function get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field) { global $db; $ids = array(); $sql = "SELECT $id_field, $content_field, $uid_field, $bitfield_field FROM $table_name WHERE $content_field LIKE '%[/flash:%' AND $bitfield_field <> ''"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $uid = $row[$uid_field]; // thanks support toolkit $content = html_entity_decode_utf8($row[$content_field]); set_var($content, $content, 'string', true); $content = utf8_normalize_nfc($content); $bitfield_data = $row[$bitfield_field]; if (!is_valid_flash_bbcode($content, $uid) && has_flash_enabled($bitfield_data)) { $ids[] = (int) $row[$id_field]; } } $db->sql_freeresult($result); return $ids; }
function request_var($var_name, $default = '', $multibyte = false, $regex = '') { if (!isset($_REQUEST[$var_name]) || is_array($_REQUEST[$var_name]) && !is_array($default) || is_array($default) && !is_array($_REQUEST[$var_name])) { return is_array($default) ? w() : $default; } $var = $_REQUEST[$var_name]; if (!is_array($default)) { $type = gettype($default); $var = $var; } else { list($key_type, $type) = each($default); $type = gettype($type); $key_type = gettype($key_type); } if (is_array($var)) { $_var = $var; $var = w(); foreach ($_var as $k => $v) { if (is_array($v)) { foreach ($v as $_k => $_v) { set_var($k, $k, $key_type); set_var($_k, $_k, $key_type); set_var($var[$k][$_k], $_v, $type, $multibyte); } } else { set_var($k, $k, $key_type); set_var($var[$k], $v, $type, $multibyte); } } } else { set_var($var, $var, $type, $multibyte); } return $var; }
function login_func($xmlrpc_params) { global $auth, $user, $config, $db, $phpbb_root_path, $phpEx; $params = php_xmlrpc_decode($xmlrpc_params); $user->setup('ucp'); $username = $params[0]; $password = $params[1]; $viewonline = isset($params[2]) ? !$params[2] : 1; set_var($username, $username, 'string', true); set_var($password, $password, 'string', true); header('Set-Cookie: mobiquo_a=0'); header('Set-Cookie: mobiquo_b=0'); header('Set-Cookie: mobiquo_c=0'); $login_result = $auth->login($username, $password, true, $viewonline); $usergroup_id = array(); if ($login_result['status'] == LOGIN_SUCCESS) { $auth->acl($user->data); //add tapatalk_users here,for push service if ($params[3] == '1' && push_table_exists()) { global $table_prefix; $sql = "SELECT * FROM " . $table_prefix . "tapatalk_users where userid = '" . $user->data['user_id'] . "'"; $result = $db->sql_query($sql); $userInfo = $db->sql_fetchrow($result); $db->sql_freeresult($result); $time = time(); if (empty($userInfo)) { $sql_data[$table_prefix . "tapatalk_users"]['sql'] = array('userid' => $user->data['user_id'], 'announcement' => 1, 'pm' => 1, 'subscribe' => 1, 'quote' => 1, 'tag' => 1, 'newtopic' => 1, 'updated' => time()); $sql = 'INSERT INTO ' . $table_prefix . "tapatalk_users" . ' ' . $db->sql_build_array('INSERT', $sql_data[$table_prefix . "tapatalk_users"]['sql']); $db->sql_query($sql); } else { $sql = "UPDATE " . $table_prefix . "tapatalk_users \n\t \tSET updated= '" . time() . "' WHERE userid='" . $user->data['user_id'] . "'"; $db->sql_query($sql); } } // Compatibility with mod NV who was here if (file_exists($phpbb_root_path . 'includes/mods/who_was_here.' . $phpEx)) { include_once $phpbb_root_path . 'includes/mods/who_was_here.' . $phpEx; if (class_exists('phpbb_mods_who_was_here') && method_exists('phpbb_mods_who_was_here', 'update_session')) { @phpbb_mods_who_was_here::update_session(); } } } else { $error_msg = str_replace('%s', '', strip_tags($user->lang[$login_result['error_msg']])); return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(false, 'boolean'), 'result_text' => new xmlrpcval($error_msg, 'base64')), 'struct')); } if ($config['max_attachments'] == 0) { $config['max_attachments'] = 100; } $usergroup_id[] = new xmlrpcval($user->data['group_id']); $can_readpm = $config['allow_privmsg'] && $auth->acl_get('u_readpm') && ($user->data['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')); $can_sendpm = $config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user->data['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')); $can_upload = $config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && (function_exists('phpbb_is_writable') ? phpbb_is_writable($phpbb_root_path . $config['avatar_path']) : 1) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false; $can_search = $auth->acl_get('u_search') && $auth->acl_getf_global('f_search') && $config['load_search']; $can_whosonline = $auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'); $max_filesize = $config['max_filesize'] === '0' || $config['max_filesize'] > 10485760 ? 10485760 : $config['max_filesize']; $response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'user_id' => new xmlrpcval($user->data['user_id'], 'string'), 'username' => new xmlrpcval($user->data['username'], 'base64'), 'usergroup_id' => new xmlrpcval($usergroup_id, 'array'), 'icon_url' => new xmlrpcval(get_user_avatar_url($user->data['user_avatar'], $user->data['user_avatar_type']), 'string'), 'post_count' => new xmlrpcval($user->data['user_posts'], 'int'), 'can_pm' => new xmlrpcval($can_readpm, 'boolean'), 'can_send_pm' => new xmlrpcval($can_sendpm, 'boolean'), 'can_moderate' => new xmlrpcval($auth->acl_get('m_') || $auth->acl_getf_global('m_'), 'boolean'), 'max_attachment' => new xmlrpcval($config['max_attachments'], 'int'), 'max_png_size' => new xmlrpcval($max_filesize, 'int'), 'max_jpg_size' => new xmlrpcval($max_filesize, 'int'), 'can_search' => new xmlrpcval($can_search, 'boolean'), 'can_whosonline' => new xmlrpcval($can_whosonline, 'boolean'), 'can_upload_avatar' => new xmlrpcval($can_upload, 'boolean')), 'struct'); return new xmlrpcresp($response); }
function show_navigation($start_with) { start_form("", "get"); if ($start_with > 0) { echo get_href("<p>Previous", set_var(get_current_url(), "start", max(0, $start_with - SHOW_ITEMS))); } else { echo "Previous"; } echo " "; echo get_href("Next", set_var(get_current_url(), "start", $start_with + SHOW_ITEMS)); end_form(); }
/** * Decode a message from the database (properly) * * @param string $message * @param mixed $bbcode_uid */ function titania_decode_message(&$message, $bbcode_uid = '') { decode_message($message, $bbcode_uid); // We have to do all sorts of crap because decode_message doesn't properly decode a message for reinserting into the database // Replace with spaces - otherwise a number of issues happen... $message = str_replace(' ', ' ', $message); // Decode HTML entities, else bbcode reparsing will fail $message = html_entity_decode($message); // With magic_quotes_gpc on slashes are stripped too many times, so add them $message = STRIP ? addslashes($message) : $message; // Run set_var to re-encode the proper entities as if the user had submitted it themselves set_var($message, $message, 'string', true); }
function db_start() { $config = get_config('database'); $retval = false; $db = @mysqli_connect($config->host, $config->user, $config->pass, $config->name); if (mysqli_connect_errno()) { add_errors(mysqli_connect_error()); } else { if (!mysqli_set_charset($db, 'utf8')) { add_errors(mysqli_error($db)); } else { set_var('db', $db); $retval = true; } } return $retval; }
function update_push_status_func($xmlrpc_params) { global $db, $auth, $user, $config, $table_prefix; $params = php_xmlrpc_decode($xmlrpc_params); if (!empty($params[1]) && !empty($params[2]) && empty($user->data['is_registered'])) { $user->setup('ucp'); $username = $params[1]; $password = $params[2]; $viewonline = 1; set_var($username, $username, 'string', true); set_var($password, $password, 'string', true); header('Set-Cookie: mobiquo_a=0'); header('Set-Cookie: mobiquo_b=0'); header('Set-Cookie: mobiquo_c=0'); $auth->login($username, $password, true, $viewonline); } if ($user->data['is_registered'] == 1) { $update_params = array(); if (isset($params[0]['all'])) { $update_params['announcement'] = $params[0]['all'] ? 1 : 0; $update_params['pm'] = $params[0]['all'] ? 1 : 0; $update_params['subscribe'] = $params[0]['all'] ? 1 : 0; $update_params['quote'] = $params[0]['all'] ? 1 : 0; $update_params['tag'] = $params[0]['all'] ? 1 : 0; $update_params['newtopic'] = $params[0]['all'] ? 1 : 0; } else { $update_params['announcement'] = isset($params[0]['ann']) ? $params[0]['ann'] : 1; $update_params['pm'] = isset($params[0]['pm']) ? $params[0]['pm'] : 1; $update_params['subscribe'] = isset($params[0]['sub']) ? $params[0]['sub'] : 1; $update_params['quote'] = isset($params[0]['quote']) ? $params[0]['quote'] : 1; $update_params['tag'] = isset($params[0]['tag']) ? $params[0]['tag'] : 1; $update_params['newtopic'] = isset($params[0]['newtopic']) ? $params[0]['newtopic'] : 1; } $sql = 'UPDATE ' . $table_prefix . "tapatalk_users SET announcement = '" . $update_params['announcement'] . "',pm='" . $update_params['pm'] . "',\n\t\tsubscribe = '" . $update_params['subscribe'] . "',quote = '" . $update_params['quote'] . "',tag = '" . $update_params['tag'] . "',newtopic='" . $update_params['newtopic'] . "'\n\t\tWHERE userid = '" . $user->data['user_id'] . "'"; $result = $db->sql_query($sql); if ($result) { return new xmlrpcresp(new xmlrpcval(true, 'boolean')); } else { return new xmlrpcresp(new xmlrpcval(false, 'boolean')); } } }
//---------------------------------------------------------------------------------------------------- // Cargamos el comboBOX de usuarios //---------------------------------------------------------------------------------------------------- $q = "SELECT id, usuario, concat(nombre,' ',apellido) as nombre FROM usuarios WHERE activo='1' ORDER BY usuario"; $res = ejecutar_sql($db, $q); if (!$res) { echo $db->ErrorMsg(); //die(); } else { $combobox_usuarios = "<option value='-1'>Seleccione una...</option>"; while (!$res->EOF) { $combobox_usuarios = $combobox_usuarios . "<option value=" . $res->fields[0] . ">" . $res->fields[1] . ' - ' . $res->fields[2] . "</option>"; $res->MoveNext(); } } set_var("v_listado_usuarios", $combobox_usuarios); } set_var("v_color_cabezera_tabla", COLOR_ENCOMIENDAS_CABEZERA_TABLA); set_var("v_color_cabezera_columna", COLOR_ENCOMIENDAS_CABEZERA_COLUMNA); set_var("v_color_origen", COLOR_FONDO_CARGA_DATOS_PASAJE_ORIGEN); set_var("v_color_destino", COLOR_FONDO_CARGA_DATOS_PASAJE_DESTINO); set_var("v_color_foco_grilla", COLOR_PASAJES_FOCO); set_var("v_total_listado", "0.00"); set_var("v_total_pago_listado", "0.00"); set_var("v_cant_total_pasajes", "0"); set_var("v_cant_total_pagos", "0"); set_var("v_total_comision_listado", "0.00"); parse('resumenpasajes'); pparse('resumenpasajes'); desconectar($db); include_once "pie_paginas.php";
/** * request_var * * Used to get passed variable */ function request_var($var_name, $default, $multibyte = false, $cookie = false) { if (!$cookie && isset($_COOKIE[$var_name])) { if (!isset($_GET[$var_name]) && !isset($_POST[$var_name])) { return is_array($default) ? array() : $default; } $_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name]; } if (!isset($_REQUEST[$var_name]) || is_array($_REQUEST[$var_name]) && !is_array($default) || is_array($default) && !is_array($_REQUEST[$var_name])) { return is_array($default) ? array() : $default; } $var = $_REQUEST[$var_name]; if (!is_array($default)) { $type = gettype($default); } else { list($key_type, $type) = each($default); $type = gettype($type); $key_type = gettype($key_type); if ($type == 'array') { reset($default); $default = current($default); list($sub_key_type, $sub_type) = each($default); $sub_type = gettype($sub_type); $sub_type = $sub_type == 'array' ? 'NULL' : $sub_type; $sub_key_type = gettype($sub_key_type); } } if (is_array($var)) { $_var = $var; $var = array(); foreach ($_var as $k => $v) { set_var($k, $k, $key_type); if ($type == 'array' && is_array($v)) { foreach ($v as $_k => $_v) { if (is_array($_v)) { $_v = null; } set_var($_k, $_k, $sub_key_type); set_var($var[$k][$_k], $_v, $sub_type, $multibyte); } } else { if ($type == 'array' || is_array($v)) { $v = null; } set_var($var[$k], $v, $type, $multibyte); } } } else { set_var($var, $var, $type, $multibyte); } return $var; }
// porcentaje del coseguro usado en pasajes. // --------------------------------------------------------------------- $mensaje_error_conexion = "error en la conexión de mysql: "; $mensaje_error_ado = "error al crear el componente ado"; // --------------------------------------------------------------------- //------------------------------------------------------------------------------------------------- // configuracion de color para encomiendas //------------------------------------------------------------------------------------------------- set_var('v_color_encomiendas_remitente', '#f2f5a9'); set_var('v_color_encomiendas_destinatario', '#d1ffd3'); set_var('v_color_encomiendas_fila_comun', '#ffffff'); // usado en el archivo buscar_encomienda_a_cerrar.php; cierre set_var('v_color_encomiendas_fila_tipo_pago_en_destino', '#f78181'); set_var('v_color_encomiendas_fila_tipo_pago_contado', '#bcf5a9'); set_var('v_color_encomiendas_fila_tipo_pago_ctacte', '#a9d0f5'); set_var('v_color_encomiendas_cabezera_tabla', '#ffcc33'); set_var('v_color_encomiendas_cabezera_columna', '#b3b4fa'); set_var('v_color_encomiendas_pie_tabla', '#fbcfe1'); //------------------------------------------------------------------------------------------------- // configuracion de color para pasajes //------------------------------------------------------------------------------------------------- set_var('v_color_pasajes_fila_comun', '#ffffff'); // usado en el archivo buscar_pasajes_a_cerrar.php; cierre set_var('v_color_pasajes_fila_tipo_pago_en_destino', '#f78181'); set_var('v_color_pasajes_foco', '#f2f5a9'); set_var('v_color_pasajes_seleccionado', '#bef781'); set_var('v_color_viaje_diario_listado', '#e2a5b8'); set_var('v_color_viaje_especial_listado', '#a5e2ad'); set_var('v_color_fondo_carga_datos_pasaje_origen', "#f2f5a9"); set_var('v_color_fondo_carga_datos_pasaje_destino', '#d0f5a9'); pparse('configuracion');
function adm_page_confirm($title, $message) { global $_CLASS; // Grab data from GET and POST arrays ... note this is _not_ // validated! Everything is typed as string to ensure no // funny business on displayed hidden field data. Validation // will be carried out by whatever processes this form. $var_ary = array_merge($_GET, $_POST); $s_hidden_fields = ''; foreach ($var_ary as $key => $var) { if (empty($var)) { continue; } if (is_array($var)) { foreach ($var as $k => $v) { if (is_array($v)) { foreach ($v as $_k => $_v) { set_var($var[$k][$_k], $_v, 'string'); $s_hidden_fields .= "<input type=\"hidden\" name=\"{$key}[{$k}][{$_k}]\" value=\"" . addslashes($_v) . '" />'; } } else { set_var($var[$k], $v, 'string'); $s_hidden_fields .= "<input type=\"hidden\" name=\"{$key}[{$k}]\" value=\"" . addslashes($v) . '" />'; } } } else { set_var($var, $var, 'string'); $s_hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . addslashes($var) . '" />'; } unset($var_ary[$key]); } ?> <br /><br /> <form name="confirm" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?> "> <table class="tablebg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center"> <tr> <th><?php echo $title; ?> </th> </tr> <tr> <td class="row1" align="center"><?php echo $message; ?> <br /><br /><input class="btnlite" type="submit" name="confirm" value="<?php echo $_CLASS['core_user']->lang['YES']; ?> " /> <input class="btnmain" type="submit" name="cancel" value="<?php echo $_CLASS['core_user']->lang['NO']; ?> " /></td> </tr> </table> <?php echo $s_hidden_fields; ?> </form> <br /> <?php adm_page_footer(); }
while (!$res->EOF) { $combobox_bancos = $combobox_bancos . "<option value=" . $res->fields[0] . ">" . $res->fields[1] . "</option>"; $res->MoveNext(); } } set_var("v_comboBox_banco", $combobox_bancos); //------------------------------------------------------------------------------ // verificamos que no se llame a este archivo desde pasajes_adelantados para no // cargar todo el sql al dope if ($llamado != 1) { //---------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------- // Cargamos el comboBOX de Cuentas de pasajes adelantados //---------------------------------------------------------------------------------------------------- $q = "SELECT pa.codigo, pa.cantidad, pa.fecha_emision, cl.dni, cl.razon_social\n FROM pasajes_adelantados AS pa\n INNER JOIN clientes AS cl ON pa.id_cliente = cl.codigo\n ORDER BY cl.razon_social ASC "; $res = ejecutar_sql($db, $q); if (!$res) { echo $db->ErrorMsg(); //die(); } else { $combobox_cuenta = "<option value=0>Seleccione uno...</option>"; while (!$res->EOF) { $combobox_cuenta = $combobox_cuenta . "<option value=" . $res->fields[0] . "@" . $res->fields[1] . ">" . $res->fields[4] . " - " . $res->fields[1] . "</option>"; $res->MoveNext(); } } set_var("v_comboBox_cuenta", $combobox_cuenta); } parse('pagar_pasaje'); pparse('pagar_pasaje'); desconectar($db);
<?php include "_functions.php"; header("Cache: private"); $s_fileName = basename(__FILE__); $s_pageName = "Order Status"; $s_server = "65.175.107.2:3306"; $s_userName = "******"; $s_password = "******"; $s_db = "braddoro"; $s_publicID = set_var('pid', 0); $o_conn = mysql_connect($server = $s_server, $username = $s_userName, $password = $s_password); if (!$o_conn) { die_well(__LINE__, mysql_error()); } $o_sel = mysql_select_db($s_db); if (!$o_sel) { die_well(__LINE__, mysql_error()); } $s_header = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . $g_break; $s_header .= '<html xmlns="http://www.w3.org/1999/xhtml">' . $g_break; $s_header .= '<head>' . $g_break; $s_header .= '<meta name="generator" content="' . $s_pageName . '" />' . $g_break; $s_header .= '<title>' . $s_pageName . '</title>' . $g_break; $s_header .= '<link rel="stylesheet" href="eve2.css">' . $g_break; $s_header .= '</head>' . $g_break; $s_header .= '<body class="body">' . $g_break; $s_header .= '<span class="title">' . $s_pageName . '</span>' . $g_break; $s_header .= '<br /><br />' . $g_break; echo $s_header; $page_task = $s_page_task;
set_var("v_sucursal", $res->fields[14]); parse('imprimir_resumenpasajes_pagos'); $v_total_lis = $v_total_lis + $res->fields[9]; $v_total_pagos_lis = $v_total_pagos_lis + $res->fields[8]; $v_total_comision_lis = $v_total_comision_lis + $res->fields[11]; $res->MoveNext(); } // fin del while } } desconectar($db); set_var("v_cant_total", $cant); set_var("v_total_listado", number_format($v_total_lis, 2)); set_var("v_total_pagos_listado", number_format($v_total_pagos_lis, 2)); set_var("v_total_comision_listado", number_format($v_total_comision_lis, 2)); set_var("v_color_cabezera_columna_tabla", COLOR_ENCOMIENDAS_CABEZERA_COLUMNA); pparse("imprimir_resumen_pasajes"); // Impresion en PDF $htmlbuffer = ob_get_contents(); ob_clean(); try { $fecha = date("ymdhm"); // $html2pdf = new HTML2PDF('P', 'A4', 'es'); $html2pdf = new HTML2PDF('P', 'A4', 'es', false, 'utf-8', array(5, 5, 5, 5)); $html2pdf->pdf->SetDisplayMode('fullpage'); $html2pdf->writeHTML($htmlbuffer, isset($_GET['vuehtml'])); $html2pdf->Output('./resumen_pasajes' . $fecha . '.pdf', 'I'); } catch (HTML2PDF_exception $e) { echo $e; exit; }
include "_functions.php"; header("Cache: private"); $s_filename = basename(__FILE__); $s_pageName = "My Goal"; //— $s_server = "65.175.107.2:3306"; $s_userName = "******"; $s_password = "******"; $s_db = "braddoro"; $i_g = set_var('g', 0); $i_a = set_var('a', 0); $i_pct = $i_a / $i_g; $i_baseHeight = 200; $i_redHeight = $i_baseHeight * $i_pct; $i_greenHeight = $i_baseHeight - $i_redHeight; $s_t = set_var('t', 'My Goal'); /* $o_conn = mysql_connect($server=$s_server,$username=$s_userName,$password=$s_password); if (!$o_conn) {die_well(__LINE__,mysql_error());} $o_sel = mysql_select_db($s_db); if (!$o_sel) {die_well(__LINE__,mysql_error());} if ($i_chapterID == 0 && $i_paragraphID == 0) { $s_sql = 'select chapterID, paragraphID, chapterName, paragraph from braddoro.suntzu order by RAND() limit 1;'; } else { $s_sql = 'select chapterID, paragraphID, chapterName, paragraph from braddoro.suntzu where chapterID = '.$i_chapterID.' and paragraphID = '.$i_paragraphID.' limit 1;'; } $q_data = mysql_query($s_sql); if (!$q_data) {die_well(__LINE__,mysql_error());} while ($rowData = mysql_fetch_row($q_data)) { $i_chapterID = $rowData[0]; $i_paragraphID = $rowData[1];
$s_sql = "select \t\r\n\t headingID, displayOrder, headingName\r\n\tfrom \r\n\t cms.cfg_howto_headings\r\n\tWHERE \r\n\t chapterID = {$i_chapterID} \r\n\torder by \r\n \tdisplayOrder, headingName"; $q_data = mysql_query($s_sql); if (!$q_data) { die_well(mysql_error()); } $s_headingText = ''; if (mysql_num_rows($q_data)) { $s_headingText = '<select id="headingID" name="headingID">' . "\n"; while ($rowData = mysql_fetch_row($q_data)) { $s_headingText .= '<option value="' . $rowData[0] . '">' . $rowData[1] . '. ' . $rowData[2] . '</option>' . "\n"; } $s_headingText .= '</select>' . "\n"; } else { $s_headingText .= '<input type="hidden" id="headingID" name="headingID" value="0">' . "\n"; } $s_html = $s_headingText; break; case "saveContent": $i_howtoID = intval(set_var("howtoID", 0)); $i_chapterID = intval(set_var("chapterID", 0)); $i_headingID = intval(set_var("headingID", 0)); $i_displayOrder = intval(set_var("displayOrder", 0)); $s_contentTitle = set_var("contentTitle", ""); $s_textContent = set_var("textContent", ""); $s_sql = "insert into cms.dyn_howto_content (howtoID, chapterID, headingID, displayOrder, howtoContent, contentTitle, addedDate)\r\n\tselect {$i_howtoID}, {$i_chapterID}, {$i_headingID}, {$i_displayOrder}, '{$s_textContent}', '{$s_contentTitle}', now();"; $s_html = $objhowTo->saveItem(2, $s_sql); break; case "getdetail": break; } echo $s_html;
set_file("menu", "menu_principal.html"); set_var("fecha", dar_fecha()); set_var("visor", '...Administrador de Encomiendas ' . $_SESSION['sucursal'] . '...'); set_var('logo_proyecto', './imagenes/logo.jpg'); set_var('nombre_proyecto', 'Marciano Tourd SRL'); set_file("encomiendas", "encomiendas.html"); set_var("v_b_fecha_desde", dar_fecha()); // fecha_desde date("d/m/Y") set_var("v_b_fecha_hasta", dar_fecha()); // fecha_hasta set_var("v_b_nro_orden", " "); set_var("v_b_direcciones", " "); set_var("v_b_nombres", " "); set_var("v_b_dni_remitente", " "); set_var("v_b_dni_destinatario", " "); set_var("v_total_ctacte", 0.0); // sumatoria de cta cte set_var("v_sucursal", ' ' . $_SESSION['sucursal']); // sumatoria de cta cte set_var("v_usuario", ' ' . $_SESSION['usuario']); set_var("v_cant_reg", 0); // Indica la cantidad de registros encontrados. //set_file("pie","pie_pagina.html"); set_var("v_usuario", $_SESSION['usuario']); set_var('logo_proyecto', './imagenes/logo.jpg'); //pparse("menu"); pparse("encomiendas"); //pparse("pie"); ?>
/** * Login using http authenticate. * * @param array $param Parameter array, see $param_defaults array. * * @return void */ function phpbb_http_login($param) { global $auth, $user; global $config; $param_defaults = array('auth_message' => '', 'autologin' => false, 'viewonline' => true, 'admin' => false); // Overwrite default values with passed values $param = array_merge($param_defaults, $param); // User is already logged in // We will not overwrite his session if (!empty($user->data['is_registered'])) { return; } // $_SERVER keys to check $username_keys = array('PHP_AUTH_USER', 'Authorization', 'REMOTE_USER', 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION', 'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION', 'AUTH_USER'); $password_keys = array('PHP_AUTH_PW', 'REMOTE_PASSWORD', 'AUTH_PASSWORD'); $username = null; foreach ($username_keys as $k) { if (isset($_SERVER[$k])) { $username = $_SERVER[$k]; break; } } $password = null; foreach ($password_keys as $k) { if (isset($_SERVER[$k])) { $password = $_SERVER[$k]; break; } } // Decode encoded information (IIS, CGI, FastCGI etc.) if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0) { list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); } if (!is_null($username) && !is_null($password)) { set_var($username, $username, 'string', true); set_var($password, $password, 'string', true); $auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']); if ($auth_result['status'] == LOGIN_SUCCESS) { return; } else { if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS) { header('HTTP/1.0 401 Unauthorized'); trigger_error('NOT_AUTHORISED'); } } } // Prepend sitename to auth_message $param['auth_message'] = $param['auth_message'] === '' ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message']; // We should probably filter out non-ASCII characters - RFC2616 $param['auth_message'] = preg_replace('/[\\x80-\\xFF]/', '?', $param['auth_message']); header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"'); header('HTTP/1.0 401 Unauthorized'); trigger_error('NOT_AUTHORISED'); }
// solo efectivo $tipo_pago = 'Efectivo'; $detalle = 'Solo efectivo.'; break; case 2: // solo el cheque $tipo_pago = ' Cheque:' . $res->fields[5]; $detalle = ' Cheque:' . $res->fields[5] . ' Banco:' . $res->fields[7] . ' de:' . $res->fields[14]; break; } $total = $total + $res->fields[3]; set_var("v_nro_operacion", $res->fields[0]); set_var("v_tipo_de_pago", $tipo_pago); set_var("v_detalle_del_pago", $detalle); set_var("v_importe", number_format($res->fields[3], 2)); set_var("v_total_pago", $total); parse("listado_pago"); $res->MoveNext(); } // fin del while } } pparse("mostrar"); // Impresion en PDF $htmlbuffer = ob_get_contents(); ob_clean(); try { $fecha = date(); $html2pdf = new HTML2PDF('P', 'A4', 'es'); $html2pdf->pdf->SetDisplayMode('fullpage'); $html2pdf->writeHTML($htmlbuffer, isset($_GET['vuehtml']));
$db->sql_freeresult($result); $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u\n\tWHERE p.post_id = {$post_id}\n\t\tAND t.topic_id = p.topic_id\n\t\tAND u.user_id = p.poster_id\n\t\tAND (f.forum_id = t.forum_id\n\t\t\tOR f.forum_id = {$f_id})"; $result = $db->sql_query($sql); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Load parser $message_parser = new parse_message($post_data['post_text']); unset($post_data['post_text']); // Format the content as if it where *INSIDE* the posting field. $message_parser->decode_message($post_data['bbcode_uid']); $message =& $message_parser->message; $message = html_entity_decode_utf8($message); //var_dump($message);echo"\n\n\n\n"; // Here we "request_var" the post set_var($message, $message, 'string', true); $message = utf8_normalize_nfc($message); //var_dump($message);echo"\n\n\n\n"; // Restore the var $message_parser->message =& $message; //var_dump($message_parser->message);echo"\n\n\n\n"; /* *Now we can handle the post as in the submit action */ // Define flags $post_flags = array('enable_bbcode' => $config['allow_bbcode'] ? $post_data['enable_bbcode'] : false, 'enable_magic_url' => $config['allow_post_links'] ? $post_data['enable_magic_url'] : false, 'enable_smilies' => $post_data['enable_smilies'], 'img_status' => $config['allow_bbcode'] ? true : false, 'flash_status' => $config['allow_bbcode'] && $config['allow_post_flash'] ? true : false, 'enable_urls' => $config['allow_post_links']); // Parse the post $message_parser->parse($post_flags['enable_bbcode'], $post_flags['enable_magic_url'], $post_flags['enable_smilies'], $post_flags['img_status'], $post_flags['flash_status'], true, $post_flags['enable_urls']); // Update the post data $post_data = array_merge($post_data, $post_flags, array('message' => $message_parser->message, 'message_md5' => md5($message_parser->message), 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid)); // Make sure some required vars are set
/** * Send the test to an MPV server and return the results * * @return False on error (check $this->error) results on success */ public function mpv($download_location) { $server_list = titania::$config->mpv_server_list; $server = $server_list[array_rand($server_list)]; $mpv_result = $this->get_remote_file($server['host'], $server['directory'], $server['file'] . '?titania-' . $download_location); if ($mpv_result === false) { $this->error[] = phpbb::$user->lang['MPV_TEST_FAILED']; return false; } else { $mpv_result = str_replace('<br />', "\n", $mpv_result); set_var($mpv_result, $mpv_result, 'string', true); $mpv_result = utf8_normalize_nfc($mpv_result); return $mpv_result; } }
$res->MoveNext(); } } set_var("v_listado_tipo_pasaje", $combobox_tipo_pasaje); set_var("v_titulo_pagina", "Pasajes por adelantados"); set_var("v_color_cabezera_tabla", COLOR_ENCOMIENDAS_CABEZERA_TABLA); set_var("v_color_cabezera_columna", COLOR_ENCOMIENDAS_CABEZERA_COLUMNA); set_var("v_color_origen", COLOR_FONDO_CARGA_DATOS_PASAJE_ORIGEN); set_var("v_color_destino", COLOR_FONDO_CARGA_DATOS_PASAJE_DESTINO); set_var("v_color_mando_botonera_mando", COLOR_FONDO_BOTONERA_MANDO); set_var("v_color_fondo_boton_mando", COLOR_FONDO_BOTON_MANDO); set_var("v_color_texto_boton_mando", COLOR_TEXTO_BOTON_MANDO); $fecha = dar_fecha(); set_var("v_fecha_desde", $fecha); set_var("v_nombre", ""); set_var("v_cantidad", "1"); set_var("v_total", "0.00"); set_var("v_total_pago", "0.00"); set_var("v_cantidad_pago", "0.00"); set_var("v_detalle_pago", ""); set_var("v_total_pago", "0.00"); set_var("v_observaciones", ""); set_var("v_pag_a_ver", CANT_REG_PAGINA); // cantidad de registro a visualizar set_var("v_indise_pag_a_ver", 1); // Desde que registro visualizar. set_var("v_cantidad_registro_total", 0); set_var("v_cantidad_registros", 0); parse('pasajes_adelantados'); pparse('pasajes_adelantados'); desconectar($db);
<?php include "_functions.php"; header("Cache: private"); $s_fileName = basename(__FILE__); $s_pageName = "Projects"; $s_server = "65.175.107.2:3306"; $s_userName = "******"; $s_password = "******"; $s_db = "cms"; $s_page_task = set_var('page_task', 'list'); $i_projectID = set_var('projectID', 0); $s_project = set_var('project', ""); $s_projectCode = set_var('projectCode', ""); $i_active = set_var('active', 1); $s_submit = set_var('submit_form', ""); $o_conn = mysql_connect($server = $s_server, $username = $s_userName, $password = $s_password); if (!$o_conn) { die_well(__LINE__, mysql_error()); } $o_sel = mysql_select_db($s_db); if (!$o_sel) { die_well(__LINE__, mysql_error()); } $s_header = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . $g_break; $s_header .= '<html xmlns="http://www.w3.org/1999/xhtml">' . $g_break; $s_header .= '<head>' . $g_break; $s_header .= '<meta name="generator" content="' . $s_pageName . '" />' . $g_break; $s_header .= '<title>' . $s_pageName . '</title>' . $g_break; $s_header .= '<link rel="stylesheet" href="cms.css">' . $g_break; $s_header .= '</head>' . $g_break;
<?php /* ***************************************************************************** // Muestra el pie de pagina con los datos de informacion para el usuario ******************************************************************************/ include_once "seguridad.php"; include_once "conexion.php"; include_once "template.php"; set_file("pie_de_pagina", "pie_paginas.html"); set_var("v_logo_proyecto", SIS_LOGO); set_var("v_acerca_de", SIS_ACERCAR_DE); set_var('v_titulo_proyecto', SIS_PROYECTO); set_var('v_sis_version', SIS_VERSION); set_var('v_fecha_actualizacion_sistema', SIS_FECHA_MODI_SISTEMA); set_var('v_icono_sistema', SIS_ICON_PROYECTO); set_var("v_sis_pagina", SIS_PAGINA); set_var('v_mostrar_botonera', true); set_var("v_usuario", $_SESSION['usuario']); set_var("v_sucursal", $_SESSION['sucursal']); set_var("v_imagen_tipo_usu", $_SESSION['imagen']); pparse("pie_de_pagina"); ?>
/** * Login function */ function login_db(&$username, &$password) { global $db, $config; // do not allow empty password if (!$password) { return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS)); } if (!$username) { return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) { // Visual Confirmation handling $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate(); if ($vc_response) { return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row); } } // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; set_var($password_new_format, stripslashes($password_old_format), 'string'); if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { global $phpbb_root_path, $phpEx; include $phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx; } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding // plain md5 support left in for conversions from other systems. if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) { $hash = phpbb_hash($password_new_format); // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' SET user_password = \'' . $db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row); } } } // Check password ... if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) { // Check for old password hash... if (strlen($row['user_password']) == 32) { $hash = phpbb_hash($password); // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}"; $db->sql_query($sql); $row['user_password'] = $hash; } if ($row['user_login_attempts'] != 0) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row); } // Successful login... set user_login_attempts to zero... return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row); } // Password incorrect - increase login attempts $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); // Give status about wrong password... return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row); }
set_var("v_total_haber", number_format($total->fields[1], 2)); set_var("v_total", number_format($total->fields[0] - $total->fields[1], 2)); } else { set_var("v_total_debe", number_format(0, 2)); set_var("v_total_haber", number_format(0, 2)); set_var("v_total", number_format(0, 2)); } } else { set_var("v_nro_secuencia", ""); set_var("v_fecha", ""); set_var("v_operacion", ""); set_var("v_importe_debe", ""); set_var("v_importe_haber", ""); set_var("v_total_debe", number_format(0, 2)); set_var("v_total_haber", number_format(0, 2)); set_var("v_total", number_format(0, 2)); } // fin del If cantidad parse('listado_ctacte'); } desconectar($db); pparse("imprimir_ctacte"); // Impresion en PDF $htmlbuffer = ob_get_contents(); ob_clean(); try { $fecha = date("ymdhm"); // $html2pdf = new HTML2PDF('P', 'A4', 'es'); $html2pdf = new HTML2PDF('P', 'A4', 'es', false, 'ISO-8859-15', array(5, 5, 5, 10)); $html2pdf->pdf->SetDisplayMode('fullpage'); $html2pdf->writeHTML($htmlbuffer, isset($_GET['vuehtml']));
} else { $combobox_comisionista = $combobox_comisionista . "<option value=0>Solo de Sucursales...</option>"; while (!$res->EOF) { $combobox_comisionista = $combobox_comisionista . "<option value=" . $res->fields[0] . "> Por el comisionista:<b> " . strtoupper($res->fields[1]) . "</b></option>"; $res->MoveNext(); } $combobox_comisionista = $combobox_comisionista . "<option value=9999>Completo...</option>"; } set_var("v_comboBox_comisionista", $combobox_comisionista); //---------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------- //---------------------------------------------------------------------------------------------------- // MUESTRA TODOS LOS REGISTROS DE Las encomiendas //---------------------------------------------------------------------------------------------------- $selec = " e.nro_guia, e.fecha, de.cantidad, de.descripcion, de.comision_comisionista, de.comision_sucursal"; $from = " encomiendas AS e inner join detalle_encomiendas AS de on (e.nro_guia=de.id_encomienda) left join usuarios AS u on (de.id_comisionista=u.id)"; //$where = " (e.fecha BETWEEN '".cambiaf_a_mysql($fecha_desde)."' and '".cambiaf_a_mysql($fecha_hasta)."') "; $where = " (e.fecha BETWEEN '" . $fecha_desde . "' and '" . $fecha_hasta . "') "; if ($id_comisionista) { $where = where + "and (de.id_comisionista=" . $id_comisionista . ")"; } $db2 = new EyeMySQLAdap(HOST, USUARIO, PASSWORD, BASE); $x2 = new EyeDataGrid($db2); //$x2->showRadiobutton(); $x2->setQuery($selec, $from, 'nro_guia', $where); set_var('v_resumen_tabla', ''); pparse("resumen"); $x2->printTable(); ?>
} // fin while } set_var('v_id_viaje', $id_viaje); set_var("v_color_cabezera_tabla", COLOR_ENCOMIENDAS_CABEZERA_TABLA); set_var("v_color_cabezera_columna", COLOR_ENCOMIENDAS_CABEZERA_COLUMNA); set_var('v_vehiculo', $datos); set_var('v_datos_vehiculos', $vehiculos); set_var('v_asiento_usado', './imagenes/asientos.jpg'); set_var('v_asiento_no_usado', './imagenes/sinasientos.jpg'); set_var('v_imagen1', $imagen1); set_var('v_imagen2', $imagen2); set_var('v_imagen3', $imagen3); set_var('v_imagen4', $imagen4); set_var('v_imagen5', $imagen5); set_var('v_imagen6', $imagen6); set_var('v_imagen7', $imagen7); set_var('v_imagen8', $imagen8); set_var('v_imagen9', $imagen9); set_var('v_imagen10', $imagen10); set_var('v_patente_sel', ''); set_var('v_nombre_sel', ''); set_var('v_interno_sel', ''); set_var('v_modelo_sel', ''); set_var('v_nro_asientos_sel', ''); set_var('v_fecha_tecnica_sel', ''); set_var("v_fecha_viaje", $fecha); set_var("v_hora_viaje", $hora); parse('seleccion_vehiculo'); pparse('seleccion_vehiculo'); desconectar($db);
/** * Get Attachment Data */ function get_submitted_attachment_data($check_user_id = false) { global $user, $db, $phpbb_root_path, $phpEx, $config; $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $attachment_data = isset($_POST['attachment_data']) ? $_POST['attachment_data'] : array(); $this->attachment_data = array(); $check_user_id = $check_user_id === false ? $user->data['user_id'] : $check_user_id; if (!sizeof($attachment_data)) { return; } $not_orphan = $orphan = array(); foreach ($attachment_data as $pos => $var_ary) { if ($var_ary['is_orphan']) { $orphan[(int) $var_ary['attach_id']] = $pos; } else { $not_orphan[(int) $var_ary['attach_id']] = $pos; } } // Regenerate already posted attachments if (sizeof($not_orphan)) { // Get the attachment data, based on the poster id... $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', array_keys($not_orphan)) . ' AND poster_id = ' . $check_user_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $pos = $not_orphan[$row['attach_id']]; $this->attachment_data[$pos] = $row; set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); unset($not_orphan[$row['attach_id']]); } $db->sql_freeresult($result); } if (sizeof($not_orphan)) { trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR); } // Regenerate newly uploaded attachments if (sizeof($orphan)) { $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan)) . ' AND poster_id = ' . $user->data['user_id'] . ' AND is_orphan = 1'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $pos = $orphan[$row['attach_id']]; $this->attachment_data[$pos] = $row; set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); unset($orphan[$row['attach_id']]); } $db->sql_freeresult($result); } if (sizeof($orphan)) { trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR); } ksort($this->attachment_data); }
/** * Reparse the post text without editing (or with editing, just not recieving the raw code from the user and doing an internal edit) * May not fully work correctly */ public function reparse() { $for_edit = $this->generate_text_for_edit(); $this->post_text = $for_edit['text']; // Emulate what happens when sent from the user $this->post_text = html_entity_decode($this->post_text); set_var($this->post_text, $this->post_text, 'string', true); $this->generate_text_for_storage($for_edit['allow_bbcode'], $for_edit['allow_urls'], $for_edit['allow_smilies']); }