function getCrsDefsAsArray($s) { $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_crs` WHERE Code = " . returnDefault($s, 'text'); $data = getDataFromSQL($sql, __FILE__, "details", __FUNCTION__); if ($data['Count'] != 1) { exit; } else { return $data; } }
} else { $sql .= returnDefault($login, 'Name') . ", "; } $sql .= returnDefault(getCryptedPwd($login, $password), 'text') . ", "; $sql .= returnDefault($country, 'list') . ", "; $sql .= returnDefault($contact, 'text') . ", "; $sql .= "Now(), "; $sql .= returnDefault($register_language, 'list') . ", "; $sql .= "1, "; $sql .= returnDefault($alert_for_news, 'checkbox') . ", "; $sql .= returnDefault($latitude, 'latlng') . ", "; $sql .= returnDefault($longitude, 'latlng') . ", "; $sql .= returnDefault($default_lat, 'text') . ", "; $sql .= returnDefault($default_lng, 'text') . ", "; $sql .= returnDefault($default_zoom, 'text') . ", "; $sql .= returnDefault($activation_code, 'text') . ")"; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $new_id = $req['mysql_insert_id']; $defaultUserGroup = 3; $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_caver_group` "; $sql .= "(`Id_caver`, `Id_group`)"; $sql .= " VALUES ("; $sql .= $new_id . ", " . $defaultUserGroup . ") "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); if (!defined('NO_PHPBB_INSTALLED')) { addphpBBuser($login, $password, $contact, $language); } sendActivationMail($contact, $login, $password, $new_id, $activation_code); trackAction("insert_user", $new_id, "T_caver"); $save_failed = false; } else {
if ($isNew == "True") { $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_massif` "; $sql .= "(`Id_author`, `Name`, `Date_inscription`)"; $sql .= " VALUES ("; $sql .= $_SESSION['user_id'] . ", "; $sql .= returnDefault($name, 'text') . ", "; $sql .= "Now()) "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $nid = $req['mysql_insert_id']; trackAction("insert_massif", $nid, "T_massif"); } else { $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_massif` "; $sql .= " SET "; $sql .= "Locked = 'NO', "; $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", "; $sql .= "Name = " . returnDefault($name, 'text') . ", "; $sql .= "Date_reviewed = Now() "; $sql .= "WHERE Id = " . $id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` "; $sql .= "WHERE `Id_massif` = " . $id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); trackAction("edit_massif", $id, "T_massif"); } if ($list != "") { if ($isNew == "True") { $onid = $nid; } else { $onid = $id; } $arrList = explode("|", $list);
header('Expires: ' . EXPIRATION_DATE); header('Content-type: application/json; charset=utf-8'); $iso = isset($_GET['iso']) ? urldecode(stripslashes($_GET['iso'])) : Select_default; $iso = isset($_POST['iso']) ? urldecode(stripslashes($_POST['iso'])) : $iso; $crs_language = isset($_GET['lng']) ? ucfirst(urldecode(stripslashes($_GET['lng']))) : ucfirst($_SESSION['language']); $crs_language = isset($_POST['lng']) ? ucfirst(urldecode(stripslashes($_POST['lng']))) : $crs_language; $supported_languages = array('Fr', 'En', 'Es', 'De'); $crs_language = in_array($crs_language, $supported_languages) ? $crs_language : 'En'; $sql = "SELECT DISTINCT IFNULL(co." . $crs_language . "_name, '*World') AS country, crs.Code AS code, crs.Definition AS def FROM `" . $_SESSION['Application_host'] . "`.`T_crs` crs "; $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_country_crs` cc ON cc.Id_crs = crs.Id "; $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_country` co ON co.Iso = cc.Iso "; $sql .= "WHERE crs.Code = 'WGS84' OR (crs.Enabled = 'YES' "; if ($iso == Select_default) { $sql .= ") "; } else { $sql .= "AND ((cc.Iso IS NULL) OR cc.Iso = " . returnDefault($iso, 'text') . ")) "; } $sql .= "ORDER BY co." . $crs_language . "_name"; $result = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); $num = $result["Count"]; $js_var = "{" . "\n"; $country = ''; $started = false; $cstart = false; if ($num > 0) { while (list($k, $crs) = each($result)) { if ($crs['code'] != '' && $crs['def'] != '') { if ($country != $crs['country']) { $country = $crs['country']; if ($started) { $js_var .= "}," . "\n";
} //Save the pwd : if (isset($_POST['save_pwd'])) { $password = isset($_POST['c_caver_password']) ? $_POST['c_caver_password'] : ''; $new_password = isset($_POST['c_caver_new_password']) ? $_POST['c_caver_new_password'] : ''; $key = isset($_POST['c_key']) ? $_POST['c_key'] : ''; $password = crypt_xor(stripslashes($password), $key); $new_password = crypt_xor(stripslashes($new_password), $key); $login = addslashes($_SESSION['user_login']); $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver` "; $sql .= "WHERE `Id` = " . $_SESSION['user_id'] . " "; $sql .= "AND `Password` = '" . getCryptedPwd($login, $password) . "'"; $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); if ($data['Count'] > 0) { $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver` "; $sql .= "SET `Password` = " . returnDefault(getCryptedPwd($login, $new_password), 'text') . " "; $sql .= "WHERE `Id` = " . $_SESSION['user_id']; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); if (!defined('NO_PHPBB_INSTALLED')) { chgPwdphpBBuser($login, $new_password); } $pwd_saved = true; } else { $pwd_saved = false; } } } if (allowAccess(caver_delete_himself)) { //Delete an account : if (isset($_POST['delete_user'])) { $password = isset($_POST['d_caver_password']) ? $_POST['d_caver_password'] : '';
$sql .= $onid . ", "; //$sql .= returnDefault($cave_min_depth, 'float').", "; //$sql .= returnDefault($cave_max_depth, 'float').", "; $sql .= returnDefault($cave_depth, 'float') . ", "; $sql .= returnDefault($cave_length, 'float') . ", "; $sql .= returnDefault($cave_diving, 'checkbox') . ", "; $sql .= returnDefault($cave_temperature, 'float') . ") "; } else { $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_single_entry` "; $sql .= " SET "; //$sql .= "`Min_depth` = ".returnDefault($cave_min_depth, 'float').", "; //$sql .= "`Max_depth` = ".returnDefault($cave_max_depth, 'float').", "; $sql .= "`Depth` = " . returnDefault($cave_depth, 'float') . ", "; $sql .= "`Length` = " . returnDefault($cave_length, 'float') . ", "; $sql .= "`Temperature` = " . returnDefault($cave_temperature, 'float') . ", "; $sql .= "`Is_diving` = " . returnDefault($cave_diving, 'checkbox') . " "; $sql .= "WHERE `Id` = " . $onid; } $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $save_failed = false; $type = "menu"; } else { if (isset($_GET['id'])) { $id = isset($_GET['id']) ? $_GET['id'] : ''; if (takeOver("entry", $id) && $id != "") { $sql = "SELECT ey.*, ce.Id_cave, mc.Id_massif FROM `" . $_SESSION['Application_host'] . "`.`T_entry` ey "; $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_cave_entry` ce ON ey.Id = ce.Id_entry "; $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_massif_cave` mc ON ey.Id = mc.Id_entry "; $sql .= "WHERE ey.Id = " . $id; $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); if ($data['Count'] > 0) {
$longitude = isset($_GET['nlng']) ? $_GET['nlng'] : ''; $showMe = "True"; } else { $showMe = "False"; } } } } if ($type == "logo") { $id = isset($_GET['id']) ? $_GET['id'] : ''; if (takeOver("grotto", $id) && $id != "") { if (isset($_GET['logo_changed']) && $_GET['logo_changed'] == "true") { $logo_file = isset($_GET['logo_name']) ? $_GET['logo_name'] : ''; $logo_file = urldecode($logo_file); $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_grotto` SET "; $sql .= "Picture_file_name = " . returnDefault($logo_file, 'text') . ", "; $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", "; $sql .= "Date_reviewed = Now() "; $sql .= "WHERE Id = " . $id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); } $sql = "SELECT Name, Picture_file_name FROM `" . $_SESSION['Application_host'] . "`.`T_grotto` WHERE Id = " . $id; $result = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); $logo_file = $result[0]['Picture_file_name']; $grotto_name = $result[0]['Name']; $parameters = "&cancel=True&cid=" . $id . "&ccat=grotto"; } else { $locked = true; $type = "menu"; } }
//Update the entry contribution flag $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_entry` "; $sql .= "SET Has_contributions = 'YES' "; $sql .= "WHERE Id = " . $id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); //Send an e-mail to the answered person if ($id_answered != "" && $ncat == "comment") { $get_answered_sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_comment` WHERE Id = " . $id_answered; $answered_array = getDataFromSQL($get_answered_sql, __FILE__, $frame, __FUNCTION__); if ($answered_array[0]["Alert"] == "YES") { alertForCommentReply($id_answered, $nid, $category, $id); } } if ($ncat == "rigging" || $ncat == "description") { $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_entry_" . $ncat . "` (Id_entry, Id_" . $ncat . ") VALUES ( "; $sql .= returnDefault($id, 'id') . ", "; $sql .= $nid . " "; $sql .= ") "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); } $save_failed = false; } } $contributionSaved = !$save_failed && (isset($_POST['save']) || isset($_POST['new'])); } if ($contributionSaved) { if ($caverRelevance < 0) { $scoreMessage = '<div class="error">'; } else { $scoreMessage = '<div class="warning">'; }
$attachment_file = urldecode($attachment_file); if (isset($_GET['uploaded']) && $_GET['uploaded'] == "true") { if ($attachment_file != "") { $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_file` "; $sql .= "(Id_author, Date_inscription, Name, Path) VALUES ("; $sql .= returnDefault($_sess_user_id, 'id') . ", "; $sql .= "Now(), "; $sql .= returnDefault($original_attachment_file, 'text') . ", "; $sql .= returnDefault($_SESSION['Application_url'] . '/upload/attachments/' . $attachment_file, 'text') . ") "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $file_id = $req['mysql_insert_id']; trackAction("insert_file", $file_id, "T_file"); $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_author_file` "; $sql .= "(Id_author, Id_file) VALUES ("; $sql .= returnDefault($uploaded_author_id, 'id') . ", "; $sql .= returnDefault($file_id, 'id') . ") "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); } } elseif (isset($_GET['deleted']) && $_GET['deleted'] == "true") { $file_id = isset($_GET['file_id']) ? $_GET['file_id'] : ''; if ($file_id != "") { $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_author_file` WHERE Id_file = " . $file_id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); trackAction("delete_file", $file_id, "T_file"); $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`T_file` WHERE Id = " . $file_id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); } } } } $sql = "SELECT DISTINCT T_file.Id AS File_id, T_file.Path, T_author.Id, T_author.Validated, T_topography.Id_author, T_status.Name AS Status_name ";
$caver_contact = $data[0]['Contact']; } else { $type = "caver"; } } else { $type = "caver"; } } } if ($type == "caver_prop") { $activated = isset($_GET['Activated']) ? $_GET['Activated'] : ''; $banned = isset($_GET['Banned']) ? $_GET['Banned'] : ''; $id = isset($_GET['id']) ? $_GET['id'] : ''; $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver` SET "; $sql .= "Activated = " . returnDefault($activated, "text") . ", "; $sql .= "Banned = " . returnDefault($banned, "text") . " "; $sql .= "WHERE `Id` = " . $id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $save_failed = false; $type = "caver"; } } ?> <script type="text/javascript"> <?php echo getCDataTag(true); ?> //Gona need those functions : switchDOM(); var namesArray = []; <?php switch ($type) {
function insertWarning($warning, $frame, $comment) { $warning = addslashes($warning); $comment = addslashes($comment); $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_warning` "; $sql .= "(`Id_caver`, `Date`, `Warning`, `Frame`, `Comment`) VALUES "; $sql .= "(" . returnDefault($_SESSION['user_id'], 'text'); $sql .= ",Now(),"; $sql .= returnDefault($warning, 'text') . ","; $sql .= returnDefault($frame, 'text') . ","; $sql .= returnDefault($comment, 'text') . ")"; $req = execSQL($sql, "function", __FILE__, __FUNCTION__); $id = $req['mysql_insert_id']; return $id; }
include "mailfunctions_" . $_SESSION['language'] . ".php"; $type = isset($_GET['type']) ? $_GET['type'] : 'manual'; $activated = false; $manu_err = false; $id = ""; $login = ""; $code = ""; $helpId = array("activation" => 18); if (isset($_POST['activate']) || $type == "auto") { if ($type == "auto") { $id = isset($_GET['i']) ? $_GET['i'] : ''; $code = isset($_GET['c']) ? $_GET['c'] : ''; } else { $code = isset($_POST['a_code']) ? $_POST['a_code'] : ''; $login = isset($_POST['a_login']) ? $_POST['a_login'] : ''; $sql = "SELECT Id FROM T_caver WHERE Login = "******"") { $manu_err = true; } } if (!$manu_err) { $activated = activateAccount($id, $code); } } echo getDoctype(false) . "\n"; ?> <html <?php echo getHTMLTagContent(); ?>
$sql .= $_SESSION['user_id'] . ", "; $sql .= returnDefault($name, 'text') . ", "; $sql .= returnDefault($link, 'url') . ", "; $sql .= returnDefault($comments, 'text') . ", "; $sql .= "Now()) "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $nid = $req['mysql_insert_id']; trackAction("insert_url", $nid, "T_url"); } else { $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_url` "; $sql .= " SET "; $sql .= "Locked = 'NO', "; $sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", "; $sql .= "Name = " . returnDefault($name, 'text') . ", "; $sql .= "Url = " . returnDefault($link, 'url') . ", "; $sql .= "Comments = " . returnDefault($comments, 'text') . ", "; $sql .= "Date_reviewed = Now() "; $sql .= "WHERE Id = " . $id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_entry_url` "; $sql .= "WHERE `Id_url` = " . $id; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); trackAction("edit_url", $id, "T_url"); } if ($isNew == "True") { $onid = $nid; } else { $onid = $id; } if ($list != "") { $arrList = split('[|]+', $list);
} if ($subject == "bad_content" || $subject == "restore_element") { $subject .= "; Category: " . $category; } if ($bad_name != "") { $subject .= "; Id: " . $bad_name; } sendMessageToWM($admin_id, $contact, $real_mail, $name, $subject, nl2br($body)); if ($category == 'topography' && $bad_name != '') { $sql = "SELECT Id FROM T_status WHERE Name = 'canceled'"; $status_id = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_topography` SET Enabled = 'NO' WHERE Id_request = " . $bad_name; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $user_login = $_SESSION['user_login'] == '' ? "guest" : $_SESSION['user_login']; $date_stamp = '---- <convert>#label=230<convert>: ' . $user_login . ' ' . date("Y-m-d H:i:s") . ' ----'; $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_request` SET Id_status = " . returnDefault($status_id[0]['Id'], 'id') . ", Comments = " . returnDefault($date_stamp . "\n" . $body, 'text') . " WHERE Id = " . $bad_name; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); trackAction("edit_request", $bad_name, "T_request"); sendRequestMail($bad_name); } $send_failed = false; } } function formIsValid() { $string = isset($_POST['m_check']) ? $_POST['m_check'] : ''; $check = True; $check = $check && (md5(getIp() . strtolower($string)) == $_SESSION['userCheck'] || USER_IS_CONNECTED); return $check; } if (!USER_IS_CONNECTED) {
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__); if ($isMassifed == "YES") { if ($isNewMassif == "YES") { $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_massif` "; $sql .= "(`Id_author`, `Name`, `Date_inscription`)"; $sql .= " VALUES ("; $sql .= $_SESSION['user_id'] . ", "; $sql .= returnDefault($cave_name, 'text') . ", "; $sql .= "Now()) "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $massif_id = $req['mysql_insert_id']; trackAction("insert_massif", $massif_id, "T_massif"); } $sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_massif_cave` (`Id_massif`, `Id_cave`, `Id_entry`) VALUES ("; $sql .= returnDefault($massif_id, 'text') . ", "; $sql .= returnDefault($onid, 'text') . ", "; $sql .= "0) "; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); } $save_failed = false; $type = "menu"; } else { if (isset($_GET['id'])) { $id = isset($_GET['id']) ? $_GET['id'] : ''; if (takeOver("cave", $id) && $id != "") { $sql = "SELECT ca.*, mc.Id_massif FROM `" . $_SESSION['Application_host'] . "`.`T_cave` ca "; $sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_massif_cave` mc ON ca.Id = mc.Id_cave "; $sql .= "WHERE ca.Id = " . $id; $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); if ($data['Count'] > 0) { $name = $data[0]['Name'];