public function database($data) { $db = new DB($data['db_driver'], $data['db_hostname'], $data['db_username'], $data['db_password'], $data['db_database'], $data['db_port']); $file = DIR_APPLICATION . 'opencart.sql'; if (!file_exists($file)) { exit('Could not load sql file: ' . $file); } $lines = file($file); if ($lines) { $sql = ''; foreach ($lines as $line) { if ($line && substr($line, 0, 2) != '--' && substr($line, 0, 1) != '#') { $sql .= $line; if (preg_match('/;\\s*$/', $line)) { $sql = str_replace("DROP TABLE IF EXISTS `oc_", "DROP TABLE IF EXISTS `" . $data['db_prefix'], $sql); $sql = str_replace("CREATE TABLE IF NOT EXISTS `oc_", "CREATE TABLE IF NOT EXISTS `" . $data['db_prefix'], $sql); $sql = str_replace("INSERT INTO `oc_", "INSERT INTO `" . $data['db_prefix'], $sql); $db->query($sql); $sql = ''; } } } $db->query("SET CHARACTER SET utf8"); $db->query("SET @@session.sql_mode = 'MYSQL40'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "user` SET user_id = '1', user_group_id = '1', username = '******'username']) . "', salt = '" . $db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '******'password'])))) . "', firstname = 'John', lastname = 'Doe', email = '" . $db->escape($data['email']) . "', status = '1', date_added = NOW()"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_email'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_email', value = '" . $db->escape($data['email']) . "'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_url'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_url', value = '" . $db->escape(HTTP_OPENCART) . "'"); // Create token to login with $string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $token = ''; for ($i = 0; $i < 64; $i++) { $token .= $string[rand(0, strlen($string) - 1)]; } $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_encryption'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_encryption', value = '" . $db->escape($token) . "'"); $db->query("UPDATE `" . $data['db_prefix'] . "product` SET `viewed` = '0'"); // Create order API user $string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $api_username = ''; for ($i = 0; $i < 64; $i++) { $api_username .= $string[rand(0, strlen($string) - 1)]; } $api_password = ''; for ($i = 0; $i < 256; $i++) { $api_password .= $string[rand(0, strlen($string) - 1)]; } $db->query("INSERT INTO `" . $data['db_prefix'] . "api` SET username = '******', `password` = '" . $db->escape($api_password) . "', status = 1, date_added = NOW(), date_modified = NOW()"); $api_id = $db->getLastId(); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_api_id'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `code` = 'config', `key` = 'config_api_id', value = '" . (int) $api_id . "'"); } }
function getWebpages($project, $tag = '', $page = 1, $webpages_per_page = 10, $orderBy = 'title', $orderDir = 'ASC', $archived = false) { $orderDir = strtoupper($orderDir); if ($orderDir != "ASC" && $orderDir != "DESC") { $orderDir = "ASC"; } if ($page < 0) { $page = 1; } //$conditions = logged_user()->isMemberOfOwnerCompany() ? '' : ' `is_private` = 0'; if ($tag == '' || $tag == null) { $tagstr = "1=1"; } else { $tagstr = "(SELECT count(*) FROM `" . TABLE_PREFIX . "tags` WHERE `" . TABLE_PREFIX . "project_webpages`.`id` = `" . TABLE_PREFIX . "tags`.`rel_object_id` AND `" . TABLE_PREFIX . "tags`.`tag` = " . DB::escape($tag) . " AND `" . TABLE_PREFIX . "tags`.`rel_object_manager` = 'ProjectWebpages' ) > 0 "; } $permission_str = ' AND (' . permissions_sql_for_listings(ProjectWebpages::instance(), ACCESS_LEVEL_READ, logged_user()) . ')'; if ($project instanceof Project) { $pids = $project->getAllSubWorkspacesCSV(true); $project_str = " AND " . self::getWorkspaceString($pids); } else { $project_str = ""; } if ($archived) { $archived_cond = " AND `archived_by_id` <> 0"; } else { $archived_cond = " AND `archived_by_id` = 0"; } $conditions = $tagstr . $permission_str . $project_str . $archived_cond; return ProjectWebpages::paginate(array("conditions" => $conditions, 'order' => DB::escapeField($orderBy) . " {$orderDir}"), config_option('files_per_page', 10), $page); // paginate }
public static function send($to_user, $subject, $body, $from_user) { $subject = strip_tags($subject); $body = strip_tags($body, "<br><a><strong><em>"); // Verify title wasn't garbage if (empty($title) && empty($body)) { return array('status' => false, 'message' => 'You must enter a subject and a body'); } if (empty($to_user)) { return array('status' => false, 'message' => 'You must select a recipient'); } if (empty($from_user)) { return array('status' => false, 'message' => 'The message must be from someone'); } if ($to_user->uid == $from_user->uid) { return array('status' => false, 'message' => 'You cannot send yourself a message'); } $subject = DB::escape($subject); $body = DB::escape($body); $query = "INSERT INTO xbt_messages (from_user_uid, to_user_uid, subject, body, ctime) VALUES (" . $from_user->uid . ", " . $to_user->uid . ", '" . $subject . "', '" . $body . "', unix_timestamp())"; if ($results = DB::query($query, true)) { return array('status' => true, 'message' => 'Your message has been sent.'); } else { return array('status' => false, 'message' => 'The message could not be sent at this time.'); } }
/** * Crear un hash con el nombre del cliente. * Esta función crear un hash para detectar clientes duplicados mediante * la eliminación de carácteres especiales y capitalización * * @return string con el hash generado */ private static function mkCustomerHash() { $charsSrc = array(".", " ", "_", ", ", "-", ";", "'", "\"", ":", "(", ")", "|", "/"); $newValue = strtolower(str_replace($charsSrc, '', DB::escape(self::$customerName))); $hashValue = md5($newValue); return $hashValue; }
public function showUserComments($pageId, $title) { // add page information to database, if not available if ($GLOBALS['DB']->getCell("SELECT COUNT(*) FROM page WHERE id = '{$pageId}'") == 0) { $dbTitle = DB::escape($title); $GLOBALS['DB']->query("INSERT INTO page VALUES ('{$pageId}', '{$dbTitle}')"); } $html = ""; if ($GLOBALS['User']->isLoggedIn()) { $html .= "\r\n\t\t\t <a name='yournote'></a>\r\n\t\t\t <form action='/andreas/php/andreas.php?module=cms&action=add' method='post'>\r\n\t\t\t <table class='section'>\r\n\t\t\t <caption class='sectionCaption'>Your note</caption>\r\n\t\t\t\t\t<tr><td><textarea name='content' cols='80' rows='5'></textarea></td></tr>\r\n\t\t\t <tr><td><input type='submit' value='Submit'/></td></tr>\r\n\t\t\t </table>\r\n\t\t\t <input type='hidden' name='page_id' value='{$pageId}' />\r\n\r\n\t\t\t </form>\r\n\t\t\t"; } else { $html .= "\r\n\t\t\t <table class='section'>\r\n\t\t\t <caption class='sectionCaption'>Your note</caption>\r\n\t\t\t <tr><td><div class='note'>\r\n\t\t\t\t\t\t<a href='/andreas/php/andreas.php?module=login&action=login&returnPageId={$pageId}'>Log in</a> to add a note.<br /><br />\r\n\t\t\t \tYou need to <a href='/andreas/php/andreas.php?module=registration&action=start'>register</a> (only name, e-mail address, and password) to add notes to the pages of the site.\r\n\t\t\t\t\t</div></td></tr>\r\n\t\t\t </table>\r\n\t\t\t"; } $rows = $GLOBALS['DB']->getRows(sprintf("\r\n\t\t\tSELECT\r\n\t\t\t\tnote.id as note_id, note.created_timestamp, note.last_changed_timestamp, note.content,\r\n\t\t\t\tuser.id as user_id, user.fullname\r\n\t\t\tFROM note\r\n\t\t\tINNER JOIN user ON user.id = note.user_id\r\n\t\t\tWHERE page_id = '%s' ORDER BY created_timestamp DESC\r\n\t\t", $pageId)); if (count($rows) > 0) { $notes = ""; foreach ($rows as $row) { $timeHTML = date("j F Y, H:i", $row["created_timestamp"]); if ($row['last_changed_timestamp'] != $row['created_timestamp']) { $timeHTML .= "; last edit: " . date("j F Y, H:i", $row["last_changed_timestamp"]); } if ($row['user_id'] == $GLOBALS['User']->getId()) { $editHTML = " <a href='/andreas/php/andreas.php?module=cms&action=edit¬e_id={$row['note_id']}'>Edit your note</a>"; } else { $editHTML = ""; } $notes .= "<a name='note_{$row['note_id']}'></a>"; $notes .= "<h4>" . htmlspecialchars($row["fullname"]) . " ({$timeHTML}){$editHTML}</h4>"; $notes .= "<p>" . $this->clean($row["content"]) . "</p>"; } $html .= "\r\n\t\t\t\t<table class='section'>\r\n\t\t\t <caption class='sectionCaption'>User contributed notes</caption>\r\n\t\t\t <tr><td><div class='note'>\r\n\t\t\t\t\t\t{$notes}\r\n\t\t\t\t\t</div></td></tr>\r\n\t\t\t </table>\r\n\t\t\t"; } echo $html; }
public function findflight() { $arricao = DB::escape($this->post->arricao); $depicao = DB::escape($this->post->depicao); $airline = DB::escape($this->post->airline); $aircraft = DB::escape($this->post->aircraft); if (!$airline) { $airline = '%'; } if (!$arricao) { $arricao = '%'; } if (!$depicao) { $depicao = '%'; } if ($aircraft == !'') { $aircrafts = FrontSchedulesData::findaircraft($aircraft); foreach ($aircrafts as $aircraft) { $route = FrontSchedulesData::findschedules($arricao, $depicao, $airline, $aircraft->id); if (!$route) { $route = array(); } if (!$routes) { $routes = array(); } $routes = array_merge($routes, $route); } } else { $routes = FrontSchedulesData::findschedule($arricao, $depicao, $airline); } $this->set('allroutes', $routes); $this->show('RSL/schedule_results.tpl'); }
function actionInvite() { if ($user = DB::query_row("SELECT * FROM `user_tb` WHERE `id` = '" . DB::escape($_GET['page']) . "'")) { setcookie("ref_id", $user['id'], time() + 2592000, "/", $this->domain); } $this->redirectTo("/registration/"); }
function add() { $pt = DB::escape(array_var($_GET, 'pt')); $t = DB::escape(array_var($_GET, 't')); $dep = ProjectTaskDependencies::findOne(array('conditions' => "`previous_task_id` = {$pt} AND `task_id` = {$t}")); if (!$dep instanceof ProjectTaskDependency) { try { DB::beginWork(); $dep = new ProjectTaskDependency(); $dep->setPreviousTaskId(array_var($_GET, 'pt')); $dep->setTaskId(array_var($_GET, 't')); $dep->save(); DB::commit(); } catch (Exception $e) { flash_error($e->getMessage()); DB::rollback(); } } flash_success(lang('success add task dependency')); $reload = array_var($_GET, 'reload', true); if ($reload) { ajx_current("reload"); } else { ajx_current("empty"); } }
public static function safeSid() { if (self::loggedIn()) { return DB::escape(self::currentData()->student_id); } return 's0000000'; }
function browse($filter, $export = false) { $records_per_page = (int) $filter['rec_per_page']; if (isset($filter['page']) && $filter['page'] > 1) { $page = (int) $filter['page']; } else { $page = 1; } $from = ($page - 1) * $records_per_page; $q1 = "SELECT p.*, h.host_id, h.ip AS ipaddress"; $q2 = "SELECT COUNT(*) as total_records"; $q = " FROM ports as p\n\t\t\tLEFT JOIN hosts AS h ON (h.host_id = p.ip)\n \t\t\tWHERE 1 = 1"; if (!empty($filter['ip'])) { $q .= " AND h.ip LIKE (\"" . DB::escape($filter['ip']) . "%\") "; } if (isset($filter['port']) && (int) $filter['port'] > 0 && (int) $filter['port'] <= 65535) { $q .= " AND p.port_id = " . (int) $filter['port']; } if (!empty($filter['protocol'])) { $q .= " AND p.protocol = '" . DB::escape($filter['protocol']) . "'"; } if (!empty($filter['state'])) { $q .= " AND p.state = '" . DB::escape($filter['state']) . "'"; } if (!empty($filter['service'])) { $q .= " AND p.service = '" . DB::escape($filter['service']) . "'"; } if (!empty($filter['banner'])) { if ((int) $filter['exact-match'] === 1) { $q .= " AND (p.banner LIKE BINARY \"%" . $filter['banner'] . "%\" OR p.title LIKE BINARY \"%" . $filter['banner'] . "%\")"; } else { //$q .= " AND match(title, banner) AGAINST (\"".DB::escape($filter['banner'])."\" IN NATURAL LANGUAGE MODE)"; $q .= " AND (p.banner LIKE \"%" . $filter['banner'] . "%\" OR p.title LIKE \"%" . $filter['banner'] . "%\")"; } } if (!empty($filter['text'])) { $q .= " AND (match(title, banner) AGAINST (\"" . DB::escape($filter['text']) . "\" IN NATURAL LANGUAGE MODE)\n OR h.ip LIKE (\"" . DB::escape($filter['text']) . "%\")\n OR p.service = \"" . DB::escape($filter['text']) . "%\"\n OR p.protocol = \"" . DB::escape($filter['text']) . "%\"\n OR p.port_id = \"" . (int) $filter['text'] . "%\")"; } $q .= " ORDER BY p.scanned_ts DESC"; if (!$export) { $q3 = " LIMIT {$from}, {$records_per_page}"; } else { $q3 = ""; } $data = DB::fetchAll($q1 . $q . $q3); $executionTimes['main'] = DB::getQueryExecutionTime(); if ($export) { return $data; } $total = DB::fetch($q2 . $q); $to = $from + $records_per_page < $total['total_records'] ? $from + $records_per_page : $total['total_records']; $pages = $total['total_records'] > 1 ? ceil($total['total_records'] / $records_per_page) : 0; if (count($data) > $records_per_page) { $to = $from + $records_per_page; } else { $to = count($data); } return array('data' => $data, 'pagination' => array('page' => $page, 'pages' => $pages, 'records' => $total['total_records'], 'from' => ++$from, 'to' => $to)); }
/** * Update the pref values on the selected target. */ function update() { $db = new DB("pref"); $db->setColPrefix("pref_"); foreach ($this->_vars as $name => $value) { $db->select("pref_name = '" . $name . "' AND pref_target = '" . $db->escape($this->target) . "'"); if ($db->numRows()) { $db->value = $value; $db->update("pref_name = '" . $name . "' AND pref_target = '" . $db->escape($this->target) . "'"); } else { $db->name = $name; $db->value = $value; $db->target = $this->target; $db->insert(); } } }
public function index() { $db = new DB(DB_DRIVER, DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE, DB_PORT); if ($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate()) { $db->query("REPLACE INTO `" . DB_PREFIX . "setting` SET `config_fraud_status_id` = '1', `config_fraud_score` = '" . (int) $this->request->post['config_fraud_score'] . "', `config_fraud_key` = '" . $db->escape($this->request->post['config_fraud_score']) . "', `config_fraud_detection` = '" . (int) $this->request->post['config_fraud_detection'] . "' WHERE `store_id` = '0' AND `code` = 'config'"); $this->session->data['success'] = $this->language->get('text_maxmind_success'); $this->response->redirect($this->url->link('step_4')); } else { $this->document->setTitle($this->language->get('heading_maxmind')); $data['heading_maxmind'] = $this->language->get('heading_maxmind'); $data['heading_maxmind_small'] = $this->language->get('heading_maxmind_small'); $data['text_maxmind_top'] = $this->language->get('text_maxmind_top'); $data['text_maxmind_link'] = $this->language->get('text_maxmind_link'); $data['entry_licence_key'] = $this->language->get('entry_licence_key'); $data['entry_risk'] = $this->language->get('entry_risk'); $data['entry_fraud_status'] = $this->language->get('entry_fraud_status'); $data['help_maxmind_risk'] = $this->language->get('help_maxmind_risk'); $data['help_maxmind_fraud'] = $this->language->get('help_maxmind_fraud'); $data['button_continue'] = $this->language->get('button_continue'); $data['button_back'] = $this->language->get('button_back'); $data['action'] = $this->url->link('maxmind'); if (isset($this->request->post['config_fraud_detection'])) { $data['config_fraud_detection'] = $this->request->post['config_fraud_detection']; } else { $data['config_fraud_detection'] = ''; } if (isset($this->request->post['config_fraud_key'])) { $data['config_fraud_key'] = $this->request->post['config_fraud_key']; } else { $data['config_fraud_key'] = ''; } if (isset($this->request->post['config_fraud_score'])) { $data['config_fraud_score'] = $this->request->post['config_fraud_score']; } else { $data['config_fraud_score'] = '80'; } $data['order_statuses'] = $db->query("SELECT * FROM " . DB_PREFIX . "order_status WHERE language_id = '1' ORDER BY name ASC")->rows; if (isset($this->request->post['config_fraud_status_id'])) { $data['config_fraud_status_id'] = $this->request->post['config_fraud_status_id']; } else { $data['config_fraud_status_id'] = ''; } if (isset($this->error['fraud_key'])) { $data['error_fraud_key'] = $this->error['fraud_key']; } else { $data['error_fraud_key'] = ''; } if (isset($this->error['fraud_score'])) { $data['error_fraud_score'] = $this->error['fraud_score']; } else { $data['error_fraud_score'] = ''; } $data['back'] = $this->url->link('step_4'); $data['footer'] = $this->load->controller('footer'); $data['header'] = $this->load->controller('header'); $this->response->setOutput($this->load->view('maxmind.tpl', $data)); } }
public function mysql($data) { $db = new DB($data['db_driver'], $data['db_host'], $data['db_user'], $data['db_password'], $data['db_name']); $file = DIR_APPLICATION . 'opencart.sql'; if (!file_exists($file)) { exit('Could not load sql file: ' . $file); } $lines = file($file); if ($lines) { $sql = ''; foreach ($lines as $line) { if ($line && substr($line, 0, 2) != '--' && substr($line, 0, 1) != '#') { $sql .= $line; if (preg_match('/;\\s*$/', $line)) { $sql = str_replace("DROP TABLE IF EXISTS `oc_", "DROP TABLE IF EXISTS `" . $data['db_prefix'], $sql); $sql = str_replace("CREATE TABLE `oc_", "CREATE TABLE `" . $data['db_prefix'], $sql); $sql = str_replace("INSERT INTO `oc_", "INSERT INTO `" . $data['db_prefix'], $sql); $db->query($sql); $sql = ''; } } } $db->query("SET CHARACTER SET utf8"); $db->query("SET @@session.sql_mode = 'MYSQL40'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "user` SET user_id = '1', user_group_id = '1', username = '******'username']) . "', salt = '" . $db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '******'password'])))) . "', status = '1', email = '" . $db->escape($data['email']) . "', date_added = NOW()"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_email'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_email', value = '" . $db->escape($data['email']) . "'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_url'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_url', value = '" . $db->escape(HTTP_OPENCART) . "'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_encryption'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_encryption', value = '" . $db->escape(hash_rand('md5')) . "'"); $db->query("UPDATE `" . $data['db_prefix'] . "product` SET `viewed` = '0'"); } }
function update() { $db = new DB("pref"); $db->setColPrefix("pref_"); foreach ($this->_vars as $name => $value) { $db->value = $value; $db->update("pref_name = '" . $name . "' AND pref_target = '" . $db->escape($this->target) . "'"); } }
function browse($filter, $export = false) { $records_per_page = (int) $filter['rec_per_page']; if (isset($filter['page']) && $filter['page'] > 1) { $page = (int) $filter['page']; } else { $page = 1; } $from = ($page - 1) * $records_per_page; $q1 = "SELECT ip AS ipaddress, port_id, protocol, state, reason, service, banner, title"; $q2 = "SELECT COUNT(*) as total_records"; $q = " FROM data WHERE 1 = 1"; if (!empty($filter['ip'])) { list($start_ip, $end_ip) = getStartAndEndIps($filter['ip']); $q .= " AND (ip >= {$start_ip} AND ip <= {$end_ip})"; } if (isset($filter['port']) && (int) $filter['port'] > 0 && (int) $filter['port'] <= 65535) { $q .= " AND port_id = " . (int) $filter['port']; } if (!empty($filter['protocol'])) { $q .= " AND protocol = '" . DB::escape($filter['protocol']) . "'"; } if (!empty($filter['state'])) { $q .= " AND state = '" . DB::escape($filter['state']) . "'"; } if (!empty($filter['service'])) { $q .= " AND service = '" . DB::escape($filter['service']) . "'"; } if (!empty($filter['banner'])) { if ((int) $filter['exact-match'] === 1) { $q .= " AND (banner LIKE BINARY \"%" . $filter['banner'] . "%\" OR title LIKE BINARY \"%" . $filter['banner'] . "%\")"; } else { $q .= " AND match(title, banner) AGAINST (\"" . DB::escape($filter['banner']) . "\" IN NATURAL LANGUAGE MODE)"; } } if (!empty($filter['text'])) { $q .= " AND (match(title, banner) AGAINST (\"" . DB::escape($filter['text']) . "\" IN NATURAL LANGUAGE MODE)\n OR service = \"" . DB::escape($filter['text']) . "%\"\n OR protocol = \"" . DB::escape($filter['text']) . "%\"\n OR port_id = \"" . (int) $filter['text'] . "%\")"; } if (isset($start_ip)) { $q3 = " ORDER BY ip ASC"; } else { $q3 = " ORDER BY scanned_ts DESC"; } if (!$export) { $q4 = " LIMIT {$from}, {$records_per_page}"; } else { $q4 = ""; } $data = DB::fetchAll($q1 . $q . $q3 . $q4); if ($export) { return $data; } $total = DB::fetch($q2 . $q); $to = $from + $records_per_page < $total['total_records'] ? $from + $records_per_page : $total['total_records']; $pages = $total['total_records'] > 1 ? ceil($total['total_records'] / $records_per_page) : 0; return array('data' => $data, 'pagination' => array('page' => $page, 'pages' => $pages, 'records' => $total['total_records'], 'from' => ++$from, 'to' => $to)); }
/** * Get project forms that are in relation with this message * * @param void * @return array */ function getRelatedForms() { if (is_null($this->related_forms)) { $this->related_forms = ProjectForms::findAll(array('conditions' => '`action` = ' . DB::escape(ProjectForm::ADD_COMMENT_ACTION) . ' AND `in_object_id` = ' . DB::escape($this->getId()), 'order' => '`order`')); // findAll } // if return $this->related_forms; }
static function getLastLogs($category = '', $title = '', $log_data = '', $limit = 10, $additional_conds = '') { $cat_cond = $category == '' ? "" : " AND `category` = ".DB::escape($category); $title_cond = $title == '' ? "" : " AND `title` = ".DB::escape($title); $data_cond = $log_data == '' ? "" : " AND `log_data` = ".DB::escape($log_data); $conditions = "1=1 $cat_cond $title_cond $data_cond"; if ($additional_conds != '') $conditions .= " AND $additional_conds"; return self::findAll(array('conditions' => $conditions, 'limit' => $limit, 'order' => '`created_on` DESC')); }
static function countPendingPreviousTasks($task_id) { $ids = array(); // Build Main SQL $sql = "\r\n\t\tSELECT count(`previous_task_id`) AS row_count FROM `" . TABLE_PREFIX . "project_task_dependencies` AS ptd\r\n\t\tLEFT JOIN `" . TABLE_PREFIX . "project_tasks` AS e ON ptd.`previous_task_id` = e.`object_id`\r\n\t\tWHERE `task_id` = " . $task_id . " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . "\r\n\t\tAND 0 = (SELECT `trashed_by_id` FROM `" . TABLE_PREFIX . "objects` WHERE `id`=`previous_task_id`)\r\n\t\t\r\n\t\t"; // Execute query and build the resultset $row = DB::executeOne($sql); return (int) array_var($row, 'row_count', 0); }
public function get_users($group_id) { $group_id = DB::escape($group_id); $data = DB::query("SELECT * FROM `users` WHERE `group` = '{$group_id}'", false); $result = array(); while ($user = DB::next($data)) { $result[] = $user; } return $result; }
public function jumpseatPurchase() { $id = DB::escape($this->post->id); $cost = DB::escape($this->post->cost); $curmoney = Auth::$userinfo->totalpay; $total = $curmoney - $cost; FltbookData::jumpseatpurchase(Auth::$userinfo->pilotid, $total); FltbookData::updatePilotLocation($id); header('Location: ' . url('/Fltbook')); }
public function purchase() { $id = DB::escape($_GET['id']); $cost = $_GET['cost']; $curmoney = Auth::$userinfo->totalpay; $total = $curmoney - $cost; FBSVData::purchase_ticket(Auth::$userinfo->pilotid, $total); FBSVData::update_pilot_location($id); header('Location: ' . url('/FBSV11')); }
/** * Adds extra where conditions when temporal filtering is needed. * * @param array $join_result * @param string $name * @return array */ protected function modify_join_result($join_result, $name) { if (!is_null($this->timestamp) and is_subclass_of($join_result[$name]['model'], '\\Orm\\Model_Temporal')) { //Add the needed conditions to allow for temporal-ness $table = $join_result[$name]['table'][1]; $query_time = \DB::escape($this->timestamp); $join_result[$name]['join_on'][] = array("{$table}.{$this->timestamp_start_col}", '<=', $query_time); $join_result[$name]['join_on'][] = array("{$table}.{$this->timestamp_end_col}", '>=', $query_time); } return $join_result; }
function table($aRow) { $photo = Photo::getPhotoById($aRow['main']); $aRow['main'] = "<img src='" . $photo['path'] . "/thumb/" . $photo['name'] . "'>"; if ($parent = DB::query_row("SELECT * FROM `category_tb` WHERE `id` = '" . DB::escape($aRow['categoryID']) . "'")) { $aRow['categoryID'] = $parent['name']; } else { $aRow['categoryID'] = "нет"; } return $aRow; }
/** * Check if the current user has access to view the addon * @return boolean */ function Access() { $acl = new Acl(USER_ID); $db = new DB("addons"); $db->select("addon_name = '" . $db->escape($this->_name) . "' AND addon_installed = '1'"); $db->nextRecord(); if ((int) $acl->group < (int) $db->addon_group) { return false; } else { return true; } }
public static function EditNewsItem($id, $subject, $body) { $subject = DB::escape($subject); $body = DB::escape($body); $sql = 'UPDATE ' . TABLE_PREFIX . 'news SET subject=\'' . $subject . '\', body=\'' . $body . '\' WHERE id=' . $id; $res = DB::query($sql); if (DB::errno() != 0) { return false; } return true; }
public static function handleBrowseRequest($options = [], $conditions = [], $responseID = null, $responseData = []) { // apply tag filter if (!empty($_REQUEST['tag'])) { // get tag if (!($Tag = Tag::getByHandle($_REQUEST['tag']))) { return static::throwNotFoundError('Tag not found'); } $conditions[] = 'ID IN (SELECT ContextID FROM tag_items WHERE TagID = ' . $Tag->ID . ' AND ContextClass = "' . \DB::escape(\Emergence\People\Person::getStaticRootClass()) . '")'; } return parent::handleBrowseRequest($options, $conditions, $responseID, $responseData); }
public static function AddGroup($groupname, $type) { $groupname = DB::escape($groupname); if ($type != 'a' || $type != 'd') { $type = 'd'; } $query = "INSERT INTO " . TABLE_PREFIX . "groups (name, groupstype) VALUES ('{$groupname}', '{$type}')"; $res = DB::query($sql); if (DB::errno() != 0) { return false; } return true; }
public function sendmail() { $this->checkPermission(EMAIL_PILOTS); echo '<h3>Sending email</h3>'; if ($this->post->subject == '' || trim($this->post->message) == '') { $this->set('message', 'You must enter a subject and message!'); $this->render('core_error.php'); return; } if (count($this->post->groups) == 0) { $this->set('message', 'You must select groups to send to!'); $this->render('core_error.php'); return; } echo 'Sending email...<br />'; $pilotarray = array(); //Begin the nice long assembly of e-mail addresses foreach ($this->post->groups as $groupid) { if ($groupid == 'all') { $all_pilots = PilotData::findPilots(array()); foreach ($all_pilots as $pilot) { $pilotarray[$pilot->pilotid] = $pilot; } break; } else { $tmp = PilotGroups::getUsersInGroup($groupid); if (count($tmp) == 0 || !is_array($tmp)) { continue; } foreach ($tmp as $pilot) { $pilotarray[$pilot->pilotid] = $pilot; } } } $subject = DB::escape($this->post->subject); $message = stripslashes($this->post->message) . PHP_EOL . PHP_EOL; # Do some quick fixing of obvious formatting errors $message = str_replace('<br>', '<br />', $message); foreach ($pilotarray as $pilot) { echo 'Sending for ' . $pilot->firstname . ' ' . $pilot->lastname . '<br />'; # Variable replacements $send_message = str_replace('{PILOT_FNAME}', $pilot->firstname, $message); $send_message = str_replace('{PILOT_LNAME}', $pilot->lastname, $send_message); $send_message = str_replace('{PILOT_ID}', PilotData::GetPilotCode($pilot->code, $pilot->pilotid), $send_message); $send_message = utf8_encode($send_message); Util::SendEmail($pilot->email, $subject, $send_message); } echo 'Complete!'; LogData::addLog(Auth::$userinfo->pilotid, 'Sent pass mail'); return; }
public function index() { require_once CORE_LIB_PATH . '/recaptcha/recaptchalib.php'; if ($this->post->submit) { if (Auth::LoggedIn() == false) { # Make sure they entered an email address if (trim($this->post->name) == '' || trim($this->post->email) == '') { $this->set('message', 'You must enter a name and email!'); $this->render('core_error.tpl'); return; } } $resp = recaptcha_check_answer(Config::Get('RECAPTCHA_PRIVATE_KEY'), $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); // Check the captcha thingy if (!$resp->is_valid) { $this->set('captcha_error', $resp->error); $this->set('message', 'You failed the captcha test!'); $this->render('contact_form.tpl'); return; } if ($this->post->subject == '' || trim($this->post->message) == '') { $this->set('message', 'You must enter a subject and message!'); $this->render('core_error.tpl'); return; } $subject = 'New message from ' . $this->post->name . ' - "' . $this->post->subject . '"'; $message = DB::escape($this->post->message) . PHP_EOL . PHP_EOL; unset($_POST['recaptcha_challenge_field']); unset($_POST['recaptcha_response_field']); foreach ($_POST as $field => $value) { $message .= "-{$field} = {$value}" . PHP_EOL; } $message = nl2br($message); $message = utf8_encode($message); Util::SendEmail(ADMIN_EMAIL, $subject, $message); $this->render('contact_sent.tpl'); return; } # Just a simple addition $rand1 = rand(1, 10); $rand2 = rand(1, 10); $this->set('rand1', $rand1); $this->set('rand2', $rand2); $tot = $rand1 + $rand2; //echo "total: $tot <br />"; SessionManager::Set('captcha_sum', $tot); //echo 'output of $_SESSION: <br />'; //print_r($_SESSION); $this->render('contact_form.tpl'); }
function getPermissionGroupsAllowAll($permission_group_ids) { if (is_array($permission_group_ids)) { $permission_group_ids = implode(",", $permission_group_ids); } $rows = DB::executeAll("SELECT permission_group_id FROM " . TABLE_PREFIX . "contact_dimension_permissions WHERE `dimension_id` = " . $this->getId() . " AND `permission_type` = " . DB::escape('allow all') . " AND `permission_group_id` in ({$permission_group_ids})"); $res = array(); if ($rows && is_array($rows)) { foreach ($rows as $row) { $res[] = $row['permission_group_id']; } } return $res; }