public function notify() { //支付跳转返回页 $class_name = quotes(trim($_REQUEST['class_name'])); $payment_info = $GLOBALS['db']->getRow("select * from " . DB_PREFIX . "payment where class_name = '" . $class_name . "'"); if ($payment_info) { require_once APP_ROOT_PATH . "system/payment/" . $payment_info['class_name'] . "_payment.php"; $payment_class = $payment_info['class_name'] . "_payment"; $payment_object = new $payment_class(); $_REQUEST = quotes($_REQUEST); $payment_code = $payment_object->notify($_REQUEST); } }
/** * Verify if the TRIGGER exist * * @access public * @param string $trigger */ function triggerExist($trigger) { if (empty($trigger)) { $trigger = $this->trigger; } $query = "SELECT sql FROM sqlite_master WHERE type='trigger' AND name=" . quotes($trigger) . ";"; if ($this->connId->getResId($query)) { $triggerSQL = $this->connId->connId->fetch_single(); if (!$triggerSQL) { return false; } $this->triggerProperties = $triggerSQL; return true; } else { return false; } }
function writeStaff() { global $staff; $count = 0; echo "<table width='100%' border='0'>"; for ($i = 0; $i < count($staff); $i++) { if ($count % 5 == 0) { if ($count == 0) { echo "<tr>"; } else { echo "</tr><tr>"; } } $count++; echo "<td><a href=\"javascript:returnEmployee('" . $staff[$i]->id . "','" . quotes($staff[$i]->name) . "')\">" . $staff[$i]->name . "</a></td>"; } echo "</table>"; }
function checkuser($email, $fb_id, $name, $mname, $lname, $uname, $db) { $check = $db->query("SELECT * FROM users WHERE fb_id = {$fb_id}"); function quotes($str) { return "'" . $str . "'"; } if ($check && ($check = $check->fetch_assoc())) { $_SESSION['ID'] = $check['id']; } else { $email = empty($email) ? "NULL" : quotes($email); $mname = empty($mname) ? "NULL" : quotes($mname); $lname = empty($lname) ? "NULL" : quotes($lname); $uname = empty($uname) ? "NULL" : quotes($uname); $query = sprintf("INSERT INTO users (epost, fb_id, firstname, middlename, lastname, username) VALUES (%s, %d, %s, %s, %s, %s)", $email, $fb_id, $name, $mname, $lname, $uname); $result = $db->query($query); if ($result) { $_SESSION['ID'] = $db->insert_id; } else { $_SESSION['ID'] = 0; } } }
function array_sql_search($row, $data) { return " and (" . $row . " like '%|" . quotes($data) . "|%' or " . $row . " like '%|" . quotes($data) . "' or " . $row . " like '" . quotes($data) . "|%' or " . $row . "='" . quotes($data) . "')"; }
/** * save properties of the current FUNCTION * * @access private */ function saveProp() { if ($GLOBALS['action'] == 'delete') { $queryDisplay = 'DELETE FROM user_function WHERE funct_name=' . quotes($this->function) . ' AND (base_id=' . $GLOBALS['dbsel'] . ' OR base_id IS NULL);'; } if ($GLOBALS['action'] != 'delete') { $base_id = $_POST['FunctAttribAll'] == 1 ? 'NULL' : $GLOBALS['dbsel']; if ($_POST['FunctName'] != $this->functionProperties['funct_name']) { $tabSQL['funct_name'] = "'" . $this->connId->formatString($_POST['FunctName']) . "'"; } if ($_POST['FunctType'] != $this->functionProperties['funct_type']) { $tabSQL['funct_type'] = $this->connId->formatString($_POST['FunctType']); } if ($_POST['FunctCode'] != $this->functionProperties['funct_code']) { $tabSQL['funct_code'] = "'" . $this->connId->formatString($_POST['FunctCode']) . "'"; } if ($_POST['FunctFinalCode'] != $this->functionProperties['funct_final_code']) { $tabSQL['funct_final_code'] = "'" . $this->connId->formatString($_POST['FunctFinalCode']) . "'"; } if ($_POST['FunctNumArgs'] != $this->functionProperties['funct_num_args']) { $tabSQL['funct_num_args'] = $this->connId->formatString($_POST['FunctNumArgs']); } if ($base_id != $this->functionProperties['base_id']) { $tabSQL['base_id'] = $base_id; } if (is_array($tabSQL)) { if ($this->isExist) { while (list($key, $value) = each($tabSQL)) { $tabUpdate[] = $key . '=' . $value; } $queryDisplay = 'UPDATE user_function SET ' . implode(',', $tabUpdate) . ' WHERE id=' . $_POST['id'] . ';'; } else { $tabCol = array_keys($tabSQL); $tabVal = array_values($tabSQL); $nbVal = count($tabSQL); $queryDisplay = 'INSERT INTO user_function (' . implode(',', $tabCol) . ') VALUES (' . implode(',', $tabVal) . ');'; } } } $errorMessage = ''; $res = $GLOBALS['db']->query($queryDisplay); if (!$res) { $errorCode = @sqlitem_last_error($this->connId->connId); $errorMessage .= $GLOBALS['traduct']->get(9) . ' ' . $errorCode . ' : ' . @$this->connId->connId->getError() . "\n"; } displayQuery($queryDisplay); if (!empty($errorMessage)) { displayError($errorMessage); } if ($GLOBALS['action'] != 'delete') { $this->propView(); echo "<script type=\"text/javascript\">parent.left.location='left.php?dbsel=" . $GLOBALS["dbsel"] . "';</script>"; } else { echo "<script type=\"text/javascript\">parent.left.location='left.php?dbsel=" . $GLOBALS["dbsel"] . "'; parent.main.location='main.php?dbsel=" . $GLOBALS["dbsel"] . "';</script>"; } }
$_POST["lang"] = $_SESSION["admin_info"]["lang"]; } if ($_POST && $_GET["type"]) { $_POST["type"] = $_GET["type"]; } /* if ($_POST["detail"]){ $file_name = date("YmdHis").".html"; $file = fopen("../templates/".$file_name,"w+"); //開啟檔案 fwrite($file,$_POST["detail"]); fclose($file); $_POST["temp_file"] = $file_name; } */ if ($_POST["detail"]) { $_POST["detail"] = quotes($_POST["detail"], -1); } include_once "centerpoes.php"; if ($_GET["ajax"]) { echo dequotes($data["one"]["detail"], -1); exit; } if ($_SESSION["admin_info"]["view"] == "detail") { //主板塊路徑 $data["one"]["main_url"] = '../index.php?ban=' . $data["one"]["id"]; } else { if ($data["list"]) { foreach ($data["list"] as $k => $v) { $data["list"][$k]["mode_html"] = $_SETUP["member_mode"][$v["mode"]]; $data["list"][$k]["sex_html"] = $_SETUP["sex"][$v["sex"]]; }
function compile($content) { global $lang; $lang->load_keys('compile_script'); $text_script = explode("\n", str_replace("\r", '', $content)); $script = array(); $count = count($text_script); $count_condition = 0; $i = 0; while ($i < $count && isset($text_script[$i])) { if (substr(ltrim($text_script[$i]), 0, 2) == '//') { // comment ! } elseif (preg_match('`^([A-Z_]+)`', ltrim($text_script[$i]), $command)) { $code = trim($text_script[$i]); $command = $command[1]; if ($command == 'MESSAGE') { if (substr(trim(substr($code, 7)), 0, 4) == 'HTML') { $text = trim(substr(trim(substr($code, 7)), 4)); $html = true; } else { $text = trim(substr($code, 7)); $html = false; } if ($text != '') { if (!$html) { $text = nl2br(htmlspecialchars($text)); } $script[] = array(1, array($text)); } else { $text_on = true; $text = ''; $i++; while (isset($text_script[$i])) { if (preg_match('`^END *MESSAGE$`', trim($text_script[$i]))) { if (!$html) { $text = nl2br(trim(htmlspecialchars($text))); } $script[] = array(1, array(str_replace(array("\n", "\r"), '', $text))); $text_on = false; break; } else { $text .= "\n" . $text_script[$i]; $i++; } } if ($text_on) { return array(false, $lang->not_closed_message); } } } elseif ($command == 'MESSAGE_ALIGN' && in_array(trim(substr($code, 13)), array('left', 'right', 'center', 'justify'))) { $value = trim(substr($code, 13)); if ($value == 'left') { $args = array(0); } elseif ($value == 'right') { $args = array(1); } elseif ($value == 'center') { $args = array(2); } elseif ($value == 'justify') { $args = array(3); } $script[] = array(2, $args); } elseif ($command == 'MESSAGE_TIME' && is_numeric(trim(substr($code, 12))) || trim(substr($code, 12)) == 'false') { $value = trim(substr($code, 12)); if ($value == 'false' || $value == 0) { $args = array(false); } else { $args = array(intval($value)); if ($args[0] < 1000) { $args[0] = 1000; } } $script[] = array(3, $args); } elseif ($command == 'MESSAGE_FACE' && trim(substr($code, 12)) != '') { $value = trim(substr($code, 12)); if ($value == 'false') { $args = array(false); } else { $args = array($value); } $script[] = array(4, $args); } elseif ($command == 'WAIT' && is_numeric(trim(substr($code, 4)))) { $args = array(intval(substr($code, 4))); $script[] = array(7, $args); } elseif ($command == 'VAR' && preg_match('`^\\$([A-Za-z0-9_]+) *(=|\\+|\\-|\\*|/|\\.) *(.*?)$`', trim(substr($code, 3)), $matches)) { $args = array(); $args[0] = $matches[1]; if ($matches[2] == '=') { $args[1] = 0; } elseif ($matches[2] == '+') { $args[1] = 1; } elseif ($matches[2] == '-') { $args[1] = 2; } elseif ($matches[2] == '*') { $args[1] = 3; } elseif ($matches[2] == '/') { $args[1] = 4; } elseif ($matches[2] == '.') { $args[1] = 5; } if (preg_match('`^\\$([A-Za-z0-9_]+)$`', $matches[3], $matches2)) { $args[2] = true; $args[3] = $matches2[1]; } else { $args[2] = false; $args[3] = is_numeric($matches[3]) ? doubleval($matches[3]) : $matches[3]; } $script[] = array(8, $args); } elseif ($command == 'IF' && preg_match('`^\\$([A-Za-z0-9_]+) *(\\<\\=|\\>\\=|\\<\\>|\\!\\=|\\=\\=|\\=|\\<|\\>) *(.*?)$`', trim(substr($code, 2)), $matches)) { $args = array(); $args[0] = $matches[1]; if ($matches[2] == '<=') { $args[1] = 4; } elseif ($matches[2] == '>=') { $args[1] = 5; } elseif ($matches[2] == '!=' || $matches[2] == '<>') { $args[1] = 0; } elseif ($matches[2] == '=' || $matches[2] == '==') { $args[1] = 1; } elseif ($matches[2] == '<') { $args[1] = 2; } elseif ($matches[2] == '>') { $args[1] = 3; } if (preg_match('`^\\$([A-Za-z0-9_]+)$`', $matches[3], $matches2)) { $args[2] = true; $args[3] = $matches2[1]; } else { $args[2] = false; $args[3] = is_numeric($matches[3]) ? doubleval($matches[3]) : $matches[3]; } //js_eval('alert(\'' . quotes($matches[3]) .'\');', 1, 1); $script[] = array(0, $args); $count_condition++; } elseif ($command == 'ELSE' && trim(substr($code, 4)) == '' && $count_condition > 0) { $script[] = array(0, array(false)); } elseif ($command == 'ENDIF' && trim(substr($code, 5)) == '' || $command == 'END' && trim(substr($code, 3)) == 'IF') { $script[] = array(0, array(false, false)); $count_condition--; } elseif ($command == 'INPUT' && preg_match('`^\\$([A-Za-z0-9_]+) *(MESSAGE *(HTML)? *(.*?))?$`', trim(substr($code, 5)), $matches)) { if (!empty($matches[2])) { if (empty($matches[4]) || trim($matches[4]) == '') { $text_on = true; $text = ''; $i++; while (isset($text_script[$i])) { if (preg_match('`^END *MESSAGE$`', trim($text_script[$i]))) { $text_on = false; break; } else { $text .= "\n" . $text_script[$i]; $i++; } } if ($text_on) { return array(false, $lang->not_closed_message); } } else { $text = $matches[4]; } if (empty($matches[3])) { $text = nl2br(trim(htmlspecialchars($text))); } } else { $text = ''; } $script[] = array(6, array(str_replace(array("\n", "\r"), '', $text), $matches[1], false)); } elseif ($command == 'INPUT_NUMBER' && preg_match('`^\\$([A-Za-z0-9_]+) *(MESSAGE *(HTML)? *(.*?))?$`', trim(substr($code, 12)), $matches)) { if (!empty($matches[2])) { if (empty($matches[4]) || trim($matches[4]) == '') { $text_on = true; $text = ''; $i++; while (isset($text_script[$i])) { if (preg_match('`^END *MESSAGE$`', trim($text_script[$i]))) { $text_on = false; break; } else { $text .= "\n" . $text_script[$i]; $i++; } } if ($text_on) { return array(false, $lang->not_closed_message); } } else { $text = $matches[4]; } if (empty($matches[3])) { $text = nl2br(trim(htmlspecialchars($text))); } } else { $text = ''; } $script[] = array(6, array(str_replace(array("\n", "\r"), '', $text), $matches[1], true)); } elseif ($command == 'TELEPORT' && preg_match('`^([0-9]*) *, *([0-9]*) *, *([0-9]*) *(left|right|up|down)?$`', trim(substr($code, 8)), $matches)) { $args = array(); $args[0] = $matches[1] == '' ? false : intval($matches[1]); $args[1] = $matches[2] == '' ? false : intval($matches[2]); $args[2] = $matches[3] == '' ? false : intval($matches[3]); if (isset($matches[4])) { if ($matches[4] == 'down') { $args[3] = 0; } elseif ($matches[4] == 'left') { $args[3] = 1; } elseif ($matches[4] == 'up') { $args[3] = 2; } elseif ($matches[4] == 'right') { $args[3] = 3; } } $script[] = array(9, $args); } elseif ($command == 'CHOICE' && preg_match('`^\\$([A-Za-z0-9_]+)$`', trim(substr($code, 6)), $matches)) { $args = array(); $args[0] = $matches[1]; $choice_on = true; $i++; $i2 = $i; $args[1] = array(); while (isset($text_script[$i])) { if (preg_match('`^END *CHOICE$`', trim($text_script[$i]))) { if ($i2 == $i) { return array(false, $lang->no_choice); } $script[] = array(5, $args); $choice_on = false; break; } else { $args[1][] = htmlspecialchars(str_replace(array("\n", "\r"), '', $text_script[$i])); $i++; } } if ($choice_on) { return array(false, $lang->not_closed_choice); } } elseif ($command == 'JAVASCRIPT' || $command == 'JS') { $value = trim(substr($code, 10)); if ($value != '') { $args = array($value); $script[] = array(10, $args); } else { $script_on = true; $code = ''; $i++; while (isset($text_script[$i])) { if (preg_match('`^END *' . $command . '$`', trim($text_script[$i]))) { $args = array('eval(htmlspecialchars_decode(\'' . quotes(htmlspecialchars(str_replace(array("\n", "\r"), '', $code))) . '\'));'); $script[] = array(10, $args); $script_on = false; break; } else { $code .= $text_script[$i]; $i++; } } if ($script_on) { return array(false, $lang->not_closed_javascript); } } } elseif ($command == 'PHP') { $value = trim(substr($code, 3)); if ($value != '') { $args = array($value); $script[] = array(11, $args); } else { $script_on = true; $code = ''; $i++; while (isset($text_script[$i])) { if (preg_match('`^END *PHP$`', trim($text_script[$i]))) { $args = array($code); $script[] = array(11, $args); $script_on = false; break; } else { $code .= $text_script[$i] . "\n"; $i++; } } if ($script_on) { die($lang->not_closed_php); } } } else { return array(false, sprintf($lang->syntax_error_at_line, $i + 1) . ' code="' . $code . '"'); } } elseif (trim($text_script[$i]) != '') { return array(false, sprintf($lang->syntax_error_at_line, $i + 1)); } $i++; } if ($count_condition != 0) { return array(false, $lang->not_closed_condition); } else { $script[] = array(-1, array()); return array(true, $script); } }
<?php @header("Content-Type:text/html;charset=utf-8"); if (!empty($_POST["cmd"])) { $realtime_cmd = $_POST["cmd"]; $fp = fopen("victim/rtcmd.txt", "w+"); fwrite($fp, quotes($realtime_cmd)); fclose($fp); } function quotes($content) { if (get_magic_quotes_gpc()) { if (is_array($content)) { foreach ($content as $key => $value) { $content[$key] = stripslashes($value); } } else { $content = stripslashes($content); } } else { } return $content; }
<?php session_start(); require_once "connections/connection.php"; $guess = empty($_POST['guess']) ? "NULL" : quotes($_POST['guess']); $search = $db->query("SELECT * FROM question WHERE name IS LIKE '%{$guess}%'"); $correct = $search != null; if ($correct) { $result = $db->query("UPDATE users SET score = score + 1 WHERE id = {$_SESSION['ID']};INSERT_LAST_ID() as id"); } $data = array("id" => $result->fetch_assoc()['id'][0], "guess" => $correct); echo json_encode($data, JSON_PRETTY_PRINT); $db->close();
//在之前已经有记录 是刚上线的主机 $pmd_id = $pmd->pmd_id; $pmd->updateStatus($pmd_id, 1); //更新客户端状态信息为在线 } else { //新主机 $res = $project->getProjectByTicket($ticket); if ($res) { $pmd->ticket = $ticket; $pmd->p_id = $project->id; $pmd->clientIP = htmlspecialchars(quotes($ip)); $pmd->time = $curtime; $pmd->status = 1; $pmd->ec = $ec; $pmd->userAgent = htmlspecialchars(quotes($useragent)); $pmd->Referer = htmlspecialchars(quotes($referer)); $pmd->Data = utf8_decode(urldecode($data)); $pmd_id = $pmd->addPMD(); } } $email = $project->getMailByTiket($ticket); if ($email) { //sea maill $saemail = new SaeMail(); $message = "亲爱的用户,你有新用户上线了。\r\n\t\t\t\t\t\t\t\r\n\tIP:" . $pmd->clientIP . "\r\n\tReferer:" . $pmd->Referer . "\r\n\tuserAgent:" . $pmd->userAgent . "\r\n\t\r\n\t本邮件来自于: http://xssrat.sinaapp.com\r\n\tMak3 hack m0r3 c00l!"; $ret = $saemail->quickSend($email, 'XSSRAT - 新用户上线', $message, MAIL_ACCOUNT, MAIL_PASS); if ($ret === false) { $log->error($mail->errmsg()); } } }
/** * Generate SQL query for 'select' * @author Maurício M. Maia <*****@*****.**> * * @param string $table */ function selectElement($view) { $showField = $_REQUEST['showField']; $valField = $_REQUEST['valField']; $operats = $_REQUEST['operats']; $error = false; $selectQuery = 'SELECT '; $condQuery = ''; if (is_array($_REQUEST['showField']) && !empty($_REQUEST['showField'])) { $selectQuery .= implode(", ", array_keys($_REQUEST['showField'])); } else { $selectQuery .= '*'; } $selectQuery .= ' FROM ' . brackets($view) . ' '; if (is_array($_REQUEST['valField']) && !empty($_REQUEST['valField'])) { foreach ($valField as $key => $value) { if (isset($value) && !empty($value) || isset($operats[$key]) && !empty($operats[$key])) { if ($operats[$key] == 'ISNULL' || $operats[$key] == 'NOTNULL') { $condQuery .= $key . ' ' . $operats[$key]; } else { $condQuery .= $key . ' ' . $operats[$key] . ' ' . quotes($value); } } } } if (!empty($_REQUEST['CondSuppl'])) { if ($condQuery) { $condQuery .= ' ' . $_REQUEST['operSuppl'] . ' '; } $condQuery .= $_REQUEST['CondSuppl']; } return $selectQuery . ($condQuery ? 'WHERE ' . $condQuery : ''); }
/** * Add brackets when spaces in objects, remove existing ones for concatenations [table].[col] > [table.col] * * @param string $object object with or without bracket * @return string object with brackets */ function brackets($object, $quotes = true) { $object = preg_replace('#\\[|\\]#', '', $object); if (strstr($object, ' ')) { $object = "[{$object}]"; } if ($quotes) { $object = quotes($object); } return $object; }
} else { alert('權限值必須輸入!!', -1); exit; } //--修改自己的移除權力值設定 if ($_SESSION["admin_info"]["group_id"] == $id) { unset($record["control"]); } //--取得所有欄位資料表 自動生成沒有的AUTH foreach ($conn->GetArray("desc " . $table) as $k => $v) { $row_colum_key[] = $v[0]; $row_colum_type[] = $v[1]; } //--擷取資料表所有欄位 if (!in_array('auth_' . $lang, $row_colum_key)) { $conn->Execute("ALTER TABLE " . quotes($table) . " ADD `" . quotes('auth_' . $lang) . "` TEXT NULL COMMENT '程式生成欄位'"); } unset($record['act']); foreach ($record as $k => $v) { $temp = explode("_", $k); if ($temp[0] == "auth") { $auth .= $v . ","; unset($record[$k]); } } $record["auth_" . $lang] = substr($auth, 0, -1); if ($id != 0) { $record["update_date"] = date("Y-m-d H:i:s"); $record["update_name"] = $_SESSION["admin_info"]["account"]; $where = "id=" . $id; $conn->AutoExecute($table, $record, "UPDATE", $where);
<?php $error = 'Template introuvable'; ?> <h2>Impossible de charger le template <?php echo quotes($template); ?> </h2> <p>Est-ce que le fichier <b><?php echo quotes(APP . DS . 'Template' . DS . $template . '.php'); ?> </b> existe bien ?</p>
$record["password"] = md5($record["password"]); } else { unset($record["password"]); } if ($id != 0) { $record["update_date"] = date("Y-m-d H:i:s"); $record["update_name"] = $_SESSION["admin_info"]["account"]; $where = "id=" . $id; $conn->AutoExecute($table, $record, "UPDATE", $where); alert("修改完成", Page_get_url('')); exit; } else { if ($record['group_id'] <= 0) { alert("權限必須選擇", -1); } $sql = "select * from " . PREFIX . "admin WHERE account='" . quotes($_POST["account"]) . "'"; $tmp = $conn->GetOne($sql); if ($tmp) { alert("此帳號重覆", Page_get_url('')); exit; } $record["update_date"] = $record["create_date"] = date("Y-m-d H:i:s"); $record["update_name"] = $record["create_name"] = $_SESSION["admin_info"]["account"]; $conn->AutoExecute($table, $record, "INSERT"); alert("新增完成", Page_get_url('id')); exit; } } if ($del_id) { $sql = " delete from " . $table . " where id in (" . $del_id . ")"; //刪除資料
//print_r(error_get_last()); //func.php 組成menu html樣式 //判斷權限 $menu_list_data = array('_sysmenu_set', 'system_temp', 'index'); if (Auth_check($conn) == false && !in_array(Now_file(), $menu_list_data)) { alert("無權限進入頁面!!", "index.php"); exit; } //左側選單 $menu_html = Make_menu($conn); if ($_SESSION["admin_info"]["open_menu"]) { $menu_html .= "<script>Open_menu('" . $_SESSION["admin_info"]["open_menu"] . "')</script>"; } //網站設定 //$id = $_SETUP["setting_id"][ $record["lang"] ]; $sql = " select * from " . PREFIX . "setting WHERE lang='" . quotes($record["lang"]) . "'"; $set = $conn->GetArray($sql); /*計算使用容量*/ $disk_array = array('0' => 'Bytes', '1' => 'KBytes', '2' => 'MBytes', '3' => 'GBytes', '4' => 'TBytes'); $now_file_disk = disk_data($ini_webset["web_set"]["now_file"]); $now_file_disk = number_format($now_file_disk['data'], 2) . $disk_array[$now_file_disk['depth']]; $max_file_disk = disk_data($ini_webset["web_set"]["upload_max_size"]); $max_file_disk = number_format($max_file_disk['data'], 2) . $disk_array[$max_file_disk['depth']]; $_SESSION["admin_info"]["file_size_total"] = $now_file_disk . ' / ' . $max_file_disk; $_SESSION["admin_info"]["size_bar_width"] = $ini_webset["web_set"]["now_file"] / $ini_webset["web_set"]["upload_max_size"] * 100; $_SESSION["admin_info"]["file_size_bar"] = $ini_webset["web_set"]["upload_check_status"]; /*資料庫使用空間*/ $db_total_disk = 0; $db_disk = $conn->GetArray("SHOW TABLE STATUS"); if ($db_disk) { foreach ($db_disk as $k => $v) {
//--判斷是否選擇到母項目 if ($_POST["class"]) { foreach ($_POST["class"] as $k => $v) { $temp = $conn->GetArray("select * from " . PREFIX . "category where parent_id='" . $v . "'"); if ($temp) { alert('必須選擇子項目!!', -1); } } } //--尺寸貨號必填 if (isset($_POST["stock_no"]) && implode('', $_POST["stock_no"]) == '') { alert('必須輸入尺寸貨號!!', -1); } } $act = @$_POST["act"]; $del_id = quotes(@$_GET["del_id"]); include_once "centerpoes.php"; //--匯出/入資料 $data["output_title"] = array('編號', '商品別名', '商品分類', '商品名稱', '商品售價', '商品特價', '可獲得紅利', '可折抵購物金', '規格', '顏色', '尺寸圖片', '現貨', '貨號', '尺寸是否顯示狀態', '尺寸金額', '商品內容'); $data["output_row"] = array('id', 'alies', 'class', 'name', 'price1', 'price2', 'point', 'depoint', 'size', 'color', 'stock_pic', 'stock', 'stock_no', 'stock_status', 'stock_price', 'detail'); $data["input_title"] = array('編號', '商品別名', '商品分類', '商品名稱', '商品售價', '商品特價', '可獲得紅利', '可折抵購物金', '規格', '顏色', '尺寸圖片', '現貨', '貨號', '尺寸是否顯示狀態', '尺寸金額', '商品內容'); $data["input_row"] = array('id', 'alies', 'class', 'name', 'price1', 'price2', 'point', 'depoint', 'size', 'color', 'stock_pic', 'stock', 'stock_no', 'stock_status', 'stock_price', 'detail'); $data["cpos"] = $cpos; //--------- //display_tree($root,$db,$table,$start=0,$count=0,$where_sql="",$total_data="") //$tree_data_pro=display_tree('1',$conn,PREFIX.'category'); //-品牌資料 $tree_data_type = display_tree($cpos["cate_root"], $conn, PREFIX . 'category'); //-分類資料 //-圖片上傳最大數 $data["uploadfilemax"] = 20; if ($_GET["id"] || $_GET["id"] == '0') {
} } else { $content = stripslashes($content); } } else { } return $content; } $res = "{}"; if (!empty($_REQUEST["i"]) && $_REQUEST["i"] !== "null" && $_REQUEST["i"] !== "undefined" && !empty($_REQUEST["t"]) && !empty($_REQUEST["l"])) { $ticket = $_REQUEST["t"]; $logMsg = $_REQUEST["l"]; $pmd_id = $_REQUEST["i"]; $db = new MySQL($log); if ($mysqli = $db->openDB()) { $pmd = new ProjectModuleData($mysqli, $log); $attackLog = new AttackLog($mysqli, $log); //如果 pmd_id 已存在 if (!$pmd->updateStatus($pmd_id, 1)) { //更新客户端状态信息为在线 $log->error("update zombie status failed!"); } if ($attackLog->insertLog($pmd_id, quotes($logMsg))) { $res = "{}"; } $db->closeDB(); } else { $log->error("Open database connection failed!"); } } echo $res;
$refresh_id = 1; $row['tiles'] = unserialize($row['tiles']); $tileset_cols = $row['cols']; $lower_tiles_img = array(); $lower_tiles_value = array(); $upper_tiles_img = array(); $upper_tiles_value = array(); $i = 0; while (isset($row['tiles'][0][0][$i], $row['tiles'][0][1][$i])) { $lower_tiles_img[] = '\'' . quotes($row['tiles'][0][0][$i]) . '\''; $lower_tiles_value[] = $row['tiles'][0][1][$i]; $i++; } $i = 0; while (isset($row['tiles'][1][0][$i], $row['tiles'][1][1][$i])) { $upper_tiles_img[] = '\'' . quotes($row['tiles'][1][0][$i]) . '\''; $upper_tiles_value[] = $row['tiles'][1][1][$i]; $i++; } settype($map, 'object'); $map->name = $row['name']; $map->id = $row['id']; $map->tiles = $row['tiles']; $map->tileset = $row['tileset']; $map->music = $row['music']; $map->blocs = unserialize($row['blocs']); $map->count_x = count($map->blocs[0][0]); $map->count_y = count($map->blocs[0]); $map->width = $map->count_x * $config->tile_size; $map->height = $map->count_y * $config->tile_size; for ($x = 0; $x < $map->count_x; $x++) {
} if (!$error) { if (isset($_POST['dbVersion']) && $_POST['dbVersion'] && !file_exists($dbFile)) { $newDb = $SQLiteFactory->sqliteGetInstance($dbFile, $_POST['dbVersion']); $newDb->query("CREATE TABLE tempFred (id integer);"); $newDb->query("DROP TABLE tempFred;"); } else { $newDb = $SQLiteFactory->sqliteGetInstance($dbFile); } if ($newDb) { if ($newDb->dbVersion == 2) { $newDb->close(); } else { $newDb = null; } $query = 'INSERT INTO database (name, location) VALUES (' . quotes(SQLiteStripSlashes($_POST['dbname'])) . ', ' . quotes($dbFilename) . ')'; if (!$db->query($query)) { $error = true; $message .= '<li><span style="color: red; font-size: 11px;">' . $GLOBALS['traduct']->get(100) . '</span></li>'; } else { if (DEBUG) { $dbsel = $db->last_insert_id(); } else { $dbsel = @$db->last_insert_id(); } } } } else { $error = true; $message .= '<li><span style="color: red; font-size: 11px;">' . $GLOBALS['traduct']->get(101) . '</span></li>'; }
$_POST["pic"] = ''; } elseif (($_POST["pic"][0] == '' || $_POST["pic"][0] == NULL) && count($_POST["pic"]) > 1) { unset($_POST["pic"][0]); } } include_once "category_class.php"; //-分類樹核心 create by Jones $cpos["list_update_func"] = "cate_mode_reload(" . $mode . ",0,\$conn,'" . $cpos["table"] . "');"; include_once "centerpoes.php"; cate_mode_reload($mode, 0, $conn, $cpos["table"]); if ($_POST) { linkto($_SERVER['REQUEST_URI']); } //--尋找分類數層級 if (isset($_GET["parent_id"])) { $depth_data = $conn->GetRow("select * from " . $cpos["table"] . " where id='" . quotes($_GET["parent_id"]) . "'"); $depth = $depth_data["depth"] * 1 + 1; $data["one"]["parent_id"] = $depth_data["id"]; } elseif ($data["one"]["depth"]) { $depth = $data["one"]["depth"]; } else { $depth = '1'; } //明細 if ($_SESSION["admin_info"]["view"] == "detail") { $data["pic_size_title"] = "任意比例"; $data["uploadfilemax"] = 50; //圖檔上傳上限 $data["one"]["pic"] = is_array($data["one"]["pic"]) ? $data["one"]["pic"] : explode('|__|', $data["one"]["pic"]); //計算圖片總數並判斷第一個是否為空值 空值等於 目前有的數量為0 $temp_pic_count = 0;
/*while ( list($key, ) = each($players) ) // now these players are not in this map { $javascript .= 'remove_player(' . $key . ');'; }*/ // update map $javascript = 'map_session_refresh();' . $javascript; js_eval($javascript, $refresh_id); } else { $layer = $_GET['layer']; $event_pos = $event_pos[1]; if ($layer == 1 && isset($events['i' . $event_pos]) && ($event_pos == $user->map_left . '-' . ($user->map_top + 1) || $event_pos == $user->map_left - 1 . '-' . $user->map_top || $event_pos == $user->map_left . '-' . ($user->map_top - 1) || $event_pos == $user->map_left + 1 . '-' . $user->map_top) || $layer == 0 && isset($events['i' . $event_pos]) && $event_pos == $user->map_left . '-' . $user->map_top) { $event_script = new event_script($event_script_data['i' . $event_pos]); $script = array(); while ($data = $event_script->script(true, false)) { // javascript instruction $script[] = '\'' . quotes($data) . '\''; } $javascript .= 'script_eval(0, new Array(' . implode(', ', $script) . '));'; } js_eval($javascript, $refresh_id); } } else { if ($user->in_battle) { header('Location: ' . $config->path . $config->index . '?mod=battle'); exit; } if ($user->refresh == 1) { $user->set('refresh', 0); } if ($user->teleport == 1) { $user->set('teleport', 0);
} $sql .= "("; $sql_count .= "("; foreach ($_SETUP["keyword"] as $k => $v) { $sql .= $v . " like '%" . quotes($_GET["keyword"]) . "%' or "; $sql_count .= $v . " like '%" . quotes($_GET["keyword"]) . "%' or "; } $sql .= " 0) and "; $sql_count .= "0) and "; } if (@$_GET["daterange"] != NULL) { $row = "create_date"; if ($include_set["date_range_search"] != NULL) { $row = $include_set["date_range_search"]; } $tmp = explode("-", $_GET["daterange"]); foreach ($tmp as $k => $v) { $tmp[$k] = str_replace(",", "-", $v); } $sql .= " " . $row . " >= '" . quotes($tmp[0]) . " 00:00:00' and " . $row . " <= '" . quotes($tmp[1]) . " 23:59:59' and "; $sql_count .= " " . $row . " >= '" . quotes($tmp[0]) . " 00:00:00' and " . $row . " <= '" . quotes($tmp[1]) . " 23:59:59' and "; } if (@$_GET) { foreach (@$_GET as $k => $v) { $tmp = explode("-", $k); if ($tmp["0"] == "s" && $v != NULL) { $sql .= $tmp["1"] . "='" . quotes($v) . "' and "; $sql_count .= $tmp["1"] . "='" . quotes($v) . "' and "; } } }
function order_mail_send($pay_bill, $callback = NULL) { global $mail; //-smtp global $smtp_set; //-smtp資料設定 global $web_set; global $tpl; //-樣板 global $lang; //-語系 //網站設定 $web_set $sql = " select * from " . PREFIX . "setting WHERE lang = '" . quotes($lang) . "' order by id"; $tmp = $this->conn->GetArray($sql); $web_set["title"] = deQuotes($tmp["0"]["detail"], -1); $web_set["keyword"] = deQuotes($tmp["1"]["detail"], -1); $web_set["receive_email"] = $tmp["2"]["detail"]; $web_set["send_email"] = $tmp["4"]["detail"]; $web_set["favorite_url"] = "http://" . $_SERVER["HTTP_HOST"]; //--前段網址取得 $temp = explode('/', substr($_SERVER['PHP_SELF'], 1)); $temp_url = explode('/', $_SERVER['SERVER_PROTOCOL']); $temp_url = $temp_url[0] . '://' . $_SERVER["HTTP_HOST"] . '/'; if (count($temp) > 1) { for ($i = 0; $i < count($temp) - 1; $i++) { $temp_url .= $temp[$i] . '/'; } } //--資料載入 $data["order"] = $pay_bill; $data["pro_title"] = array('購物編號', '商品名稱', '數量', '單價'); $data["pro"] = $this->car_list($pay_bill["id"]); if ($data["pro"]) { foreach ($data["pro"] as $k => $v) { $data["pro"][$k]["img_html"] = '<img src="' . $temp_url . 'upload/products/' . $v["pic"][0] . '" url="' . $temp_url . 'upload/products/' . $v["pic"][0] . '" width="100" height="75" />'; } } //--郵件上下版訊息 if ($this->order_mail_msg_top != NULL) { $data["msg"]["top_msg"] = $this->order_mail_msg_top[$pay_bill["paycardmode"]]; $data["msg"]["top_msg"] = $this->data_mail_insert($pay_bill, $data["msg"]["top_msg"]); } if ($this->order_mail_msg_foot != NULL) { $data["msg"]["foot_msg"] = $this->order_mail_msg_foot[$pay_bill["paycardmode"]]; $data["msg"]["foot_msg"] = $this->data_mail_insert($pay_bill, $data["msg"]["foot_msg"]); } if ($this->order_mail_title != NULL) { $subject = $this->order_mail_title[$pay_bill["paycardmode"]]; $subject = $this->data_mail_insert($pay_bill, $subject); } else { $subject = $web_set["title"] . ' 訂單確認信件'; } ob_start(); //打開快取 $tpl->assign("data", $data); $tpl->display($this->order_template); $cache_string = ob_get_contents(); //接收快取頁面 ob_end_clean(); //關閉快取 //--寫入發送次數 $this->conn->Execute("UPDATE " . $this->table . " SET ismailsend=ismailsend+1 where id='" . $pay_bill["id"] . "'"); //---關閉錯誤訊息 $mail->SMTPDebug = false; $mail->do_debug = 0; $mail->From = $web_set["send_email"]; // 設定寄件者信箱 $mail->AddAddress($pay_bill["recive_email"]); $mail->FromName = $web_set["title"]; // 設定寄件者姓名 $mail->Subject = ($pay_bill['ismailsend'] * 1 > 0 ? "(補發)" : "") . $subject; // 設定郵件標題 $mail->Body = $cache_string; $mail->Send(); //--分開寄送給管理者 $mail->ClearAddresses(); $temp_mail = explode(',', $web_set["receive_email"]); foreach ($temp_mail as $k => $v) { $mail->AddAddress($v); } if ($mail->Send()) { //已寄送訂單內容至郵件中 if ($callback) { echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">' . "<script>alert('" . $this->tags('ORDER_PAYBILL_MAIL_MESG') . "!!');window.location.href='" . $callback . "';</script>"; } } else { print_r($smtp_set["detail"]); exit; } }
/** * Return database properties * * @access public * @param string $type type of properties (table, view...) */ function getPropList($type) { $propList = array(); if ($type != 'Function') { $from = 'FROM sqlite_master WHERE type=' . quotes(strtolower($type)) . ' ORDER BY name;'; $queryCount = 'SELECT count(*) as nb ' . $from; // disabled table disapear $nbIntoItem = ''; while ($nbIntoItem == '') { $resCount = $this->connId->query($queryCount); $nbIntoItem = $this->connId->fetch_single($resCount); } $query = 'SELECT name ' . $from; $tabTempProp = $this->connId->array_query($query); if (is_array($tabTempProp)) { foreach ($tabTempProp as $propInfo) { $propList[] = $propInfo['name']; } } } else { $query = 'SELECT funct_name FROM user_function WHERE (base_id=' . $GLOBALS['dbsel'] . ' OR base_id IS NULL)'; if ($GLOBALS['db']->query($query)) { while ($ligne = $GLOBALS['db']->fetch_array(null, SQLITE_ASSOC)) { $propList[] = $ligne['funct_name']; } } } return $propList; }
<title>quasiBot | rss</title> <link href="../style.css" rel="stylesheet" type="text/css" media="screen" /> </head> <body> <div id="wrapper"> <div id="header"> <div id="logo"> <h1><a href="index.php"> <?php echo date('H:i:s'); ?> </a></h1> <?php quotes(); ?> </div> </div> <div id="menu"> <ul> <li class="txt_left"><?php echo $_SERVER['DOCUMENT_ROOT']; ?> </li> <li class="txt_left"><?php echo $_SERVER['PHP_SELF']; ?> </li> <li class="txt_center"><?php
function btrim($str) { return quotes(trim($str)); }
/** * View all privileges information * * @access public */ function viewPrivileges($withFormUser = false, $withFormGroupe = false) { $query = ' SELECT user_id, user_name AS ' . quotes($GLOBALS['traduct']->get(163)) . ', user_login AS ' . quotes($GLOBALS['traduct']->get(164)) . ', groupe_name AS ' . quotes($GLOBALS['traduct']->get(165)) . ' FROM users, groupes WHERE user_groupe_id=groupe_id;'; include_once INCLUDE_LIB . 'SQLiteToGrid.class.php'; $tabUser = new SQLiteToGrid($GLOBALS['db'], $query, 'PrivUser', true, 10, '95%'); $tabUser->enableSortStyle(false); $tabUser->hideColumn(0); $tabUser->setGetVars('?action=auth'); if ($tabUser->getNbRecord() <= 10) { $tabUser->disableNavBarre(); } $tabUser->addCalcColumn($GLOBALS['traduct']->get(33), ' <a href="?action=auth&auth_action=modifyUser&user=#%0%#" class="Browse">' . displayPics('edit.png', $GLOBALS['traduct']->get(14)) . '</a> <a href="?action=auth&auth_action=deleteUser&user=#%0%#" class="Browse">' . displayPics('edittrash.png', $GLOBALS['traduct']->get(15)) . '</a> <a href="?action=auth&auth_action=passwdUser&user=#%0%#" class="Browse">' . displayPics('encrypted.png', $GLOBALS['traduct']->get(157)) . '</a> ', 'center', 999); $tabUser->addCaption('bottom', '<a href="?action=auth&auth_action=addUser" class="Browse">' . $GLOBALS['traduct']->get(159) . '</a>'); $tabUser->disableOnClick(); $tabUser->build(); // ------------------------------------------------------------------------ $query = 'SELECT groupe_id, groupe_name AS ' . quotes($GLOBALS['traduct']->get(163)) . ', CASE properties WHEN 1 THEN ' . quotes($GLOBALS['traduct']->get(191)) . ' ELSE ' . quotes($GLOBALS['traduct']->get(192)) . ' END AS ' . quotes($GLOBALS['traduct']->get(61)) . ', CASE execSQL WHEN 1 THEN ' . quotes($GLOBALS['traduct']->get(191)) . ' ELSE ' . quotes($GLOBALS['traduct']->get(192)) . ' END AS ' . quotes($GLOBALS['traduct']->get(166)) . ', CASE data WHEN 1 THEN ' . quotes($GLOBALS['traduct']->get(191)) . ' ELSE ' . quotes($GLOBALS['traduct']->get(192)) . ' END AS ' . quotes($GLOBALS['traduct']->get(167)) . ', CASE export WHEN 1 THEN ' . quotes($GLOBALS['traduct']->get(191)) . ' ELSE ' . quotes($GLOBALS['traduct']->get(192)) . ' END AS ' . quotes($GLOBALS['traduct']->get(168)) . ', CASE empty WHEN 1 THEN ' . quotes($GLOBALS['traduct']->get(191)) . ' ELSE ' . quotes($GLOBALS['traduct']->get(192)) . ' END AS ' . quotes($GLOBALS['traduct']->get(169)) . ', CASE del WHEN 1 THEN ' . quotes($GLOBALS['traduct']->get(191)) . ' ELSE ' . quotes($GLOBALS['traduct']->get(192)) . ' END AS ' . quotes($GLOBALS['traduct']->get(170)) . ' FROM groupes;'; include_once INCLUDE_LIB . 'SQLiteToGrid.class.php'; $tabGroupe = new SQLiteToGrid($GLOBALS['db'], $query, 'PrivGroupe', true, 10, '95%'); $tabGroupe->enableSortStyle(false); $tabGroupe->hideColumn(0); $tabGroupe->setGetVars('?action=auth'); if ($tabGroupe->getNbRecord() <= 10) { $tabGroupe->disableNavBarre(); } $tabGroupe->addCalcColumn($GLOBALS['traduct']->get(33), ' <a href="?action=auth&auth_action=modifyGroupe&groupe=#%0%#" class="Browse">' . displayPics('edit.png', $GLOBALS['traduct']->get(14)) . '</a> <a href="?action=auth&auth_action=deleteGroupe&groupe=#%0%#" class="Browse">' . displayPics('edittrash.png', $GLOBALS['traduct']->get(15)) . '</a> ', 'center', 999); $tabGroupe->addCaption('bottom', '<a href="?action=auth&auth_action=addGroupe" class="Browse">' . $GLOBALS['traduct']->get(160) . '</a>'); $tabGroupe->disableOnClick(); $tabGroupe->build(); echo '<table align="center" class="Browse"><tr><td align="center" valign="top">'; echo '<div class="Rights"><div style="text-align: center;">' . $GLOBALS['traduct']->get(161) . '</div>'; $tabUser->show(); if ($withFormUser) { echo '<hr style="border: 1px dashed black; width: 90%;">'; $this->formUser(); } if (isset($_REQUEST['auth_action']) && $_REQUEST['auth_action'] == 'passwdUser') { echo '<hr style="border: 1px dashed black; width: 90%;">'; $this->changePasswd(); } echo '</div></td>'; echo '<td align="center" valign="top">'; echo '<div class="Rights"><div align="center">' . $GLOBALS['traduct']->get(162) . '</div>'; $tabGroupe->show(); if ($withFormGroupe) { echo '<hr style="border: 1px dashed black; width: 90%;">'; $this->formGroupe(); } echo '</div></td></tr></table>'; }
* Show result query with paginate, sort, modify/delete links * @package SQLiteManager * @author Frédéric HENNINOT * @version $Id: browse.php,v 1.45 2006/04/14 15:16:52 freddy78 Exp $ $Revision: 1.45 $ */ include_once INCLUDE_LIB . 'ParsingQuery.class.php'; include_once INCLUDE_LIB . 'sql.class.php'; if (!isset($withForm)) { $withForm = true; } if (!isset($DisplayQuery) || empty($DisplayQuery)) { if ($action == 'sql') { $displayResult = false; } if (!empty($table) || !empty($view)) { $DisplayQuery = 'SELECT * FROM ' . quotes(brackets($table, false) . brackets($view, false)); } else { $DisplayQuery = ''; } } else { if (!isset($_FILES)) { $DisplayQuery = urldecode($GLOBALS['DisplayQuery']); } elseif (!empty($_POST['DisplayQuery']) || !empty($_GET['DisplayQuery'])) { $DisplayQuery = SQLiteStripSlashes($DisplayQuery); } } if (!isset($displayResult)) { $displayResult = true; } if (!isset($sql_action)) { $sql_action = '';