function nightly(){ //Rollover the feed-content table's statistics echo "Rolling over statistics...\n"; $sql = "UPDATE `feed_content` SET `yesterday_count` = `display_count`"; sql_command($sql); //Rolloever the position table's statistics $sql = "UPDATE `position` SET `yesterday_count` = `display_count`"; sql_command($sql); //Clear out the old data. I tried making it 1 sql statement, but it didn't work consistently $sql = "UPDATE `position` SET `display_count` = 0"; sql_command($sql); $sql = "UPDATE `feed_content` SET `display_count` = 0"; sql_command($sql); echo "Statistic rollover complete.\n"; echo "Parsing cache...\n"; //Parse the cache! cache_parse(25); echo "Completed cache parsing.\n"; echo "Finding expired content in moderation queue..."; deny_expired(); echo "Done dening expired content in mod queue.\n"; }
} /*---------------------------------------------------------------------------*\ | Delete a user | \*---------------------------------------------------------------------------*/ if (isset($Action) && $Action == "Delete") { $target_level = sql_query1("SELECT level FROM {$tbl_users} WHERE id={$Id} LIMIT 1"); if ($target_level < 0) { fatal_error(TRUE, "Fatal error while deleting a user"); } // you can't delete a user if you're not some kind of admin, and then you can't // delete someone higher than you if ($level < $min_user_editing_level || $level < $target_level) { showAccessDenied(0, 0, 0, "", ""); exit; } $r = sql_command("delete from {$tbl_users} where id={$Id};"); if ($r == -1) { print_header(0, 0, 0, "", ""); // This is unlikely to happen in normal operation. Do not translate. print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n"; print " <fieldset>\n"; print " <legend></legend>\n"; print " <p class=\"error\">Error deleting entry {$Id} from the {$tbl_users} table.</p>\n"; print " <p class=\"error\">" . sql_error() . "</p>\n"; print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n"; print " </fieldset>\n"; print "</form>\n"; // Print footer and exit print_footer(TRUE); } /* Success. Do not display a message. Simply fall through into the list display. */
// only update these fields if they are set; they might be NULL because // they have been disabled by JavaScript $assign_array[] = "{$var}=" . ${$area_var}; } } $assign_array[] = "private_enabled=" . $area_private_enabled; $assign_array[] = "private_default=" . $area_private_default; $assign_array[] = "private_mandatory=" . $area_private_mandatory; $assign_array[] = "private_override='" . $area_private_override . "'"; $assign_array[] = "approval_enabled=" . $area_approval_enabled; $assign_array[] = "reminders_enabled=" . $area_reminders_enabled; $assign_array[] = "enable_periods=" . $area_enable_periods; $assign_array[] = "confirmation_enabled=" . $area_confirmation_enabled; $assign_array[] = "confirmed_default=" . $area_confirmed_default; $sql .= implode(",", $assign_array) . " WHERE id={$area}"; if (sql_command($sql) < 0) { echo get_vocab("update_area_failed") . "<br>\n"; trigger_error(sql_error(), E_USER_WARNING); fatal_error(FALSE, get_vocab("fatal_db_error")); } // If the database update worked OK, go back to the admin page Header("Location: admin.php?day={$day}&month={$month}&year={$year}&area={$area}"); exit; } } } // PHASE 1 - GET THE USER INPUT // ---------------------------- print_header($day, $month, $year, isset($area) ? $area : "", isset($room) ? $room : ""); if ($is_admin) { // Heading is confusing for non-admins
} for ($j = 0; list($room) = sql_row($room_res, $j); $j++) { // Now we know room and area // We have to add some appointments to the day // four in each room seems good enough for ($a = 1; $a < 5; $a++) { // Pick a random hour 8-5 $starthour = mt_rand(7, 16); $length = mt_rand(1, 5) * 30; $starttime = mktime($starthour, 0, 0, $month, $day, $year); $endtime = mktime($starthour, $length, 0, $month, $day, $year); // Check that this isnt going to overlap $sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))"; $counte = sql_query1($sql); if ($counte == 0) { // There are no overlaps if ($area == 4) { $name = $jpnames[mt_rand(1, count($jpnames) - 1)]; } else { $name = $ennames[mt_rand(1, count($ennames) - 1)]; } $type = $intext[mt_rand(1, 2)]; $sql = "insert into {$tbl_entry} (room_id, create_by, start_time, end_time, type, name, description) values ({$room}, '{$REMOTE_ADDR}', {$starttime}, {$endtime},'{$type}','{$name}','A meeting')"; sql_command($sql); } echo "{$area} - {$room} ({$starthour},{$length}), {$type}<br>"; } } } } }
function log_back() { $ip = $_SERVER['REMOTE_ADDR']; $screen = new Screen($this->screen_id); $screen->status_update($ip); //Update the screen last updated and ip stuff if ($screen->get_powerstate()) { $sql = "UPDATE position SET display_count = display_count + 1 WHERE screen_id = {$this->screen_id} AND field_id = {$this->field_id} AND feed_id = {$this->feed_id} LIMIT 1"; sql_command($sql); $sql = "UPDATE feed_content SET display_count = display_count + 1 WHERE feed_id = {$this->feed_id} AND content_id = {$this->content_id} LIMIT 1"; sql_command($sql); } return true; }
} } echo "<div id=\"del_room_confirm\">\n"; echo "<p>" . get_vocab("sure") . "</p>\n"; echo "<div id=\"del_room_confirm_links\">\n"; echo "<a href=\"del.php?type=room&room={$room}&confirm=Y\"><span id=\"del_yes\">" . get_vocab("YES") . "!</span></a>\n"; echo "<a href=\"admin.php\"><span id=\"del_no\">" . get_vocab("NO") . "!</span></a>\n"; echo "</div>\n"; echo "</div>\n"; include "trailer.inc"; } } if ($type == "area") { // We are only going to let them delete an area if there are // no rooms. its easier $n = sql_query1("select count(*) from {$tbl_room} where area_id={$area}"); if ($n == 0) { // OK, nothing there, lets blast it away sql_command("delete from {$tbl_area} where id={$area}"); // Redirect back to the admin page header("Location: admin.php"); } else { // There are rooms left in the area print_header($day, $month, $year, $area); echo "<p>\n"; echo get_vocab("delarea"); echo "<a href=\"admin.php\">" . get_vocab("backadmin") . "</a>"; echo "</p>\n"; include "trailer.inc"; } }
function destroyAction() { $id = $this->args[1]; if (is_numeric($id)) { $res = sql_command('DELETE FROM `page` WHERE `page`.`id` = ' . escape($id)); } if ($res) { $this->flash('Page destroyed successfully'); redirect_to(ADMIN_URL . '/pages'); } else { $this->flash('There was an error removing the page.', 'error'); redirect_to(ADMIN_URL . '/pages'); } }
echo " done.<br>Updating repeating entries: "; $sql = "select id,name,description from mrbs_repeat"; $repeats_res = sql_query($sql); for ($i = 0; $row = sql_row($repeats_res, $i); $i++) { $id = $row[0]; $name = slashes(iconv($encoding, "utf-8", $row[1])); $desc = slashes(iconv($encoding, "utf-8", $row[2])); $upd_sql = "update mrbs_repeat set name='{$name}',description='{$desc}' where id={$id}"; sql_command($upd_sql); echo "."; } echo " done.<br>Updating normal entries: "; $sql = "select id,name,description from mrbs_entry"; $entries_res = sql_query($sql); for ($i = 0; $row = sql_row($entries_res, $i); $i++) { $id = $row[0]; $name = slashes(iconv($encoding, "utf-8", $row[1])); $desc = slashes(iconv($encoding, "utf-8", $row[2])); $upd_sql = "update mrbs_entry set name='{$name}',description='{$desc}' where id={$id}"; sql_command($upd_sql); echo "."; } echo 'done.<p> Finished everything, byebye! '; } ?> </body> </html>
// Check the user is authorised for this page checkAuthorised(); // Check that the user has the highest level of admin rights $user = getUserName(); $level = authGetUserLevel($user); if ($level < $max_level) { exit; } // Get non-standard form variables $ids = get_form_var('ids', 'array'); // Check that $ids consists of an array of integers, to guard against SQL injection foreach ($ids as $id) { if (!is_numeric($id) || intval($id) != $id || $id < 0) { exit; } } // Everything looks OK - go ahead and delete the entries // Note on performance. It is much quicker to delete entries using the // WHERE id IN method below than looping through mrbsDelEntry(). Testing // for 100 entries gave 2.5ms for the IN method against 37.6s for the looping // method - ie approx 15 times faster. For 1,000 rows the IN method was 19 // times faster. // // Because we are not using mrbsDelEntry() we have to delete any orphaned // rows in the repeat table ourselves - but this does not take long. $sql = "DELETE FROM {$tbl_entry} WHERE id IN (" . implode(',', $ids) . ")"; $result = sql_command($sql); // And delete any orphaned rows in the repeat table $sql = "DELETE FROM {$tbl_repeat} WHERE id NOT IN (SELECT repeat_id FROM {$tbl_entry})"; $orphan_result = sql_command($sql); echo $result;
// Note that: // (1) the code assumes that you are an admin with powers to delete anything. // It checks that you are an admin and so does not bother checking that // you have rights in that particular area or room, nor does it check that // the proposed deletion conforms to any policy in force. // (2) email notifications are not sent, even if they are normally configured // to be sent. Sending many thousands of emails in the space of a few // seconds could overwhelm many mail servers, or break the usage policies // on hosted systems. require "defaultincludes.inc"; require_once "mrbs_sql.inc"; // Check the user is authorised for this page checkAuthorised(); // Check that the user has the highest level of admin rights $user = getUserName(); $level = authGetUserLevel($user); if ($level < $max_level) { exit; } // Get non-standard form variables $ids = get_form_var('ids', 'array'); // Check that $ids consists of an array of integers, to guard against SQL injection foreach ($ids as $id) { if (!is_numeric($id) || intval($id) != $id || $id < 0) { exit; } } // Everything looks OK - go ahead and delete the entries $sql = "DELETE FROM {$tbl_entry} WHERE id IN (" . implode(',', $ids) . ")"; $result = sql_command($sql); echo $result;
for ($i = 0; $row = sql_row($res, $i); $i++) { echo "<li>{$row['0']} ("; echo time_date_string($row[1]) . " -> "; echo time_date_string($row[2]) . ")"; } echo "</ul>"; } echo "<center>"; echo "<H1>" . get_vocab("sure") . "</h1>"; echo "<H1><a href=\"del.php?type=room&room={$room}&confirm=Y\">" . get_vocab("YES") . "!</a> <a href=admin.php>" . get_vocab("NO") . "!</a></h1>"; echo "</center>"; include "trailer.inc"; } } if ($type == "area") { # We are only going to let them delete an area if there are # no rooms. its easier $n = sql_query1("select count(*) from mrbs_room where area_id={$area}"); if ($n == 0) { # OK, nothing there, lets blast it away sql_command("delete from mrbs_area where id={$area}"); # Redirect back to the admin page header("Location: admin.php"); } else { # There are rooms left in the area print_header($day, $month, $year, $area); echo get_vocab("delarea"); echo "<a href=admin.php>" . get_vocab("backadmin") . "</a>"; include "trailer.inc"; } }
function sql_mutex_cleanup() { global $sql_mutex_shutdown_registered, $sql_mutex_unlock_name; if (!empty($sql_mutex_unlock_name)) { sql_command("ABORT"); $sql_mutex_unlock_name = ""; } }
function convert_one_db($db) { global $alterdatabasecharset; global $altertablecharset; global $charset; global $collate; global $printonly; global $db_handle; $db_cha = PMA_getDbCollation($db); if (substr($db_cha[0], 0, 4) == 'utf8') { // This doesn't work for me, but isn't a big deal, as the table // check below works echo "Skipping utf8 database '{$db}'\n"; return; } sql_command("USE {$db}", $db_handle); $rs = sql_query("SHOW TABLES", $db_handle); if (!$rs) { echo "\n\n" . sql_error($db_handle) . "\n\n"; } else { for ($i = 0; $data = sql_row($rs, $i, $db_handle); $i++) { echo "Converting '{$data['0']}' table...\n"; $rs1 = sql_query("show FULL columns from {$data['0']}", $db_handle); if (!$rs1) { echo "\n\n" . sql_error($db_handle) . "\n\n"; } else { for ($j = 0; $data1 = sql_row_keyed($rs1, $j, $db_handle); $j++) { if (in_array(array_shift(split("\\(", $data1['Type'], 2)), array('char', 'varchar', 'tinytext', 'text', 'mediumtext', 'longtext', 'enum', 'set'))) { if (substr($data1['Collation'], 0, 4) != 'utf8') { $sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . ' CHARACTER SET binary ' . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL'); if (!$printonly && !sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } else { if ($printonly) { echo $sq . "\n"; } $sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . " CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}") . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL') . ($data1['Comment'] == '' ? '' : ' COMMENT \'' . addslashes($data1['Comment']) . '\''); if (!$printonly && !sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } else { if ($printonly) { echo $sq . "\n"; } } } // end of if (!$printonly) } // end of if (substr) } // end of if (in_array) } // end of inner for } // end of if ($rs1) if ($altertablecharset) { $sq = 'ALTER TABLE `' . $data[0] . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}"); if ($printonly) { echo $sq . "\n"; } else { if (!sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } } } // end of if ($altertablecharset) print "done.<br>\n"; } // end of outer for } // end of if (!$rs) if ($alterdatabasecharset) { $sq = 'ALTER DATABASE `' . $db . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}"); if ($printonly) { echo $sq . "\n"; } else { if (!sql_query($sq, $db_handle)) { echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n"; } } } // end of if ($alterdatabasecharset) }
/** mrbsCreateRepeatEntry() * * Creates a repeat entry in the data base * * $starttime - Start time of entry * $endtime - End time of entry * $rep_type - The repeat type * $rep_enddate - When the repeating ends * $rep_opt - Any options associated with the entry * $room_id - Room ID * $owner - Owner * $name - Name * $type - Type (Internal/External) * $description - Description * * Returns: * 0 - An error occured while inserting the entry * non-zero - The entry's ID */ function mrbsCreateRepeatEntry($starttime, $endtime, $rep_type, $rep_enddate, $rep_opt, $room_id, $owner, $name, $type, $description, $rep_num_weeks) { global $tbl_repeat; $name = slashes($name); $description = slashes($description); $timestamp = time(); // Let's construct the sql statement: $sql_coln = array(); $sql_val = array(); // Mandatory things: $sql_coln[] = 'start_time'; $sql_val[] = $starttime; $sql_coln[] = 'end_time'; $sql_val[] = $endtime; $sql_coln[] = 'rep_type'; $sql_val[] = $rep_type; $sql_coln[] = 'end_date'; $sql_val[] = $rep_enddate; $sql_coln[] = 'room_id'; $sql_val[] = $room_id; $sql_coln[] = 'create_by'; $sql_val[] = '\'' . $owner . '\''; $sql_coln[] = 'type'; $sql_val[] = '\'' . $type . '\''; $sql_coln[] = 'name'; $sql_val[] = '\'' . $name . '\''; $sql_coln[] = 'timestamp'; $sql_val[] = $timestamp; // Optional things, pgsql doesn't like empty strings! if (!empty($rep_opt)) { $sql_coln[] = 'rep_opt'; $sql_val[] = '\'' . $rep_opt . '\''; } else { $sql_coln[] = 'rep_opt'; $sql_val[] = '\'0\''; } if (!empty($description)) { $sql_coln[] = 'description'; $sql_val[] = '\'' . $description . '\''; } if (!empty($rep_num_weeks)) { $sql_coln[] = 'rep_num_weeks'; $sql_val[] = $rep_num_weeks; } $sql = 'INSERT INTO ' . $tbl_repeat . ' (' . implode(', ', $sql_coln) . ') ' . 'VALUES (' . implode(', ', $sql_val) . ')'; if (sql_command($sql) < 0) { return 0; } return sql_insert_id("{$tbl_repeat}", "id"); }
function unhide(){ if($this->set){ $sql = 'UPDATE newsfeed SET hidden = 0 WHERE id = ' . $this->id; sql_command($sql); return true; } else { return false; } }
function destroyAction() { $id = $this->args[1]; if (is_numeric($id)) { $res = sql_command('DELETE FROM `page_category` WHERE `page_category`.`id` = ' . escape($id)); } if ($res > 0) { $this->flash('Category destroyed successfully'); redirect_to(ADMIN_URL . '/page_categories'); } else { $this->flash('There was an error removing the category.', 'error'); redirect_to(ADMIN_URL . '/page_categories/show/' . $this->args[1]); } }