function delete_form($f3) { if (!$this->check_empty($f3)) { throw new \Exception('Not Empty'); } show_page($f3, $this->template_name() . '.delete'); }
function route_request() { $cmd = grab_request_var("cmd", ""); switch ($cmd) { case "Update Configuration": update_worker_cfg(); break; case "Start Worker": control_worker("start"); break; case "Restart Worker": control_worker("restart"); break; case "Attempt to Start Worker": control_worker("start"); break; case "Stop Worker": control_worker("stop"); break; case "top": show_gearman_top(); break; default: break; } // always show page show_page(); }
function process_form() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { show_page('Huh? ERROR: big kablooie'); return; } $query = 'SELECT id, name FROM users WHERE id="' . mysqli_real_escape_string(DB::get(), $_POST['account_id']) . '"'; $result = DB::queryRaw($query); if (mysqli_num_rows($result) != 1) { show_page('Nonexistent ID'); return; } $row = mysqli_fetch_assoc($result); $id = $row['id']; $name = $row['name']; // ** FORM VALIDATED AT THIS POINT ** // perform elevation $query = 'UPDATE users SET permissions="A", approved="1" WHERE id="' . $id . '" LIMIT 1'; DB::queryRaw($query); // show confirmation page page_header('Super-Admin'); echo <<<HEREDOC <h1>Super-Admin</h1> <span class="b">{$name}</span> was approved and elevated. Now clear the Super-Admin password. HEREDOC; //$names[0] = 'Super-Admin'; //$pages[0] = ''; //page_footer($names, $pages); }
public function index() { $this->Purview_model->checkPurview($this->tablefunc); $post = $this->input->post(NULL, TRUE); $getwhere = array(); $search['type'] = trim($post['type']); $search['keyword'] = trim($post['keyword']); $search['searchtype'] = trim($post['searchtype']); if ($search['type'] != '') { $getwhere['type'] = $search['type']; } if ($search['searchtype'] == 'id') { if ($search['keyword'] != '') { $getwhere[$search['searchtype']] = $search['keyword']; } } else { if ($search['keyword'] != '') { $getwhere[$search['searchtype'] . ' like'] = '%' . $search['keyword'] . '%'; } } $pagearr = array('currentpage' => isset($post['currentpage']) && $post['currentpage'] > 0 ? $post['currentpage'] : 1, 'totalnum' => $this->Data_model->getDataNum($getwhere), 'pagenum' => 20); $data = $this->Data_model->getData($getwhere, 'type,listorder,id desc', $pagearr['pagenum'], ($pagearr['currentpage'] - 1) * $pagearr['pagenum']); $res = array('tpl' => 'list', 'tablefunc' => $this->tablefunc, 'search' => $search, 'typearr' => $this->typearr, 'liststr' => $this->_setlist($data, true), 'pagestr' => show_page($pagearr, $search), 'funcstr' => $this->Purview_model->getFunc($this->tablefunc, $this->funcarr)); $this->load->view($this->tablefunc, $res); }
function index($f3) { $D = \R::findAll('toolgroups', 'ORDER BY sort_priority DESC, displayname ASC'); foreach ($D as $key => $element) { $D[$key]->with("ORDER BY displayname ASC")->ownTools; } $f3->set('data', \R::exportAll($D)); show_page($f3, 'tools.index'); }
public function index() { $this->Purview_model->checkPurview($this->tablefunc); $post = $this->input->post(NULL, TRUE); $pagearr = array('currentpage' => isset($post['currentpage']) && $post['currentpage'] > 0 ? $post['currentpage'] : 1, 'totalnum' => $this->Data_model->getDataNum(), 'pagenum' => 20); $data = $this->Data_model->getData('', 'listorder', $pagearr['pagenum'], ($pagearr['currentpage'] - 1) * $pagearr['pagenum']); $res = array('tpl' => 'list', 'tablefunc' => $this->tablefunc, 'liststr' => $this->_setlist($data, true), 'pagestr' => show_page($pagearr, ''), 'funcstr' => $this->Purview_model->getFunc($this->tablefunc, $this->funcarr)); $this->load->view($this->tablefunc, $res); }
function index($f3) { $D = \R::findOne('tools', 'name=?', array($f3->get('PARAMS.name'))); $D->with('ORDER BY id')->ownImages; if ($D) { $exportTmp = \R::exportAll($D); $f3->set('data', $exportTmp[0]); } else { $f3->set('data', ''); } show_page($f3, $this->template_name() . '.index'); }
function show_page($post_id = 0, $post_level = 0) { // 取得層數方便下標題 echo '<article class="article-content"><h' . ($post_level + 2) . ' class="article-title"><a href="' . get_permalink($post_id) . '">' . get_the_title($post_id) . '</a></h' . ($post_level + 2) . '><div class="thumbnail-img">'; the_post_thumbnail('large'); echo '</div>'; the_content(); if (is_page()) { //取得子網頁 $args = array( 'post_status' => 'publish', 'post_type' => 'page', 'post_parent' => $post_id, 'orderby' => 'menu_order', 'order' => 'ASC', 'nopaging' => true, ); tcc_attachments($post_id); $pages = get_posts($args); foreach ($pages as $post) { setup_postdata($post); show_page($post->ID, $post_level + 1); } } echo '<div class="clearfix"></div></article>'; }
function delete($f3) { if (!($user = \R::findOne('users', 'username=?', array(strtolower($f3->get('POST.username')))))) { throw new \Exception('Could not find user'); } if (!($tool = \R::findOne('tools', 'name=?', array(strtolower($f3->get('POST.tool')))))) { throw new \Exception('Could not find tool'); } if (!($records = \R::find('trainings', 'users_id=? AND tools_id=? AND level=?', array($user->id, $tool->id, strtoupper($f3->get('POST.level')))))) { throw new \Exception('Could not any training records for this user on this tool at this level.'); } \R::trashAll($records); $f3->set('messages', array('All Records of User ' . $user->username . ' on Tool ' . $tool->name . ' at Level ' . strtoupper($f3->get('POST.level')) . ' deleted.')); show_page($f3, 'messages'); }
<!-- Quick links page By Kulvinder Lotay and Artur Barbosa --> <!DOCTYPE html> <html> <?php # Connect to MySQL server and the database require 'includes/connect_db.php'; # Includes these helper functions require 'includes/helpers.php'; # Store current page in variable, call show_links and show_records functions using cur_page variable $cur_page = $_SERVER['PHP_SELF']; show_links($dbc, $cur_page); # Show the records show_page($cur_page, $dbc); # If user requests item (clicks quick link) make the appropriate GET request from quick links if ($_SERVER['REQUEST_METHOD'] == 'GET') { if (isset($_GET['id']) && isset($_GET['p'])) { if ($_GET['p'] == 3) { show_record_admin($dbc, $_GET['id'], $_GET['p']); } else { show_record($dbc, $_GET['id'], $_GET['p']); } } } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_POST['dialog'] == 'contact') { $errors = array(); $from = trim($_POST['email']); $message = trim($_POST['msg']);
} else { show_form('passreset', translate('Please enter your own email address.', sz_config('language'))); } } else { show_form('passreset', translate('You have entered an invalid email address. Please try again.', sz_config('language'))); } } else { show_form('passreset', ''); } } break; default: if ($nrgic == 'showregmsg') { show_msg(translate('Your request has been forwarded. We will notify you as soon as you can register again.', sz_config('language'))); } show_page('index'); break; } //BEGIN FUNCTIONS function blankRegForm($msg) { $newuser = array(); $newuser['username'] = ''; $newuser['fullnames'] = ''; $newuser['group'] = ''; $newuser['phone'] = ''; $newuser['user_website'] = ''; $newuser['email'] = ''; $newuser['referred_by'] = $_SESSION['ref']; registerForm($msg, $newuser); }
DB::setDbName($config["db_name"]); } if (isset($config["db_user"])) { DB::setDbUser($config["db_user"]); } if (isset($config["db_pass"])) { DB::setDbPass($config["db_pass"]); } // pridáme si ďalšie súbory s funkciami, ktoré budeme používať require_once APP_PATH . "/functions/general.php"; require_once APP_PATH . "/functions/message.php"; require_once APP_PATH . "/functions/auth.php"; require_once APP_PATH . "/functions/tasks.php"; // naštartujeme session potrebné pre prihlásenie a správičky if (!session_id()) { @session_start(); } // podstránky ktoré sú dostupné if (!file_exists(APP_PATH . "/routes.php")) { exit("Application error: Routes not found."); } $routes = (include APP_PATH . "/routes.php"); // v prvom segmente url máme podstránku $page = segment(1); // ak taká podstránka neexistuje v našom poli dostupných podstránok, tak zobrazíme 404 stránku if (!isset($routes[$page])) { show_404(); } // inak ju zobrazíme show_page($routes[$page]);
function process_form() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } if (isset($_POST['guts_full_update_a']) || isset($_POST['guts_full_update_b']) || isset($_POST['guts_full_update_c'])) { process_special_form(); } // and don't come back $set = null; for ($n = 1; $n < 12; $n++) { if (isset($_POST['guts_full_update_' . $n])) { $set = $n; } } if (is_null($set)) { trigger_error('No button clicked', E_USER_ERROR); } if ($_POST[$set] == 'None') { $score = NULL; } else { $score = (int) htmlentities($_POST[$set]); if ($score < 0 || $score > 3) { trigger_error('Invalid score?!', E_USER_ERROR); } } if ($_POST['previous_value_' . $set] == 'None') { $row = DB::queryFirstRow('SELECT COUNT(*) FROM guts WHERE problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '" AND team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); if ($row['COUNT(*)'] != '0') { show_page('The value of that field has changed. Make sure no ' . 'one else is currently entering scores for this team, and ' . 'try again.'); } if (!is_null($score)) { DB::queryRaw('INSERT INTO guts (team, problem_set, score) VALUES ("' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '", "' . mysqli_real_escape_string(DB::get(), $set) . '", "' . mysqli_real_escape_string(DB::get(), $score) . '")'); } } else { $result = DB::queryRaw('SELECT score FROM guts WHERE problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '" AND team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); if (mysqli_num_rows($result) == 0) { show_page('The value of that field has changed. Make sure no ' . 'one else is currently entering scores for this team, and ' . 'try again.'); } if (is_null($score)) { DB::queryRaw('DELETE FROM guts WHERE team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '" LIMIT 1'); } else { DB::queryRaw('UPDATE guts SET score="' . mysqli_real_escape_string(DB::get(), $score) . '" WHERE team="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND problem_set="' . mysqli_real_escape_string(DB::get(), $set) . '"'); } } alert('The score for set ' . $set . ' has been updated', 1); header('Location: ' . $_SERVER['REQUEST_URI']); die; }
function PrintUnread() { ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="29"><img alt="" src="http://<?php echo img_domain; ?> /forum/menu/2.gif"><img alt="" src="http://<?php echo img_domain; ?> /forum/menu/1.gif"></td> <td background="http://<?php echo img_domain; ?> /forum/menu/2.gif"><span style="color:white;font-size:11px;">Все непрочитанные тобой темы</span></td> <td width="40" background="http://<?php echo img_domain; ?> /forum/menu/2.gif"><img src="http://<?php echo img_domain; ?> /forum/menu/3.gif"></td> </tr> </table> <?php $str_where = $this->MakePermissionForTopic(); $str_query_select = "SELECT\n\t\tforum_topics.view AS view,\n\t\tforum_topics.id AS topic_id,\n\t\tforum_topics.otv AS otv, \n\t\tforum_topics.top AS topic_top,\n\t\tforum_topics.text AS text,\n\t\tforum_topics.last_user AS last_user, \n\t\tforum_topics.last_date AS last_date,\n\t\tforum_topics.stat AS stat,\n\t\tforum_topics.user_id AS user_id,\n\t\tforum_name.name AS last_name,\n\t\tforum_kat.name AS kat_name,\n\t\tforum_main.name AS main_name"; $str_query_count = "SELECT COUNT(*)"; $str_query_from = " FROM forum_kat,forum_topics,forum_otv,forum_name,forum_main\n\t\tWHERE\n\t\t\t(\n\t\t\tforum_kat.id = forum_topics.kat_id AND\n\t\t\tforum_main.id = forum_kat.main_id AND\n\t\t\tforum_name.user_id=forum_topics.last_user AND\n\t\t\tforum_topics.id = forum_otv.topics_id AND\n\t\t\tforum_topics.id NOT IN (SELECT topic_id FROM forum_read WHERE user_id=" . $this->char['user_id'] . ")\n\t\t\t{$str_where}\n\t\t\t)\n\t\tGROUP BY forum_topics.id"; $sel = myquery($str_query_select . $str_query_from); if (mysql_num_rows($sel) > 0) { if (!isset($_GET['page'])) { $page = 1; } else { $page = (int) $_GET['page']; } $line = 25; $allpage = ceil(mysql_result($sel, 0, 0) / $line); if ($page > $allpage) { $page = $allpage; } if ($page < 1) { $page = 1; } $selpage = myquery($str_query_select . $str_query_from . " order by forum_topics.last_date DESC limit " . ($page - 1) * $line . ", {$line}"); $this->PrintListTopic($selpage); ?> <table style="width:100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="25" style="background-image:url(http://<?php echo img_domain; ?> /forum/menu/bg2.gif)" align="center"> <?php $href = "?act=show_unread&"; echo 'Страница: '; show_page($page, $allpage, $href); ?> </td> </tr> </table> <?php } ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="29"><img alt="" src="http://<?php echo img_domain; ?> /forum/menu/2.gif"><img alt="" src="http://<?php echo img_domain; ?> /forum/menu/1.gif"></td> <td background="http://<?php echo img_domain; ?> /forum/menu/2.gif"> </td> <td width="40" background="http://<?php echo img_domain; ?> /forum/menu/2.gif"><img src="http://<?php echo img_domain; ?> /forum/menu/3.gif"></td> </tr> </table> <?php }
// ********************************************* // show_page // // @brief Show poet page. // // @param $id Poet user ID. // // ********************************************* function show_page($id) { echo '<div class="poems">'; echo '<p class="poet_name">'; // Show poet username as a link. echo '<a href="rss.php?poet_id=' . $id . '">'; echo '<img src="graphics/rss.gif" class="rss"></a> '; echo '<a href="show_poet_info.php?id=' . $id . '">'; echo get_poet_username($id); echo '</a>'; echo '</p>'; // Show poet poems. show_poems($id); echo '</div>'; } session_start(); require 'general_functions.php'; create_site_top(); create_top_menu(); // Get user ID. $id = get_id($db, $_GET); show_page($id); create_site_bottom();
<?php session_start(); require_once 'controller/init.php'; require_once 'controller/page.php'; require_once 'model/db.php'; $page = isset($_GET['p']) ? $_GET['p'] : '0'; show_page($page);
function process_form() { // Check XSRF token if ($_SESSION['xsrf_token'] != $_POST['xsrf_token']) { trigger_error('XSRF token invalid', E_USER_ERROR); } $query = 'SELECT name, email, mailings, approved, email_verification FROM users WHERE id="' . mysqli_real_escape_string(DB::get(), $_POST['id']) . '"'; $result = DB::queryRaw($query); if (mysqli_num_rows($result) != 1) { show_page('User not found.', ''); return; } $row = mysqli_fetch_assoc($result); if ($row['approved'] == '1') { show_page('User already approved.', ''); return; } if ($row['email_verification'] != '1') { show_page('User\'s email not yet verified.', ''); return; } $email_warning = ""; if ($row["mailings"] == '0') { $email_warning = " <b>Warning:</b> This user has mailings turned off."; } // ** OK To Proceed ** $user_string = $row['name'] . ' (#' . htmlentities($_POST['id']) . ') <' . $row['email'] . '>'; $query = 'UPDATE users SET approved="1" WHERE id="' . mysqli_real_escape_string(DB::get(), $_POST['id']) . '" LIMIT 1'; DB::queryRaw($query); if (!isset($_SESSION['approved_list'])) { $_SESSION['approved_list_size'] = 1; $_SESSION['approved_list'][1] = htmlentities($row['email']); } else { $_SESSION['approved_list_size']++; $_SESSION['approved_list'][$_SESSION['approved_list_size']] = htmlentities($row['email']); } show_page('', 'Approved: ' . $user_string . $email_warning); }
echo '<td>'; if ($mas[$i]['out_gp'] > 0) { echo $mas[$i]['out_gp'] . ' монет<br>'; } while (isset($mas[$i]['out'][$k_out])) { echo $mas[$i]['out'][$k_out]['name'] . ' - ' . $mas[$i]['out'][$k_out]['kol'] . ' шт.<br>'; $k_out++; } echo '</td>'; echo '<td align="center"><a href="town.php?option=' . $option . '&exchange=' . $mas[$i]['id'] . '">Обменять</a></td>'; echo '</tr>'; $i++; } echo '</table>'; if ($page_max > 1) { echo '<br>Страница: '; show_page($page, $page_max, $page_href); } } else { echo '<b>В Обменном пункте нет предложений, удовлетворяющих заданным условиям!</b>'; } } else { echo '<b>К сожалению, в Обменном пункте ещё нет предложений!</b>'; } echo '</div>'; echo '</center>'; echo '</td><td background="' . $img . '_rm.gif"></td></tr><tr><td width="1" height="1"><img src="' . $img . '_lb.gif"></td><td background="' . $img . '_mb.gif"></td><td width="1" height="1"><img src="' . $img . '_rb.gif"></td></tr></table>'; } if (function_exists("save_debug")) { save_debug(); }
echo '<td colspan=2></td>'; } } echo '</tr>'; } } echo ' <tr> <td width="16%" height=24 background="' . $img . '/img/comm.jpg"> </td> <td width="84%" background="' . $img . '/img/comm.jpg"></td> </tr> </table>'; if ($allpage > 1) { $href = '?option=comment&comm=' . $comm . '&user='******'user_id'] . ''; echo 'Страница: '; show_page($page, $allpage, $href); } if ($user_id > 0) { if (isset($_POST['text'])) { $text = trim($_POST['text']); if ($text != '') { $text = mysql_real_escape_string(htmlspecialchars($text)); $ins = myquery("insert into blog_comm (post_id, user_id, post, comm_time)\n\t\t\t\tvalues\n\t\t\t\t('" . $comm . "','" . $char['user_id'] . "','{$text}','" . time() . "')"); $up = myquery("update blog_post set comments=comments+1 where post_id='{$comm}'"); $sel = myquery("select user_id from blog_post where post_id='{$comm}'"); list($userr) = mysql_fetch_array($sel); myquery("update blog_users set comments=comments+1, lastcomm='" . date("d.m.y H:i") . "' where user_id='{$userr}'"); setLocation("?option=comment&comm=" . $comm . ""); } } else { echo '<center>';
if (($error_msg = lmt_send_individuals_email($_POST['subject'], $_POST['body'])) !== true) { show_page($error_msg); } else { alert('Your message has been sent', 1); header('Location: Individuals'); //Reloads the page } } else { if (isset($_POST['lmti_do_reedit_message'])) { if (($error_msg = val_email_msg($subject, $body)) !== true) { show_page($error_msg); } else { show_page(''); } } else { show_page(''); } } } function show_page($err) { // Put the cursor in the first field global $body_onload, $use_rel_external_script; $body_onload = 'document.forms[\'lmtIndividualComposeMessage\'].subject.focus();externalLinks();'; $use_rel_external_script = true; lmt_page_header('Email Individuals'); $message_sent_msg = fetch_alert('msgIndiv'); // If an error message is given, put it inside this div if ($err != '') { $err = "\n <div class=\"error\">{$err}</div><br />\n"; }
$data2[$i]['NAME'] = $item->NAME; $data2[$i]['IP_ADDR'] = $item->IPADDR; $data2[$i]['DESCRIPTION'] = $item->DESCRIPTION; $data2[$i]['URL'] = "http://" . $item->URL; $data2[$i]['REP_STORE'] = $item->ADD_REP; $data2[$i]['SUP'] = "<img src=image/delete-small.png OnClick='confirme(\"" . $item->NAME . "\",\"" . $item->ID . "\",\"" . $form_name . "\",\"supp\",\"" . $l->g(640) . " " . $l->g(644) . " \");'>"; if ($data2[$i]['IP_ADDR'] != "") { $data2[$i]['MODIF'] = "<img src=image/modif_tab.png OnClick='pag(\"" . $i . "\",\"modif\",\"" . $form_name . "\")'>"; } else { $data2[$i]['MODIF'] = ""; } $i++; } $total = "<font color=red> (<b>" . $valCount['nb'] . " " . $l->g(652) . "</b>)</font>"; tab_entete_fixe($entete, $data2, $l->g(645) . $total, "95", "300"); show_page($valCount['nb'], $form_name); echo "<input type='hidden' id='supp' name='supp' value=''>"; echo "<input type='hidden' id='modif' name='modif' value=''>"; echo "<input type='hidden' id='tri2' name='tri2' value='" . $_POST['tri2'] . "'>"; echo "<input type='hidden' id='sens' name='sens' value='" . $_POST['sens'] . "'>"; echo "</table>"; echo close_form(); //detail of group's machin if ($_POST['modif'] != "" and !isset($_POST['Valid_modif']) and !isset($_POST['Reset_modif'])) { $tab_name[1] = $l->g(646) . ": "; $tab_name[2] = $l->g(648) . ": "; $tab_typ_champ[1]['DEFAULT_VALUE'] = substr($data2[$_POST['modif']]['URL'], 7); $tab_typ_champ[1]['COMMENT_BEFORE'] = "<b>http://</b>"; $tab_typ_champ[1]['COMMENT_AFTER'] = "<small>" . $l->g(691) . "</small>"; $tab_typ_champ[1]['INPUT_NAME'] = "URL"; $tab_typ_champ[1]['INPUT_TYPE'] = 0;
function admin_page($f3) { $admins = array(); foreach (\R::find('users', 'admin=1 ORDER BY username') as $user) { array_push($admins, $user->username); } $f3->set('admins', implode("\n", $admins)); show_page($f3, 'admin'); }
$contents = "<div class='relyingparty_results'>\n"; $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; $contents .= "</div class='relyingparty_results'>"; show_page($contents); exit; } $url = $authRequest->getAuthorizeURL(); header("Location: {$url}"); exit; } else { /* Grab query string */ if (!count($_POST)) { list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); } else { // I hate php sometimes $queryString = file_get_contents('php://input'); } /* Check reply */ $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); $id = $message->get('openid.claimed_id'); if (!empty($id) && isset($AUTH_MAP[$id])) { $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user']; $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password']; session_write_close(); /* Redirect to phpMyAdmin (should use absolute URL here!) */ header('Location: ../index.php'); } else { show_page('<p>User not allowed!</p>'); exit; } }
break; } } } } return $result_nb_sessions; } if (isset($_GET['img']) && isset($_GET['file'])) { show_img($_GET['file']); } clean_cache(); if (!isset($_GET['mode'])) { $_GET['mode'] = ''; } switch ($_GET['mode']) { case 'minute': $mode = new ReportMode_minute(); break; case 'hour': $mode = new ReportMode_hour(); break; case 'day': default: $mode = new ReportMode_day(); break; } if (isset($_GET['img']) && $_GET['img'] == 'nb_sessions') { show_img_nb_session($mode); } show_page($mode);
function do_enter_clarified_score() { if (!validate_theme_score($_GET['Score'])) { trigger_error('Score isn\'t valid this time?!', E_USER_ERROR); } $row = DB::queryFirstRow('SELECT name, score_theme FROM individuals WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); if (!is_null($row['score_theme']) && !isset($_GET['Overwrite'])) { if (isset($_GET['xsrf_token'])) { header('Location: Theme?ID=' . $_GET['ID'] . '&Score=' . $_GET['Score']); die; } else { $msg = 'A score of ' . htmlentities($row['score_theme']) . ' has already been entered for ' . htmlentities($row['name']); if ($row['score_theme'] != $_GET['Score']) { $msg .= ' (<a href="Theme?Overwrite&ID=' . htmlentities($_GET['ID']) . '&Score=' . htmlentities($_GET['Score']) . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_GET['Score']) . '</a>)'; } show_page($msg, ''); } } // we check this later so we can go here without a token, too - so we can show an override message // if the individual already has a score entered if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } DB::queryRaw('UPDATE individuals SET score_theme="' . mysqli_real_escape_string(DB::get(), $_GET['Score']) . '" WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1'); $msg = 'A score of ' . htmlentities($_GET['Score']) . ' was entered for ' . htmlentities($row['name']); show_page($msg, ''); }
function process_form() { // Check XSRF token if ($_SESSION['xsrf_token'] != $_REQUEST['xsrf_token']) { trigger_error('Invalid XSRF token', E_USER_ERROR); } //Check Test ID $row = DB::queryFirstRow('SELECT test_id, name, total_points FROM tests WHERE test_id=%s LIMIT 1', $_REQUEST['ID']); if (!$row) { trigger_error('Process_Form: Invalid Test ID', E_USER_ERROR); } //Get some data $test_name = $row['name']; $test_id = intval($row['test_id']); $total_points = intval($row['total_points']); $score = $_REQUEST['score']; //No intval() because intval('') is 0. $user = sanitize_username($_REQUEST['user']); if ($user === false) { //Validate username alert('Name must have only letters, hyphens, apostrophes, and spaces, and be between 3 and 30 characters long', -1); } elseif (!val('i0+', $score) || ($score = intval($score)) > $total_points) { //Validate Score alert('Score must be a nonnegative integer not more than the total points', -1); } elseif (count($userdata = autocomplete_users_php($user)) == 0) { // Check for username - No such users found. if (@isset($_GET['Temporary'])) { if (DB::queryFirstField('SELECT COUNT(*) FROM users WHERE name=%s', $user) > 0) { alert('User already exists!', -1); } DB::insert('users', array('name' => $user, 'permissions' => 'T', 'approved' => 1)); DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => DB::insertId(), 'score' => $score)); alert('Created new temporary user <b>' . $user . '</b>, and entered a score of ' . $score . '.', 1); } else { alert('Could not find <b>' . $user . '</b>. <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User</a>?', -1); } } elseif (count($userdata) > 1) { alert('<b>' . $user . '</b> matches multiple people.' . ' <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User?</a>', -1); } else { //We've got exactly one match for the user name. $user = $userdata[0]['name']; $user_id = (int) $userdata[0]['id']; // Check for previously-entered scores $row = DB::queryFirstRow('SELECT score_id, score FROM test_scores WHERE test_id=%i AND user_id=%i LIMIT 1', $test_id, $user_id); $prev_score = $row['score']; $score_id = $row['score_id']; if (!is_null($prev_score)) { //Already entered. $prev_score = intval($prev_score); if ($prev_score == $score) { alert('<b>' . $user . '</b>\'s score has already been entered as ' . $prev_score, -1); } else { if (@isset($_REQUEST['Override'])) { DB::update('test_scores', array('score' => $score), 'score_id=%i LIMIT 1', $score_id); alert('Changed score from ' . $prev_score . ' to ' . $score . ' for <b>' . $user . '</b>', 1); } else { alert("<b>{$user}</b>'s score has already been entered as {$prev_score}. <a href='?Override&ID={$test_id}&user={$user}&score={$score}&xsrf_token={$_SESSION['xsrf_token']}'>Change to {$score}?</a>", -1); } } } else { //Non-duplicate, valid. Let's enter it. DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => $user_id, 'score' => $score)); alert('Entered a score of ' . $score . ' for ' . $user, 1); } } show_page(); }
function insert_archive_page($yrfrom, $yrto) { //Get the page data $dropbox_link = 'https://www.dropbox.com/sh/6wo6f5i8il42m1c/q8Vv_FHnxM/LMT'; $nth = intval(map_value('year')) - 2009 . 'th'; //This will last until the 21st LMT. Wow. $date = map_value('date'); $num_participants = DB::queryFirstField("SELECT COUNT(*) FROM `individuals` WHERE (score_theme IS NOT NULL OR score_individual IS NOT NULL) AND deleted=0"); $num_teams = DB::queryFirstField("SELECT COUNT(*) FROM `teams` WHERE (score_team_short IS NOT NULL OR score_team_long IS NOT NULL) AND deleted=0"); $num_schools = DB::queryFirstField("SELECT COUNT(DISTINCT school_id) FROM `schools` RIGHT JOIN teams ON schools.school_id=teams.school WHERE (teams.score_team_short IS NOT NULL OR teams.score_team_long IS NOT NULL) AND teams.deleted=0 AND schools.deleted=0"); $content = <<<HEREDOC <h1>{$yrfrom} Archive</h1> <h3>{$nth} Annual LMT</h3> <strong>Date: </strong>{$date}<br> <strong>Number of participants: </strong>{$num_participants}<br> <strong>Number of teams: </strong>{$num_teams}<br> <strong>Number of schools represented: </strong>{$num_schools}<br> <br> <!--Fill in the questionmarks and un-comment the Flickr link below!--> <!--<p><strong>View photos of the event </strong><a href="?????????" rel="external">on Flickr</a>.</p><br/>--> <h3>Problems and Solutions</h3>All archived problems and solutions can be found at <a href="{$dropbox_link}" rel="external">this Dropbox folder</a>.<br/> HEREDOC; //Get the exported results global $EXPORT_STR; $EXPORT_STR = true; require_once 'Export.php'; //Supposedly also in Backstage dir $content .= show_page(); //Insert it $order_num = 3000 - $yrfrom; //specially determined formula for ordering in reverse, yet never overflowing. Not for 900 years. As long as stuff stays consistent, orderings should be able to stay the same. //--todo-- check to make sure the order number doesn't already exist, because that vastly messes things up DB::insert('pages', array('name' => "{$yrfrom} Archive", 'content' => $content, 'order_num' => $order_num)); }
function do_update_reg_close() { if (strlen($_POST['reg_close']) > 2000) { show_page('Please limit all fields to 2000 characters'); } map_set('reg_close', $_POST['reg_close']); alert('Registration closing date has been changed. Be sure to update the homepage.', 1); }
<?php /* * LMT/Backstage/Guts/Display/Display.php * LHS Math Club Website * * New display thing :) */ $path_to_lmt_root = '../../../'; require_once $path_to_lmt_root . '../.lib/lmt-functions.php'; show_page(); function show_page() { score_guts(); cancel_templateify(); header('X-LMT-Guts-Data: 42'); //:) ?> <meta http-equiv="refresh" content="7"> <script src="https://code.jquery.com/jquery-2.1.3.min.js"></script> <style type="text/css"> body{ font-family:"Georgia"; } .box{ vertical-align:top; border: solid 2px #000; border-radius: 10px; height: 50px; width: 270px;
<!DOCTYPE html> <html> <head> <title>Example</title> </head> <body> <?php $data = array('webgl' => array('title' => 'Computer graphics with WebGL', 'description' => '...', 'lecturer' => 'Boychev'), 'go' => array('title' => 'Programming with Go', 'description' => '...', 'lecturer' => 'Bachiiski')); function show_page($pageId, $data) { $output = "<h1>"; $output = $output . $data[$pageId]['title']; $output = $output . "</h1>"; $output = $output . "<h2>"; $output = $output . $data[$pageId]['lecturer']; $output = $output . "</h2>"; $output = $output . "<p>"; $output = $output . $data[$pageId]['description']; $output = $output . "</p>"; echo $output; // $output = "<h1>"; // $output .= $data[$pageId] // <h1>Компютърна графика с WebGL</h1> // <h2>доц. П. Бойчев</h2> // <p>...</p> } show_page('webgl', $data); ?> </body> </html>