function getFileContent($m)
{
global $xmlrpcerruser;
global $xmlrpcString;
$file_name = $m->getParam(0);
$file_path = $m->getParam(1);
$file_name = $file_name->scalarval();
$file_path = $file_path->scalarval();
$sql = "SELECT * FROM `" . DB_PREFIX . DB_TBL_FILES . "` WHERE \n\t\t`name` = '" . mysql_escape_string($file_name) . "' AND \n\t\t`path` = '" . mysql_escape_string($file_path) . "'";
$sql = mysql_query($sql);
if (false == $sql) {
dbg();
my_die();
}
$aList = array();
while ($row = mysql_fetch_assoc($sql)) {
$aList[] = $row;
}
if (empty($aList)) {
return new xmlrpcresp(0, $xmlrpcerruser, 'file not exist');
}
$aList = current($aList);
if (!defined($aList['path'])) {
return new xmlrpcresp(0, $xmlrpcerruser, 'file path not correct (remote error)');
}
$response = saferead(constant($aList['path']) . '/' . $aList['name']);
// Возвращаем
$response = base64_encode($response);
return new xmlrpcresp(new xmlrpcval($response), $xmlrpcString);
}
function escape($string) {
return addslashes( $string ); // Disable rest for now, causing problems
if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' )
return mysql_escape_string( $string );
else
return mysql_real_escape_string( $string, $this->dbh );
}
function ViewLog()
{
global $db_host, $db_user, $db_pass, $db_name;
global $total, $page, $size, $view_size;
global $client_count_info, $client_from_info, $client_where_info, $client_select_info, $client_order_info;
$page = intval($_GET["page"]);
$role = $_GET["role"];
$Conn = mysql_connect($db_host, $db_user, $db_pass);
mysql_query("SET NAMES 'GBK'");
mysql_select_db($db_name, $Conn);
$role = mysql_escape_string($role);
$qs = "{$client_count_info} {$client_from_info} {$client_where_info} and clc.role_name = '{$role}'";
$result = mysql_query($qs);
$row = mysql_fetch_row($result);
$total = intval($row[0]);
$b = $page * $size - $size;
$e = $size;
printf("<p>查询条件是角色名: <b>{$role}</b><p>");
$qs = "{$client_select_info} {$client_from_info} {$client_where_info} and clc.role_name = '{$role}' {$client_order_info} limit {$b}, {$e}";
$result = mysql_query($qs);
$content = array();
while ($row = mysql_fetch_row($result)) {
$content[count($content)] = $row;
}
printf(GetClientLogHTML($content));
}
/**
* Функція для пошуку інформації про користувачів
*
* @param array $data Дані для пошуку (шуканий текст)
*/
public function searchArticles($data)
{
/*
* Оберігаю дані
*/
$text = strip_tags($data);
$text = mysql_escape_string($text);
/*
* Лайки-шукачі інформації)
*/
$where = "`text` LIKE '%{$text}%' OR `href` LIKE '%{$text}%' OR `en_text` LIKE '%{$text}%'";
$u = $this->db->select('bio_gr_articles', '*', $where);
/** Перевірка присутності результатів * */
/*
* Результати відсутні - виводимо відповідне повідомлення
*/
if ($this->db->getCount() == 0) {
print '<div class="alert alert-danger"><span class="glyphicon glyphicon-remove-circle"></span> За даним запитом не знайдено нічого</div>';
} else {
$users = '<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">';
$users .= '<ul class="list-group">';
for ($i = 0; $i < sizeof($u); $i++) {
$users .= '<li class="list-group-item">';
$users .= '' . $u[$i]['text'] . '<a href="' . $u[$i]['href'] . '">Link</a>';
$users .= '</li>';
}
$users .= '</ul>';
$users .= '</div>';
print $users;
}
}
function modul($posisi)
{
global $koneksi_db, $STYLE_INCLUDE, $SCRIPT_INCLUDE;
$total = 0;
$numb = 0;
if (isset($_GET['pilih'])) {
$pilih = mysql_escape_string(strip_tags($_GET['pilih']));
$numb = mysql_num_rows(mysql_query("SELECT `id` FROM `actions` WHERE `modul` = '{$pilih}'"));
$modulku = mysql_query("SELECT * FROM `actions` LEFT JOIN `modul` ON (`modul`.`id` = `actions`.`modul_id`) WHERE `actions`.`modul` = '{$pilih}' AND `actions`.`posisi` = '{$posisi}' ORDER BY `actions`.`order`");
$total = mysql_num_rows($modulku);
while ($viewmoduls = mysql_fetch_assoc($modulku)) {
if (file_exists($viewmoduls['isi']) && $viewmoduls['type'] == 'module') {
include $viewmoduls['isi'];
kotakjudul($viewmoduls['modul'], @$out, '');
$out = '';
}
if ($viewmoduls['type'] == 'block') {
kotakjudul($viewmoduls['modul'], $viewmoduls['isi'], '');
}
}
}
if ($total == 0 && $numb == 0) {
$modulku = $koneksi_db->sql_query("SELECT * FROM modul WHERE published= 1 AND posisi= '{$posisi}' ORDER BY ordering");
while ($viewmodul = $koneksi_db->sql_fetchrow($modulku)) {
if (file_exists($viewmodul['isi']) && $viewmodul['type'] == 'module') {
include $viewmodul['isi'];
kotakjudul($viewmodul['modul'], @$out, '');
$out = '';
}
if ($viewmodul['type'] == 'block') {
kotakjudul($viewmodul['modul'], $viewmodul['isi'], '');
}
}
}
}
function login()
{
global $dbsettings;
$link = opendb();
if (isset($_POST["submit"])) {
$query = doquery("SELECT * FROM {{table}} WHERE username='******' AND password='******' LIMIT 1", "users");
if (mysql_num_rows($query) != 1) {
die("Invalid username or password. Please go back and try again.");
}
$row = mysql_fetch_array($query);
if (isset($_POST["rememberme"])) {
$expiretime = time() + 31536000;
$rememberme = 1;
} else {
$expiretime = 0;
$rememberme = 0;
}
$cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme;
setcookie("dkgame", $cookie, $expiretime, "/", "", 0);
header("Location: index.php");
die;
}
$page = gettemplate("login");
$title = "Log In";
display($page, $title, false, false, false, false);
}
function clean($n)
{
$n = htmlentities($n);
$n = htmlspecialchars($n);
$n = mysql_escape_string($n);
return $n;
}
public function saveProtype($dataForm, $ptyleId = "")
{
global $mySession;
$db = new Db();
$data_update['ptyle_name'] = $dataForm['ptyle_name'];
if ($ptyleId == "") {
$chkQry = $db->runQuery("select * from " . PROPERTYTYPE . " where ptyle_name='" . mysql_escape_string(trim($dataForm['ptyle_name'])) . "'");
if ($chkQry != "" and count($chkQry) > 0) {
//if Property Type Name is exists than return false / 0
// No Data Inserted
return 0;
} else {
# If Property Type Name Not Already Exista.
# Insert New Record Into Database
$db->save(PROPERTYTYPE, $data_update);
return 1;
}
} else {
$chkQry = $db->runQuery("select * from " . PROPERTYTYPE . " where ptyle_name='" . mysql_escape_string(trim($dataForm['ptyle_name'])) . "' and ptyle_id!=" . $ptyleId);
if ($chkQry != "" and count($chkQry) > 0) {
return 0;
} else {
$condition = 'ptyle_id=' . $ptyleId;
$result = $db->modify(PROPERTYTYPE, $data_update, $condition);
return 1;
}
}
}
function article_inp($data)
{
$date = date('Y-m-d H:i:s');
$datetime = array();
if (!empty($data['postdate'])) {
$data['postdate'] = date("Y-m-d H:i:s", strtotime($data['postdate']));
} else {
$data['postdate'] = $date;
}
if (!empty($data['expired_date'])) {
$data['expired_date'] = date("Y-m-d H:i:s", strtotime($data['expired_date']));
} else {
$data['expired_date'] = '0000-00-00';
}
$data['title'] = mysql_escape_string($data['title']);
$data['brief'] = mysql_escape_string($data['brief']);
$data['content'] = mysql_escape_string($data['content']);
if ($data['action'] == 'insert') {
$query = "INSERT INTO \n\t\t\t\t\t\t{$this->prefix}_news_content (title,brief,content,image,file,categoryid,articletype,\n\t\t\t\t\t\t\t\t\t\t\t\tcreated_date,posted_date,expired_date,authorid,n_status)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $data['title'] . "','" . $data['brief'] . "','" . $data['content'] . "','" . $data['image'] . "'\n ,'" . $data['image_url'] . "','" . $data['categoryid'] . "','" . $data['articletype'] . "','" . $date . "'\n ,'" . $data['postdate'] . "','" . $data['expired_date'] . "','" . $data['authorid'] . "','" . $data['n_status'] . "')";
//pr($query);exit;
} else {
if ($data['categoryid'] == '1' && $data['articletype'] == '2' || $data['categoryid'] == '8') {
$date = $data['postdate'];
}
$query = "UPDATE {$this->prefix}_news_content\n\t\t\t\t\t\tSET \n\t\t\t\t\t\t\ttitle = '{$data['title']}',\n\t\t\t\t\t\t\tbrief = '{$data['brief']}',\n\t\t\t\t\t\t\tcontent = '{$data['content']}',\n\t\t\t\t\t\t\timage = '{$data['image']}',\n\t\t\t\t\t\t\tfile = '{$data['image_url']}',\n articletype = '{$data['articletype']}',\n\t\t\t\t\t\t\tposted_date = '{$data['postdate']}',\n expired_date = '{$data['expired_date']}',\n\t\t\t\t\t\t\tauthorid = '{$data['authorid']}',\n\t\t\t\t\t\t\tn_status = {$data['n_status']}\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tid = '{$data['id']}'";
}
// pr($query);
$result = $this->query($query);
return $result;
}
function ViewLog()
{
global $db_host, $db_user, $db_pass, $db_name;
global $total, $page, $size, $view_size;
global $server_count_info, $server_from_info, $server_select_info, $server_where_info, $server_order_info;
$page = intval($_GET["page"]);
$code = $_GET["code"];
$Conn = mysql_connect($db_host, $db_user, $db_pass);
mysql_query("SET NAMES 'GBK'");
mysql_select_db($db_name, $Conn);
$code = mysql_escape_string($code);
$qs = "{$server_count_info} {$server_from_info} {$server_where_info} and li.error_code = '{$code}'";
$result = mysql_query($qs);
$row = mysql_fetch_row($result);
$total = intval($row[0]);
$b = $page * $size - $size;
$e = $size;
printf("<p>查询条件是错误码: <b>{$code}</b><p>");
$qs = "{$server_select_info} {$server_from_info} {$server_where_info} and li.error_code = '{$code}' order by happened_time desc limit {$b}, {$e}";
$result = mysql_query($qs);
$content = array();
while ($row = mysql_fetch_row($result)) {
$content[count($content)] = $row;
}
printf(GetServerLogHTML($content));
}
}
private function esc_str($val)
{
if ($val == '') {
return 'NULL';
}
return "'" . mysql_escape_string($val) . "'";
function getSuggestions($keyword)
{
DbConnect();
$patterns = array('/\\s+/', '/"+/', '/%+/');
$replace = array('');
$keyword = preg_replace($patterns, $replace, $keyword);
if ($keyword != '' and preg_match('/^[ _a-zà-ÿA-ZÀ-ß0-9]*$/i', $keyword)) {
$keyword = mysql_escape_string($keyword);
$query = "SELECT name FROM game_items_factsheet WHERE name LIKE '" . $keyword . "%' ORDER BY BINARY name";
} else {
$query = "SELECT name FROM game_items_factsheet WHERE name=''";
}
$result = myquery($query);
$output = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
$output .= '<response>';
if ($result != false) {
if (mysql_num_rows($result)) {
while ($row = mysql_fetch_array($result)) {
$output .= '<name>' . iconv("Windows-1251", "UTF-8//IGNORE", $row['name']) . '</name>';
}
}
}
$output .= '</response>';
mysql_close();
return $output;
}
function getNotices()
{
// @fixme there should be a common func for this
if (common_config('db', 'type') == 'pgsql') {
if (!empty($this->out->tag)) {
$tag = pg_escape_string($this->out->tag);
}
} else {
if (!empty($this->out->tag)) {
$tag = mysql_escape_string($this->out->tag);
}
}
$weightexpr = common_sql_weight('fave.modified', common_config('popular', 'dropoff'));
$cutoff = sprintf("fave.modified > '%s'", common_sql_date(time() - common_config('popular', 'cutoff')));
$qry = "SELECT notice.*, {$weightexpr} as weight ";
if (isset($tag)) {
$qry .= 'FROM notice_tag, notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff} and notice.id = notice_tag.notice_id and '{$tag}' = notice_tag.tag";
} else {
$qry .= 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . "WHERE {$cutoff}";
}
$qry .= ' GROUP BY notice.id,notice.profile_id,notice.content,notice.uri,' . 'notice.rendered,notice.url,notice.created,notice.modified,' . 'notice.reply_to,notice.is_local,notice.source,notice.conversation, ' . 'notice.lat,notice.lon,location_id,location_ns,notice.repeat_of' . ' ORDER BY weight DESC';
$offset = 0;
$limit = NOTICES_PER_SECTION + 1;
$qry .= ' LIMIT ' . $limit . ' OFFSET ' . $offset;
$notice = Memcached_DataObject::cachedQuery('Notice', $qry, 1200);
return $notice;
}
function newCmtFormHlr($author = false, $email = false, $author_id = false, $article_id = false, $content = false, $date = false)
{
if ($content == false) {
$content = $_REQUEST['comment_text'];
}
if ($article_id == false) {
$article_id = $_REQUEST['id'];
}
$reg = Registry::instance();
$_hinfo = $reg->get('hamster_info');
$login_status = $reg->get('login_status');
if ($login_status == 3) {
$author = mysql_escape_string(htmlspecialchars($_hinfo['name']));
$email = '';
$author_id = intval($_hinfo['id']);
if ($_REQUEST['comment_text'] == '') {
return array();
}
require_once 'lib/markdown/markdown.php';
$content = Markdown(strip_tags($content));
} else {
$content = '<p>' . htmlspecialchars($content) . '</p>';
$email = mysql_escape_string(htmlspecialchars($_REQUEST['comment_email']));
if ($_REQUEST['comment_name'] != '' && $name == false) {
$author = mysql_escape_string(htmlspecialchars($_REQUEST['comment_name']));
} else {
$author = 'НЛО';
}
if (strpos($_REQUEST['comment_text'], 'http://') !== false || $_REQUEST['comment_text'] == '' || $_REQUEST['comment_sid'] != $_SESSION['comment_sid'] || !isset($_SESSION['comment_sid']) || time() - $_SESSION['comment_stamp'] < 2) {
return array();
}
}
$prs = array('author' => $author, 'email' => $email, 'author_id' => $author_id, 'article_id' => intval($article_id), 'content' => mysql_escape_string($content), 'date' => local2gm());
return $prs;
}
protected function _get_query_order($key, $value)
{
/**
* Returns an ORDER BY argument, given an argument from the query string.
*
* The return value of this function goes right after an 'ORDER BY', so it
* might be 'b.reporter ASC' or 'u.date_created DESC'.
*
* @param $key - The resource attribute on which the request says to sort. For
* example, if the QS parameter is 'sort-reporter', $key here will be
* 'reporter'.
* @param $value - The sense of the sort; 1 for ascending, -1 for descending.
*/
if ($key == 'reporter') {
$key .= '_id';
} elseif ($key == 'private') {
$key = 'view_state';
} elseif ($key == 'date_submitted' || $key == 'last_modified') {
$key = mysql_escape_string($key);
} else {
throw new HTTPException(500, "Can't sort bugnotes by attribute '{$key}'");
}
$sql = "n.{$key}";
if ($value == 1) {
$sql .= ' ASC';
} elseif ($value == -1) {
$sql .= ' DESC';
}
return $sql;
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = $theValue != "" ? intval($theValue) : "NULL";
break;
case "double":
$theValue = $theValue != "" ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = $theValue != "" ? "'" . date("Y-m-d", strtotime($theValue)) . "'" : "NULL";
break;
case "time":
$theValue = $theValue != "" ? "'" . date("H:i:s", strtotime($theValue)) . "'" : "NULL";
break;
case "datetime":
$theValue = $theValue != "" ? "'" . date("Y-m-d H:i:s", strtotime($theValue)) . "'" : "NULL";
break;
case "defined":
$theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
function login()
{
$username = $_POST['username'];
//防sql注入语句
//第一种方法:addslashes():使用反斜线引用特殊字符
//$username=addslashes($username);
//第二种方法:mysql_escape_string():转换一个字符串,用于mysql_query
$username = mysql_escape_string($username);
$password = md5($_POST['password']);
$sql = "select * from imooc_user where username='******' and password='******'";
/*以下语句打印出的sql语句,看出恶意攻击的sql注入
//如有人在账户名中输入“ ' or 1=1 # ”
//这段代码,那语句会变成select * from imooc_user where username='******' and password='******'
//那等于用户名为空或者1=1的sql语句,这句永远为空,则返回ture,那根据下面语句,就会直接登录
//echo $sql;exit;
*/
//$resNum=getResultNum($sql);
$row = fetchOne($sql);
//echo $resNum;
if ($row) {
$_SESSION['loginFlag'] = $row['id'];
$_SESSION['username'] = $row['username'];
$mes = "登陆成功!<br/>3秒钟后跳转到首页<meta http-equiv='refresh' content='3;url=index.php'/>";
} else {
$mes = "登陆失败!<a href='login.php'>重新登陆</a>";
}
return $mes;
}
function error($message, $title)
{
global $link, $game_config;
if ($game_config['debug'] == 1) {
echo "<h2>{$title}</h2><br><font color=red>{$message}</font><br><hr>";
echo "<table>" . $this->log . "</table>";
}
//else{
//A futuro, se creara una tabla especial, para almacenar
//los errores que ocurran.
global $user, $xnova_root_path, $phpEx;
include $xnova_root_path . 'config.' . $phpEx;
if (!$link) {
die('mySQL no esta disponible por el momento, sentimos el inconveniente...');
}
$query = "INSERT INTO {{table}} SET\n\t\t\t\t`error_sender` = '{$user['id']}' ,\n\t\t\t\t`error_time` = '" . time() . "' ,\n\t\t\t\t`error_type` = '{$title}' ,\n\t\t\t\t`error_text` = '" . mysql_escape_string($message) . "' ,\n\t\t\t\t`error_page` = '" . mysql_escape_string($_SERVER['HTTP_REFERER']) . "';";
$sqlquery = mysql_query(str_replace("{{table}}", $dbsettings["prefix"] . 'errors', $query)) or die('error fatal');
$query = "explain select * from {{table}}";
$q = mysql_fetch_array(mysql_query(str_replace("{{table}}", $dbsettings["prefix"] . 'errors', $query))) or die('error fatal: ');
if (!function_exists('message')) {
echo "Fehler, bitte den Fehler dem Administrator melden. Fehler n°: <b>" . $q['rows'] . "</b>";
} else {
message("Fehler, bitte den Fehler dem Administrator melden. Fehler n°: <b>" . $q['rows'] . "</b>", "Erreur");
}
//}
die;
}
function execute($array = array())
{
if (count($this->__boundParams) > 0) {
$array =& $this->__boundParams;
}
$__query = $this->__query;
if (count($array) > 0) {
foreach ($array as $k => $v) {
if (!is_int($k) || substr($k, 0, 1) === ':') {
if (!isset($tempf)) {
$tempf = $tempr = array();
}
array_push($tempf, $k);
array_push($tempr, '"' . mysql_escape_string($v) . '"');
} else {
$parse = create_function('$v', 'return \'"\'.mysql_escape_string($v).\'"\';');
$__query = preg_replace("/(\\?)/e", '$parse($array[$k++]);', $__query);
break;
}
}
if (isset($tempf)) {
foreach ($tempf as $k => $v) {
$search[$k] = '/' . preg_quote($tempf[$k], '`') . '\\b/';
}
$__query = preg_replace($search, $tempr, $__query);
}
}
if (is_null($this->__result =& $this->__uquery($__query))) {
$keyvars = false;
} else {
$keyvars = true;
}
$this->__boundParams = array();
return $keyvars;
}
function action()
{
$imie = mysql_escape_string($_REQUEST['imie']);
$nazwisko = mysql_escape_string($_REQUEST['nazwisko']);
$pesel = mysql_escape_string($_REQUEST['pesel']);
$adres = mysql_escape_string($_REQUEST['adres']);
$miasto = mysql_escape_string($_REQUEST['miasto']);
$kod = mysql_escape_string($_REQUEST['kod']);
$dl_prenum = mysql_escape_string($_REQUEST['dl_prenum']);
$today = date('Y-m-d');
$datapom = explode("-", $today);
$miesiac_waznosci = $datapom[1] + $dl_prenum;
$rok_waznosci = $datapom[0];
if ($miesiac_waznosci > 12) {
$miesiac_waznosci = $miesiac_waznosci - 12;
$rok_waznosci = $rok_waznosci + 1;
}
$data_waznosci = $rok_waznosci . "-" . $miesiac_waznosci . "-" . $datapom[2];
$tablica = array("imie_prenum" => $imie, "nazwisko_prenum" => $nazwisko, "pesel_prenum" => $pesel, "adres_prenum" => $adres, "miasto_prenum" => $miasto, "kod_prenum" => $kod, "data_wpisu" => $today, "data_waznosci" => $data_waznosci, "status_prenum" => 1);
var_dump($tablica);
$this->getDb()->insert("prenumerator", $tablica);
$prenum = $this->getDb()->fetchAll("select * from prenumerator");
$view = $this->getView();
$view->assign("klienci", $prenum);
$view->display("prenum.tpl");
}
public static function sess_write($sid, $sess_data)
{
if (self::$skip || checkSign(2)) {
return true;
}
$sess_data = MyReq::sessDecode($sess_data);
$sess_data['ip'] = mysql_escape_string($sess_data['ip']);
$sess_data['userinfo'] = mysql_escape_string(serialize($sess_data['userinfo']));
extract($sess_data);
include ROOT_PATH . "/include/config.php";
$reflash = $_SERVER["REQUEST_TIME"];
if (empty($username)) {
$username = "******";
}
if (empty($usertype)) {
$usertype = 1;
}
if (empty($usergroup)) {
$usergroup = 0;
}
self::$cnt = mysql_connect($setting['db']['host'], $setting['db']['user'], $setting['db']['pass']);
mysql_query("SET NAMES '" . $setting['db']['charset'] . "'", self::$cnt);
mysql_select_db($setting['db']['name']);
$result = mysql_query("REPLACE INTO " . $setting['db']['pre'] . "user_online (sid, ip, username, usertype, usergroup, reflash, url, userinfo) VALUES ('{$sid}', '{$ip}', '{$username}', '{$usertype}', '{$usergroup}', '{$reflash}', '{$url}', '{$userinfo}')", self::$cnt);
return $result;
}
function trunkalarmoptions_saveconfig()
{
require_once 'DB.php';
# clean up
$engine = mysql_escape_string($_POST['engine']);
$pbxname = mysql_escape_string($_POST['pbxname']);
# Make SQL thing
$sql = "UPDATE `trunkalarmoptions` SET";
$sql .= " `engine`='{$engine}',";
$sql .= " `pbxname`='{$pbxname}'";
$sql .= " `trunkemail`='{$trunkemail}'";
$sql .= " `trunkalarmext`='{$trunkext}'";
$sql .= " `trunkalarmnumber`='{$trunknumber}'";
$sql .= " LIMIT 1;";
$sql = "UPDATE `trunkalarmoptions` SET";
$sql .= " `engine`='{$engine}',";
$sql .= " `pbxname`='{$pbxname}'";
$sql .= " LIMIT 1;";
$sql = "UPDATE `trunkalarmoptions` SET";
$sql .= " `engine`='{$engine}',";
$sql .= " `trunkemail`='{$trunkemail}'";
$sql .= " LIMIT 1;";
$sql = "UPDATE `trunkalarmoptions` SET";
$sql .= " `engine`='{$engine}',";
$sql .= " `trunkalarmext`='{$trunkext}'";
$sql .= " LIMIT 1;";
$sql = "UPDATE `trunkalarmoptions` SET";
$sql .= " `engine`='{$engine}',";
$sql .= " `trunkalarmnumber`='{$trunknumber}'";
$sql .= " LIMIT 1;";
sql($sql);
needreload();
}
function EditPaymentGateway($payment_gateway_name, $payment_gateway_account, $payment_gateway_status)
{
global $db;
$record["payment_gateway_account"] = $payment_gateway_account;
$record["payment_gateway_status"] = $payment_gateway_status;
$db->AutoExecute('payment_gateway', $record, 'UPDATE', "payment_gateway_name ='" . mysql_escape_string($payment_gateway_name) . "'");
}
public function saveCurrency($dataForm, $currencyId = "")
{
global $mySession;
$db = new Db();
$data_update['currency_name'] = trim($dataForm['currency_name']);
$data_update['currency_code'] = strtoupper(trim($dataForm['currency_code']));
$data_update['exchange_rate'] = $dataForm['exchange_rate'];
$maxquery = $db->runQuery("select max(currency_order) as MAX from " . CURRENCY . " ");
if ($currencyId == "") {
$currencyId = 0;
}
$chkQry2 = $db->runQuery("select * from " . CURRENCY . " where currency_code='" . mysql_escape_string(trim($data_update['currency_code'])) . "' and currency_id!=" . $currencyId);
if ($chkQry != "" and count($chkQry) > 0) {
return 0;
} else {
if ($currencyId > 0) {
$condition = 'currency_id=' . $currencyId;
$db->modify(CURRENCY, $data_update, $condition);
return 1;
} else {
$data_update['currency_order'] = $maxquery[0]['MAX'] + 1;
$db->save(CURRENCY, $data_update);
return 1;
}
}
}
function run_in_background($command, $output, $taskID = null)
{
if ($this->onlineMode) {
$this->removeDeadProcessesFromQueue();
if (!isset($taskID)) {
mysql_query("insert ignore into task (cmd, output) values ('" . mysql_escape_string($command) . "','" . mysql_escape_string($output) . "')");
} else {
$runningProcessCount = mysql_num_rows(mysql_query("Select id from task where running=true"));
if ($runningProcessCount < $this->processLimit) {
mysql_query("update task set running=true where id=" . $taskID);
$this->startProcess($command, $output);
mysql_query("Delete from task where id=" . $taskID);
}
}
$sIndex = strrpos($output, '/');
if ($sIndex === false) {
$sIndex = strrpos($output, '\\');
}
if ($sIndex === false) {
$sIndex = strrpos($output, PATH_SEPARATOR);
}
if ($sIndex === false) {
$sIndex = -1;
}
return substr($output, $sIndex + 1);
} else {
return $this->startProcess($command, $output);
}
//sleep ( rand(5,10) ); // Sleep for 5 seconds so other taks don't get ran to quickly
}
function generate_rows($q)
{
global $db;
$rows = array();
$USERURL = new URL('userview');
for ($row = 0; $row < $q->rows(); $row++) {
$email = $q->field($row, 'email');
$criteria = $q->field($row, 'criteria');
$SEARCHENGINE = new SEARCHENGINE($criteria);
$r = $db->query("SELECT user_id,firstname,lastname FROM users WHERE email = '" . mysql_escape_string($email) . "'");
if ($r->rows() > 0) {
$user_id = $r->field(0, 'user_id');
$USERURL->insert(array('u' => $user_id));
$name = '<a href="' . $USERURL->generate() . '">' . $r->field(0, 'firstname') . ' ' . $r->field(0, 'lastname') . '</a>';
} else {
$name = $email;
}
$created = $q->field($row, 'created');
if ($created == '0000-00-00 00:00:00') {
$created = ' ';
}
$rows[] = array($name, $SEARCHENGINE->query_description_long(), $created);
}
return $rows;
}
function setOp()
{
if (isset($_GET["op"])) {
$this->op = mysql_escape_string($_GET["op"]);
switch ($this->op) {
case 'add':
$this->layout = "vista/geozona_form.phtml";
$this->tilSec = "Agregar Geo Zona";
break;
case 'mod':
$this->layout = "vista/geozona_form.phtml";
$this->tilSec = "Editar Geo Zona";
if (isset($_GET["id"])) {
$this->poligono = $this->poMP->find($_GET["id"]);
$this->puntos = $this->poMP->fetchPuntos($this->poligono->ID_POLIGONO);
}
break;
}
} else {
$this->layout = "vista/geozona.phtml";
if ($this->cp->cp->isAdmin() || $this->cp->cp->isSuperAdmin()) {
$this->poligonos = $this->poMP->fetchByCuenta($this->cp->getSession()->get("accountID"));
} else {
$this->poligonos = $this->poMP->fetchByUser($this->cp->getSession()->get("userID"));
}
}
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = $theValue != "" ? intval($theValue) : "NULL";
break;
case "double":
$theValue = $theValue != "" ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
function auth()
{
$id = mysql_escape_string($_POST['login']);
$password = mysql_escape_string($_POST['password']);
$query = mysql_query("SELECT * FROM tbl_auth WHERE id = '{$id}' and password ='******' limit 1");
if (mysql_num_rows($query) == 1) {
$_SESSION['auth'] = "1";
$_SESSION['id'] = $id;
$_SESSION['name'] = get_agency_name($id);
//this is the first time we use this function to pull the agency name.
$_SESSION['ses_start'] = date('Y-m-d-h-i-s');
$_SESSION['log_ip'] = $_SERVER['REMOTE_ADDR'];
log_activity('login');
load_index();
} else {
$error_message = 'Sorry, try again! (your ip address has been recorded)';
// This is an example of a generic log entry
$_SESSION['extra'] = $id;
//we set the extra var to the attemped user id
$_SESSION['log_ip'] = $_SERVER['REMOTE_ADDR'];
//we record the ip address
log_activity('failed login');
//we use a string to id the activity and write the log
// end of logging
show_login($error_message);
}
//echo $query;
}
public static function getAsJson($file, $force = false)
{
$json = array();
getimagesize($file, $info);
if (isset($info["APP13"])) {
$iptc = iptcparse($info["APP13"]);
if (isset($iptc['2#120'])) {
$caption = implode('|', $iptc['2#120']);
// nb: '|' should never actually appear
$caption = ensureUTF8($caption);
// since could be 'local' encoding
$caption = mysql_escape_string($caption);
// safety. stackoverflow.com/q/1162491
$json['caption'] = $caption;
}
if (isset($iptc['2#025'])) {
$json['keywords'] = $iptc['2#025'];
}
// keep as array
set_error_handler("ignoreAnyError", E_ALL);
// TOTEST, currently no exif enabled on localhost
if (function_exists('exif_read_data')) {
$json['exif'] = exif_read_data($tmpfile, 0, false);
}
// fails on a very few files (corrupt EXIF)
restore_error_handler();
}
Log::info("json for :" . $file);
Log::info($json);
return $json;
}