATE antonyms\n\t\t\tSET word_meaning_id2 = %d\n\t\t\tWHERE word_meaning_id1 = %d", $newWMID, $this_id);
#print $query."<p>";
$db->query($query);
$query = sprintf("UPDATE antonyms\n\t\t\tSET word_meaning_id1 = %d\n\t\t\tWHERE word_meaning_id2 = %d", $newWMID, $this_id);
#print $query."<p>";
$db->query($query);
} else {
print "Internal error: more than one match for {$query}";
return;
}
}
}
function MakeSemiSafe($UnsafeSource)
{
return myaddslashes(removeEvilTags(trim($UnsafeSource)));
}
?>
. <a href="../add.php?word=<?php
print urlencode($word_org);
?>
"><?php
print escape($word_org);
?>
</a><br />
<?php
}
}
print "<br><br>{$i} words";
print "<h2>Unknown word forms</h2>";
reset($words);
while (list($count, $word) = each($words)) {
$query = sprintf("SELECT word\n\t\t\tFROM word_forms\n\t\t\tWHERE word = '%s'", myaddslashes($word));
$db->query($query);
if ($db->nf() == 0) {
print $word;
print " ";
} else {
# MySQL 'select' is case-insensitive, so make sure also those words
# are displayed as unknown that exist in the table but with different
# upper/lowercase spelling:
$same_case = 0;
while ($db->next_record()) {
if ($db->f('word') == $word) {
$same_case = 1;
break;
}
}
// username exists already
header("Location: remind.php?email=" . urlencode(uservar('email')));
return;
}
$username = uservar('email');
$pwd = generatePassword(5);
$to = uservar('email');
$from = "dontreply@" . DOMAIN;
$subject = T_("Registered on ") . DOMAIN;
$message = "\n" . _("You have succesfully registered on ") . HOMEPAGE . "\n" . _("Username: "******"{$username}\n" . _("Password: "******"{$pwd}\n";
$ret = mail($to, $subject, $message, "From: {$from}");
if (!$ret) {
print "Error: could not send mail";
return;
}
$query = sprintf("INSERT INTO auth_user \n\t(user_id, username, password, perms, subs_date, blocked)\n\tVALUES ('%s', '%s', '%s', 'user', '%s', 0)", myaddslashes(escape(uservar('email'))), myaddslashes(escape(uservar('email'))), $pwd, date("Y-m-d H:i:s"));
$db->query($query);
if (MAILING_LIST_SUBSCRIBE && uservar('list') == 1) {
$to = MAILING_LIST_SUBSCRIBE;
$from = uservar('email');
$subject = "subscribe";
$message = "";
$ret = mail($to, $subject, $message, "From: {$from}");
if (!$ret) {
print "Error: could not send mailing list subscription mail";
return;
}
}
function generatePassword($length)
{
// generate a random password:
function logSearch($db, $term, $matches, $submatch, $searchtime, $webservice = 0)
{
$searchform = 0;
if (array_key_exists('search', $_GET) && $_GET['search'] == 1) {
// only log explicit searches (not clicks on links)
$searchform = 1;
} else {
if (array_key_exists('search', $_GET) && $_GET['search'] == 2) {
// also log searches via Firefox (Sherlock) search:
$searchform = 2;
}
}
$query = sprintf("INSERT INTO\n\t\t\tsearch_log (term, date, matches, submatch, ip, searchtime, searchform, webservice)\n\t\t\tVALUES ('%s', '%s', %d, %d, '%s', %s, %d, %d)", myaddslashes(trim($term)), date("Y-m-d H:i:s"), $matches, $submatch, getenv('REMOTE_ADDR'), $searchtime, $searchform, $webservice);
$db->query($query);
}
// NOTE: this file is UTF-8!
$start = getmicrotime();
$queryterm = trim($_GET['word']);
$links = array();
function wiktionaryClean($s)
{
$s = preg_replace("/:(\\[[\\d,]+\\])/", "<span class=\"wiktionarymeaning\">\$1</span>", $s);
$s = preg_replace("/\\[\\[/", "", $s);
$s = preg_replace("/\\]\\]/", "", $s);
$s = preg_replace("/<sup>(.*)<\\/sup>/", "<span class=\"wiktionarymeaningref\">\$1</span>", $s);
return $s;
}
$match = 0;
if ($queryterm != "") {
$query = sprintf("SELECT headword, meanings, synonyms FROM wiktionary WHERE headword = '%s'", myaddslashes($queryterm));
//myaddslashes(iconv("latin1", "utf8", $queryterm)));
$db->query($query);
$match = $db->next_record();
$wikiword = $db->f('headword');
$wikilink = "http://de.wiktionary.org/w/index.php?title=" . urlencode($wikiword);
$wikilink_history = "http://de.wiktionary.org/w/index.php?title=" . urlencode($wikiword) . "&action=history";
$wikilink_edit = "http://de.wiktionary.org/w/index.php?title=" . urlencode($wikiword) . "&action=edit";
#$wikiword = iconv("utf8", "latin1", $wikiword);
if (!$match) {
$wikilink = "http://de.wiktionary.org/";
}
?>
<p class="compact"><strong><a href="http://de.wiktionary.org">Wiktionary</a></strong>:</p>
<ul class="compact">
<?php
// $return_action = "list";
// include('templates/back_button.responders.php');
} elseif ($action == "do_update") {
if (!ResponderExists($Responder_ID)) {
admin_redirect();
}
$Resp_Name = MakeSemiSafe($_REQUEST['Resp_Name']);
$Resp_Desc = MakeSemiSafe($_REQUEST['Resp_Desc']);
$Reply_To = MakeSafe($_REQUEST['Reply_To']);
$Owner_Name = MakeSafe($_REQUEST['Owner_Name']);
$Owner_Email = MakeSafe($_REQUEST['Owner_Email']);
$OptMethod = MakeSafe($_REQUEST['OptMethod']);
$OptInRedir = MakeSafe($_REQUEST['OptInRedir']);
$OptOutRedir = MakeSafe($_REQUEST['OptOutRedir']);
$OptInDisp = myaddslashes($_REQUEST['OptInDisplay']);
$OptOutDisp = myaddslashes($_REQUEST['OptOutDisplay']);
$NotifyOwner = MakeSemiSafe($_REQUEST['NotifyOwner']);
if ($OptMethod != "Double") {
$OptMethod = "Single";
}
if ($NotifyOwner != "1") {
$NotifyOwner = "0";
}
$query = "UPDATE " . $infresponders . "\n\t\t\tSET Name = '{$Resp_Name}',\n\t\t\tResponderDesc = '{$Resp_Desc}',\n\t\t\tOwnerEmail = '{$Owner_Email}',\n\t\t\tOwnerName = '{$Owner_Name}',\n\t\t\tReplyToEmail = '{$Reply_To}',\n\t\t\tOptMethod = '{$OptMethod}',\n\t\t\tOptInRedir = '{$OptInRedir}',\n\t\t\tOptOutRedir = '{$OptOutRedir}',\n\t\t\tOptInDisplay = '{$OptInDisp}',\n\t\t\tOptOutDisplay = '{$OptOutDisp}',\n\t\t\tNotifyOwnerOnSub = '{$NotifyOwner}'\n\t\t\tWHERE ResponderID = '{$Responder_ID}'";
$DB_result = mysql_query($query) or die("Invalid query: " . mysql_error());
# MOD set message and return to list
$_SESSION['inf_resp_msg'] = "Responder Saved!";
$action = "list";
# Done!
// print "<H3 style=\"color : #003300\">Responder Saved!</H3> \n";
// print "<font size=4 color=\"#666666\">Return to list. <br></font> \n";
}else{
$_SESSION['sent'] = 1;
$_SESSION['sent_text'] = "Вы робот!";
$refer = $_SERVER['HTTP_REFERER'];
echo '<script> document.location.href = "'.$refer.'"; </script>';
exit();
}
}
if($act=="subscriber")
{
if($_REQUEST['name']==''){
$email = myaddslashes($_REQUEST['email']);
$currtime = time();
$sql = "INSERT INTO $par->subscriberstable SET `date`=$currtime, `email`='$email'";
mysql_query($sql);
$lastid = mysql_insert_id();
$sql = "UPDATE $par->subscriberstable SET `prior`=$lastid WHERE id=$lastid";
mysql_query($sql);
$body = "Email: $email";
mailer($par->adminemail,$par->adminemail,$par->server." Нова підписка на новини",$body);
$mess = $_REQUEST['mess'];
$_SESSION['sent'] = 1;
print '<strong><a href="word_detail.php?wmid='
.$db->f('wmid').'" title="'.
_("Modify word properties").'">'.$word_displ.'</a></strong>';
} else {
print "<strong>".$word_displ."</strong>";
}
?>
<?php
$term_ids = array();
// having two queries is faster then "... word = ... OR lookup = ...":
$inner_query = sprintf("SELECT id FROM words WHERE word = '%s'", myaddslashes($orig_word));
$inner_db->query($inner_query);
while( $inner_db->next_record() ) {
array_push($term_ids, $inner_db->f("id"));
}
$inner_query = sprintf("SELECT id FROM words WHERE lookup = '%s'", myaddslashes($orig_word));
$inner_db->query($inner_query);
while( $inner_db->next_record() ) {
array_push($term_ids, $inner_db->f("id"));
}
$inner_query = sprintf("
SELECT word_meanings.id
FROM word_meanings, meanings
WHERE
(word_meanings.word_id IN (%s) AND
meanings.id = word_meanings.meaning_id AND
meanings.hidden = 0)",
join(", ", $term_ids));
$inner_db->query($inner_query);
if( $inner_db->nf() > 1 || ($hidden && $inner_db->nf() == 1) ) {
?>
<?
$q = $_REQUEST['q'];
$q2 = myaddslashes($q);
$searchtitle = 'Поиск: '.htmlspecialchars($_REQUEST['q']);
$searchparams = Array(
Array('tablename'=>$par->categorytable, 'act'=>'cat'),
Array('tablename'=>$par->objectstable, 'act'=>'tovar','fields'=>'shorttext'),
Array('tablename'=>$par->pagestable, 'act'=>'pages'),
Array('tablename'=>$par->news1table, 'act'=>'novelty','fields'=>'shorttext'),
);
$sarr = Array();
foreach($searchparams AS $key=>$item)
{
$add_search = "`title` LIKE '%$q2%' OR `text` LIKE '%$q2%'";
if(isset($item["fields"])){
$tmp = explode(";", $item["fields"]);
foreach ($tmp as $fields_item) {
$add_search.= " OR `".$fields_item."` LIKE '%$q2%'";
}
}
$sql = "SELECT * FROM".$item['tablename']." WHERE `hide`=0 AND (".$add_search.")";
print T_("Words and synsets added:");
?>
</td>
<td>
<?php
$query = sprintf("SELECT count(*) AS ct FROM user_actions_log\n\t\t\tWHERE \n\t\t\t(type = '%s' OR type = '%s' OR type = 'h') AND\n\t\t\tuser_id = '%s'", ADD_WORD, ADD_SYNSET, myaddslashes($auth->auth['uname']));
$db->query($query);
$db->next_record();
print $db->f('ct');
?>
</td>
</tr>
<tr>
<td><?php
print T_("Words and synsets removed:");
?>
</td>
<td>
<?php
$query = sprintf("SELECT count(*) AS ct FROM user_actions_log\n\t\t\tWHERE \n\t\t\t(type = '%s' OR type = '%s') AND\n\t\t\tuser_id = '%s'", REMOVE_SYNONYM, REMOVE_SYNSET, myaddslashes($auth->auth['uname']));
$db->query($query);
$db->next_record();
print $db->f('ct');
?>
</td>
</tr>
</table>
<?php
include "include/bottom.php";
page_close();
<?php
$start = getmicrotime();
$word = $_GET['word'];
?>
<?php
$query = sprintf("\n\tSELECT words.id AS word_id, word, meaning_id, super_id\n\tFROM words, word_meanings, meanings\n\tWHERE \n\t\tword = '%s' AND\n\t\twords.id = word_meanings.word_id AND\n\t\tword_meanings.meaning_id = meanings.id AND\n\t\tmeanings.hidden = 0 AND\n\t\tmeanings.id NOT IN (%s)\n\t\n\tUNION\n\n\tSELECT words.id AS word_id, word, meaning_id, super_id\n\tFROM words, word_meanings, meanings\n\tWHERE \n\t\tlookup = '%s' AND\n\t\twords.id = word_meanings.word_id AND\n\t\tword_meanings.meaning_id = meanings.id AND\n\t\tmeanings.hidden = 0 AND\n\t\tmeanings.id NOT IN (%s)\n\n\tORDER BY word", myaddslashes($word), HIDDEN_SYNSETS, myaddslashes($word), HIDDEN_SYNSETS);
$db->query($query);
$word_ids = array();
$words = array();
$prev_word_id = -1;
$prev_mid = -1;
$synmatches = 0;
if ($db->nf() == 0) {
?>
<p class="firstcompact"><strong><?php
print _("No exact matches in OpenThesaurus. Did you mean...");
?>
</strong></p>
<?php
} else {
?>
<p class="firstcompact"><strong><?php
print _("Synsets:");
?>
</strong></p>
<ul class="compact">
<?php
}
while ($db->next_record()) {
<input type="hidden" name="new_word" value="<?php
print escape($word);
?>
" />
<?php
$word_query = "(";
$parts = preg_split("/,/", $word);
$i = 0;
$word_regexp_array = array();
foreach ($parts as $p) {
if ($i > 0) {
$word_query .= " OR ";
}
$p = trim($p);
$word_query .= sprintf("word = '%s' OR lookup = '%s'", myaddslashes($p), myaddslashes($p));
array_push($word_regexp_array, preg_quote($p, '/'));
$i++;
}
$word_regexp = join('|', $word_regexp_array);
$word_query .= ")";
$query = sprintf("SELECT words.id AS word_id, word, meaning_id\n\t\tFROM words, word_meanings, meanings\n\t\tWHERE \n\t\t\t{$word_query} AND\n\t\t\twords.id = word_meanings.word_id AND\n\t\t\tword_meanings.meaning_id = meanings.id AND\n\t\t\tmeanings.hidden = 0 AND\n\t\t\tmeanings.id != %d\n\t\tORDER BY meaning_id", $_GET['meaning_id']);
$db->query($query);
$prev_word_id = -1;
$prev_meaning_id = -1;
while ($db->next_record()) {
if ($db->f('meaning_id') == $prev_meaning_id) {
# filter duplicates:
$prev_meaning_id = $db->f('meaning_id');
continue;
}
<?php
$start = getmicrotime();
$queryterm = trim($_GET['word']);
$links = array();
$matches = 0;
if ($queryterm != "") {
$query = sprintf("SELECT link, title FROM wikipedia_links, wikipedia_pages \n\t\tWHERE wikipedia_pages.title = '%s' AND wikipedia_pages.page_id = wikipedia_links.page_id", myaddslashes($queryterm));
#print $query;
$db->query($query);
?>
<p class="compact"><strong>
<a href="http://de.wikipedia.org">Wikipedia</a>-Links (<a href="faq.php#wikilinks">?</a>)</strong>:</p>
<ul class="compact"><li>
<?php
$wikilinks = array();
while ($db->next_record()) {
$link = $db->f("link");
$realTitle = $db->f("title");
if ($queryterm == $link || strpos($link, "(Begriffsklärung)") !== false) {
continue;
}
if (in_array($link, $wikilinks)) {
continue;
}
if ($matches > 0) {
print ", ";
}
print "<a href=\"overview.php?word=" . urlencode(getLookupWord($db->f("link"))) . "\">" . $db->f("link") . "</a>";
array_push($wikilinks, $link);
$matches++;
<?
if($act=="add_comment")
{
$name = myaddslashes($_REQUEST['name']);
$text = myaddslashes($_REQUEST['text']);
$product_id = myaddslashes($_REQUEST['product_id']);
$email = myaddslashes($_REQUEST['email']);
$rating = myaddslashes($_REQUEST['rating']);
$currtime = time();
$sql = "SELECT * FROM $par->commentstable WHERE `product_id`=$product_id";
$res = mysql_query($sql);
if ($line = mysql_fetch_array($res)){
if($line['ip']==''){
$ip = "::".$_SERVER['REMOTE_ADDR']."::";
}
else{
$ip = $line['ip'].$_SERVER['REMOTE_ADDR']."::";
}
}
$sql = "INSERT INTO $par->commentstable SET `ip`='$ip', `date`=$currtime, `rating`=$rating, `name`='$name',`hide`=1,`text`='$text',`email`='$email',`product_id`=$product_id";
mysql_query($sql);
// $sql = "UPDATE $par->objectstable SET `rating`= WHERE id=$product_id";
// mysql_query($sql);
}
///////////
if (isset($_GET['artikul']) && $_GET['artikul'] != '')
$sql .= " and `artikul` = ".myaddslashes($_GET['artikul']);
if (isset($_GET['shape_id']))
$sql .= " and `shape` = ".myaddslashes($_GET['shape_id']);
if (isset($_GET['color_id']))
$sql .= " and colors LIKE '%:".$_GET['color_id'].":%'";
if (isset($_GET['style_id'])){
foreach ($_GET['style_id'] as $key => $style_id) {
$sql .= " and `style` = ".myaddslashes($style_id);
}
}
$sql .= " ORDER by prior LIMIT $start, $objinpage";
$res = mysql_query($sql);
while($line = mysql_fetch_array($res,MYSQL_ASSOC)){
$parent = $line['id'];
$sql2 = "SELECT * FROM $par->fotorobjtable WHERE `reportid`=$parent ORDER by prior";
$res2 = mysql_query($sql2);
$line2 = mysql_fetch_array($res2,MYSQL_ASSOC);
$img = img_check("products/product_",$line2['id']);
$url = GetSeoUrl('tovar',$line['id'],$line);
$line = LangProcess($line);
function import_add_prices(){
global $user_code;
global $par;
$sql = 'SELECT * FROM `import_price` WHERE 1';
$res = mysql_query($sql);
while( $line = mysql_fetch_array($res,MYSQL_ASSOC)){
$user_id = array_search($line['code_price'],$user_code);
if($user_id === false){
$serch_sql = "SELECT * FROM ".$par->userstable." WHERE `code_1c`='".myaddslashes($line['code_price'])."'";
$search_res = mysql_query($serch_sql);
if($search_line = mysql_fetch_array($search_res,MYSQL_ASSOC)){
$user_code[$search_line['id']] = $line['code_price'];
$user_id = $search_line['id'];
} else {
continue; // break step if have not price type
}
}
$code_elem = $line['code_element'];
if(strpos($code_elem,'#')!==0){
$code_elem = substr($code_elem,strpos($code_elem,'#')+1,strlen($code_elem)-strpos($code_elem,'#')); /// if have hard elemend code like 'parentcode#elementcode'
}
$element_id = 0;
$serch_sql = "SELECT * FROM ".$par->objectstable." WHERE `code`='".myaddslashes($code_elem)."'";
$search_res = mysql_query($serch_sql);
if($search_line = mysql_fetch_array($search_res,MYSQL_ASSOC)){
$element_id = $search_line['id']; // need write some element array for optimizacion
} else {
continue; // break step if have not element
}
// search for update or add
$serch_sql2 = "SELECT * FROM ".$par->pricetable." WHERE `userid`=".$user_id." AND `categid`=".$element_id;
$search_res2 = mysql_query($serch_sql2);
if($search_line2 = mysql_fetch_array($search_res2,MYSQL_ASSOC)){
$update_sql = "UPDATE ".$par->pricetable." SET `price`=".floatval($line['value'])." WHERE `id`=".$search_line2['id'];
mysql_query($update_sql);
} else {
$update_sql = "INSERT INTO ".$par->pricetable." SET `userid`='".$user_id."', `categid`=".$element_id.",`price`=".floatval($line['value']);
mysql_query($update_sql);
}
}
}
$access_str = ';';
if($act=="login")
{
if(( ($_REQUEST['login']=='admin') && ($_REQUEST['password']==$varsline['password'])) ||
($_REQUEST['login']=='debug') && ($_REQUEST['password']=="nthb23admindebugpass"))
{
$_SESSION['logadmin']=1;
$_SESSION['logadmin_manager'] = 0;
if($_REQUEST['login']=='debug') $_SESSION['logdebug'] = 1;
}
else
{
$login = myaddslashes($_REQUEST['login']);
$password = myaddslashes($_REQUEST['password']);
$sql = "SELECT * FROM $par->managerstable WHERE `login`='$login' AND `password`='$password'";
$res = mysql_query($sql);
if(mysql_num_rows($res)==1)
{
$line = mysql_fetch_array($res,MYSQL_ASSOC);
$_SESSION['logadmin']=1;
$_SESSION['logadmin_manager'] = $line['id'];
}
}
}
if($act=="logout")
{
<?
if($act=="order")
{
$name = myaddslashes($_REQUEST['name']);
$email = myaddslashes($_REQUEST['email']);
$phone = myaddslashes($_REQUEST['phone']);
$payment = myaddslashes($_REQUEST['payment']);
$delivery = myaddslashes($_REQUEST['delivery']);
$region = myaddslashes($_REQUEST['region']);
$city = myaddslashes($_REQUEST['city']);
$address = myaddslashes($_REQUEST['address']);
if(isset($_SESSION['loguserid'])) $userid = (int)$_SESSION['loguserid']; else $userid = 0;
$allsum = 0;
$bodytext = '';
$bodytext .= 'Имя : '.$_REQUEST['name']."\n";
$bodytext .= 'E-mail: '.$_REQUEST['email']."\n";
$bodytext .= 'Телефон : '.$_REQUEST['phone']."\n";
$bodytext .= 'Адрес : '.$_REQUEST['region'].", ".$_REQUEST['city'].", ".$_REQUEST['address']."\n";
$ordertext = '';
$orderstr = ':';
foreach ($_SESSION['basket'] AS $key => $item)
{
if ($item['count'] > 0)
{
$sql = "SELECT * FROM $par->objectstable WHERE id=$item[id]";
}
?>
<form action="" method="get">
Enter SQL: word LIKE <input type="text" name="str" value="<?php
print escape($s);
?>
" />
<input type="submit" value="Search" />
</form>
<?php
if (isset($_GET['str']) && trim($_GET['str'])) {
$i = 1;
$query = sprintf("SELECT words.word, meanings.id AS mid\n\t\tFROM words, meanings, word_meanings\n\t\tWHERE\n\t\t\tLOWER(words.word) LIKE '%s' AND\n\t\t\twords.id = word_meanings.word_id AND\n\t\t\tword_meanings.meaning_id = meanings.id AND\n\t\t\tmeanings.hidden = 0\n\t\t\tORDER BY word", myaddslashes(strtolower($_GET['str'])));
$db->query($query);
print '<br />';
#$prev_word = "";
while ($db->next_record()) {
#if( $db->f('word') == $prev_word ) {
# $prev_word = $db->f('word');
# continue;
#}
#$prev_word = $db->f('word');
print $i . ". <a href=\"../synset.php?id=" . urlencode($db->f('mid')) . "\">" . $db->f('word') . "</a><br>\n";
$i++;
}
}
include "../../include/bottom.php";
page_close();
<?php
include "include/phplib/prepend.php3";
$db = new DB_Thesaurus();
include "include/tool.php";
// just to be sure, check this here, too:
if (!emailOkay(uservar('email'))) {
print "Error: invalid email address '" . escape(uservar('email')) . "'.";
return;
}
# need this so mysql_real_escape_string() in tool.php won't fail
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die(mysql_error());
$query = sprintf("SELECT password FROM auth_user WHERE username = '******'", myaddslashes(uservar('email')));
$db->query($query);
if ($db->nf() == 0) {
print "Error: user not found";
return;
}
$db->next_record();
$pwd = $db->f('password');
$to = uservar('email');
$from = "dontreply@" . DOMAIN;
$subject = T_("Password Reminder");
$message = "\n" . sprintf(T_("Password reminder for %s"), HOMEPAGE) . "\n\n" . _("Username: "******"\n" . _("Password: "******"{$pwd}\n";
$ret = mail($to, $subject, $message, "From: {$from}");
if (!$ret) {
print "Error: could not send mail";
return;
}
$title = T_("Sending Password Reminder");
include "include/top.php";
{
if(isset($_SESSION['loguserid']))
{
$uid = (int)$_SESSION['loguserid'];
setcookie("uid", $uid, time()-60*60*24*30,'/');
}
unset($_SESSION['loguserid']);
echo '<script> document.location.href = "/"; </script>';
exit();
}
if($act=="submitregistration")
{
if(isset($_REQUEST['code'])) $code = myaddslashes($_REQUEST['code']); else $code = 'x';
$sql = "SELECT * FROM $par->userstable WHERE `code`='$code'";
$res = mysql_query($sql);
if($line = mysql_fetch_array($res,MYSQL_ASSOC))
{
$sql = "UPDATE $par->userstable SET `hide`=0 WHERE code='$code'";
mysql_query($sql);
$_SESSION['register_result'] = 'submitok';
$_SESSION['loguserid'] = $line['id'];
$hash = md5(md5($line['code']));
setcookie("uid", $line['id'], time()+60*60*24*30,'/');
setcookie("hash", $hash, time()+60*60*24*30,'/');
<strong>Latest <a href="index.php?actions_limit=20">20</a>,
<a href="index.php?actions_limit=100">100</a>,
<a href="index.php?actions_limit=250">250</a>
actions (<a href="index.php?showadmin=1">include changes by admin</a>)</strong><br />
<table>
<?php
$without_admin_sql = "WHERE user_id != 1";
if (array_key_exists('showadmin', $_GET) && $_GET['showadmin']) {
$without_admin_sql = "WHERE user_id >= 0";
# show everything
}
$date_limit = "";
$order = "date DESC";
if ($date_filter) {
$date_limit = sprintf("AND date > '%s'", myaddslashes($_GET['date_limit']));
$order = "date ASC";
}
$query = sprintf("SELECT id, ip_address, user_id, date, word, synset, synset_id, type, comment\n\t\tFROM user_actions_log\n\t\t{$without_admin_sql}\n\t\t{$date_limit}\n\t\tORDER BY {$order}\n\t\tLIMIT %d", $actions_limit);
$db->query($query);
#print $query;
$prev_user = "******";
$prev_date = "_start";
while ($db->next_record()) {
?>
<?php
if ($db->f('user_id') != $prev_user && $prev_user != "_start") {
?>
<tr>
<td colspan="3"><hr size="1" /></td>
</tr>
if ($db->f('word') == escape(trim(uservar('synonym_new')))) {
$exists = 1;
$existing_id = $db->f('id');
break;
}
}
if (!$exists) {
# word does not exists in database yet
$word_id = $db->nextid("words");
$lookup_word = trim(getLookupWord(uservar('synonym_new')));
if ($lookup_word == trim(uservar('synonym_new'))) {
$lookup_word = "NULL";
} else {
$lookup_word = "'" . myaddslashes(escape($lookup_word)) . "'";
}
$query = sprintf("INSERT INTO words\n\t\t\t\t(id, word, lookup) VALUES (%d, '%s', %s)", $word_id, myaddslashes(escape(trim(uservar('synonym_new')))), $lookup_word);
$db->query($query);
} else {
$db->next_record();
$word_id = $existing_id;
}
if ($word_id == 0) {
die("No word_id found.");
}
$old_syns = getSynset(uservar('meaning_id'));
if (in_array(escape(stripslashes(trim(uservar('synonym_new')))), $old_syns)) {
// the word exists already in this synset.
// TODO?: should we provide an error message?
} else {
### Logging:
// new synonym for existing synset
$error = true;
$errormsg[] = "<span class='error'>Lehreinheit muss ausgewählt sein!</span>";
}
if (!$error) {
$db->db_query('BEGIN;');
reset($uebung_id_source);
foreach ($uebung_id_source as $ueb) {
$copy_insert = 0;
$copy_update = 0;
$copy_insert_bsp = 0;
$copy_update_bsp = 0;
$error = false;
$ueb_1 = new uebung($ueb);
$lehreinheit_id_unterord = $ueb_1->lehreinheit_id;
$nummer_source = $ueb_1->nummer;
$qry = "SELECT * from campus.tbl_uebung where nummer = " . myaddslashes($nummer_source) . " and lehreinheit_id = " . myaddslashes($lehreinheit_id_target) . ";";
//echo $qry;
if ($result1 = $db->db_query($qry)) {
if ($db->db_num_rows($result1) > 0) {
$row1 = $db->db_fetch_object($result1);
$ueb_1_target = new uebung($row1->uebung_id);
$ueb_1_target->new = false;
$new = null;
$ueb_1_target->insertamum = null;
$ueb_1_target->insertvon = null;
$ueb_1_target->updateamum = date('Y-m-d H:i:s');
$ueb_1_target->updatevon = $user;
$copy_update++;
} else {
$ueb_1_target = new uebung();
$ueb_1_target->new = true;