本文整理汇总了PHP中_dbEscape函数的典型用法代码示例。如果您正苦于以下问题:PHP _dbEscape函数的具体用法?PHP _dbEscape怎么用?PHP _dbEscape使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了_dbEscape函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: phpwcms_revision_r535
function phpwcms_revision_r535()
{
$status = true;
// do former revision check – fallback to r534
if (phpwcms_revision_check_temp('534') !== true) {
$status = phpwcms_revision_check('534');
}
// change type of some content related fields from TEXT to MEDIUMTEXT
// Retrieve Type of profession name
$result = _dbQuery("SHOW COLUMNS FROM `" . DB_PREPEND . "phpwcms_profession` WHERE Field='prof_name'");
if (isset($result[0]['Type']) && strpos($result[0]['Type'], '100')) {
$update = _dbQuery("ALTER TABLE `" . DB_PREPEND . "phpwcms_profession` CHANGE `prof_name` `prof_name` VARCHAR(255) NOT NULL DEFAULT ''", 'ALTER');
if (!$update) {
$status = false;
}
}
// Change profession ' n/a'
_dbUpdate('phpwcms_profession', array('prof_name' => 'n/a'), "prof_name=' n/a'");
// Import new professions
$result = _dbCount("SELECT COUNT(*) FROM `" . DB_PREPEND . "phpwcms_profession`");
if ($result < 25) {
$jobs = array('academic', 'accountant', 'actor', 'administrative services department manager', 'administrator', 'administrator, IT', 'agricultural advisor', 'air steward', 'air-conditioning installer or mechanic', 'aircraft service technician', 'ambulance driver (non paramedic)', 'animal carer (not in farms)', 'animator', 'arable farm manager, field crop or vegetable', 'arable farmer, field crop or vegetable', 'architect', 'architect, landscape', 'artist', 'asbestos removal worker', 'assembler', 'assembly team leader', 'assistant', 'author', 'baker', 'bank clerk (back-office)', 'beauty therapist', 'beverage production process controller', 'biologist', 'blogger', 'boring machine operator', 'bricklayer', 'builder', 'butcher', 'car mechanic', 'career counsellor', 'caretaker', 'carpenter', 'charge nurse', 'check-out operator', 'chef', 'child-carer', 'civil engineering technician', 'civil servant', 'cleaning supervisor', 'clerk', 'climatologist', 'cloak room attendant', 'cnc operator', 'comic book writer', 'community health worker', 'company director', 'computer programmer', 'confectionery maker', 'construction operative', 'cook', 'cooling or freezing installer or mechanic', 'critic', 'database designer', 'decorator', 'dental hygienist', 'dental prosthesis technician', 'dentist', 'department store manager', 'designer', 'designer, graphic', 'designer, industrial', 'designer, interface', 'designer, interior', 'designer, screen', 'designer, web', 'dietician', 'diplomat', 'director', 'display designer', 'doctor', 'domestic housekeeper', 'economist', 'editor', 'education advisor', 'electrical engineer', 'electrical mechanic or fitter', 'electrician', 'engineer', 'engineering maintenance supervisor', 'estate agent', 'executive', 'executive secretary', 'farmer', 'felt roofer', 'filing clerk', 'film director', 'financial clerk', 'financial services manager', 'fire fighter', 'first line supervisor beverages workers', 'first line supervisor of cleaning workers', 'fisherman', 'fishmonger', 'flight attendant', 'floral arranger', 'food scientist', 'garage supervisor', 'garbage man', 'gardener, all other', 'general practitioner', 'geographer', 'geologist', 'hairdresser', 'head groundsman', 'head teacher', 'horse riding instructor', 'hospital nurse', 'hotel manager', 'house painter', 'hr manager', 'it applications programmer', 'it systems administrator', 'jeweller', 'journalist', 'judge', 'juggler', 'kitchen assistant', 'lathe setter-operator', 'lawyer', 'lecturer', 'legal secretary', 'lexicographer', 'library assistant', 'local police officer', 'logistics manager', 'machine tool operator', 'magician', 'makeup artist', 'manager', 'manager, all other health services', 'marketing manager', 'meat processing operator', 'mechanical engineering technician', 'medical laboratory technician', 'medical radiography equipment operator', 'metal moulder', 'metal production process operator', 'meteorologist', 'midwifery professional', 'miner', 'mortgage clerk', 'musical instrument maker', 'musician', 'non-commissioned officer armed forces', 'nurse', 'nursery school teacher', 'nursing aid', 'ophthalmic optician', 'optician', 'painter', 'payroll clerk', 'personal assistant', 'personal carer in an institution for the elderly', 'personal carer in an institution for the handicapped', 'personal carer in private homes', 'personnel clerk', 'pest controller', 'photographer', 'physician assistant', 'pilot', 'pipe fitter', 'plant maintenance mechanic', 'plumber', 'police inspector', 'police officer', 'policy advisor', 'politician', 'porter', 'post secondary education teacher', 'post sorting or distributing clerk', 'power plant operator', 'primary school head', 'primary school teacher', 'printer', 'printing machine operator', 'prison officer / warder', 'product manager', 'professional gambler', 'project manager', 'programmer', 'psychologist', 'puppeteer', 'quality inspector, all other products', 'receptionist', 'restaurant cook', 'road paviour', 'roofer', 'sailor', 'sales assistant, all other', 'sales or marketing manager', 'sales representative', 'sales support clerk', 'salesperson', 'scientist', 'seaman (armed forces)', 'secondary school manager', 'secondary school teacher', 'secretary', 'security guard', 'sheet metal worker', 'ship mechanic', 'shoe repairer, leather repairer', 'shop assistant', 'sign language Interpreter', 'singer', 'social media manager', 'social photographer', 'software analyst', 'software developer', 'software engineer', 'soldier', 'solicitor', 'speech therapist', 'steel fixer', 'stockman', 'structural engineer', 'student', 'surgeon', 'surgical footwear maker', 'swimming instructor', 'system operator', 'tailor', 'tailor, seamstress', 'tax inspector', 'taxi driver', 'teacher', 'telephone operator', 'telephonist', 'theorist', 'tile layer', 'translator', 'transport clerk', 'travel agency clerk', 'travel agent', 'truck driver long distances', 'trucker', 'TV cameraman', 'TV presenter', 'university professor', 'university researcher', 'vet', 'veterinary practitioner', 'vocational education teacher', 'waiter', 'waiting staff', 'web designer', 'web developer', 'webmaster', 'welder, all other', 'wood processing plant operator', 'writer', 'other', 'n/a');
foreach ($jobs as $job) {
$sql = 'INSERT IGNORE INTO `' . DB_PREPEND . 'phpwcms_profession` (prof_name) VALUES(' . _dbEscape($job) . ')';
_dbQuery($sql, 'INSERT');
}
}
return $status;
}示例2: backend_edit_keywords
function backend_edit_keywords()
{
$list = '';
$keyword_id = empty($_POST['keyword_selected_id']) ? 0 : intval($_POST['keyword_selected_id']);
// UPDATE keyword
if (isset($_POST['send_update'])) {
$update = backend_getKeywordPostValues();
if (empty($update['keyword_name'])) {
// False, empty Keyword Name
$list .= '<p>Proof your input. Keyword name had no value. Value was reset.</p>';
} else {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_keyword SET ";
$sql .= "keyword_name=" . _dbEscape($update['keyword_name']) . " ";
$sql .= "WHERE keyword_id=" . $keyword_id . " ";
$sql .= "AND keyword_name!=" . _dbEscape($update['keyword_name']) . " LIMIT 1";
$update['result'] = _dbQuery($sql, 'UPDATE');
}
// INSERT keyword
} elseif (isset($_POST['send_insert'])) {
$insert = backend_getKeywordPostValues();
if (empty($insert['keyword_name'])) {
// False, empty Keyword Name
$list .= '<p>Proof your input. Keyword name had no value. Value was reset.</p>';
} else {
// 1st check if keyword does not exist
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword ";
$sql .= "WHERE keyword_trash=0 AND keyword_name=" . _dbEscape($insert['keyword_name']);
$check = _dbQuery($sql);
if (empty($check[0])) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_keyword SET ";
$sql .= "keyword_name=" . _dbEscape($insert['keyword_name']);
$insert['result'] = _dbQuery($sql, 'INSERT');
$keyword_id = $insert['result']['INSERT_ID'];
} else {
$list .= '<p>No new keyword created. Keyword name must be unique.</p>';
}
}
}
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword WHERE keyword_trash=0 AND keyword_id=" . $keyword_id . " LIMIT 1";
$keyword = _dbQuery($sql);
if (!$keyword) {
return '<p>No keyword could be found for the given ID</p>';
}
$list .= '<form name="keywordEditing" action="' . html(BE_CURRENT_URL) . '" method="post">' . LF;
// edit values
$list .= '<div class="inputText">';
$list .= '<label for="keyword_name">Keyword name:</label>';
$list .= '<input type="text" name="keyword_name" id="keyword_name" value="' . html($keyword[0]['keyword_name']) . '" />';
$list .= '</div>' . LF;
$list .= '<div class="inputButton">';
$list .= '<button type="submit" name="send_update">Update</button>';
$list .= '<button type="submit" name="send_insert">New</button>';
$list .= '</div>' . LF;
// hidden values
$list .= '<input type="hidden" name="keyword_selected_id" value="' . $keyword_id . '" />';
$list .= '<input type="hidden" name="keyword_action" value="edit" />';
$list .= LF . '</form>' . LF;
return $list;
}示例3: _getFileInfo
function _getFileInfo($value, $limit = '1', $mode = 'hash')
{
$sql = '';
switch ($mode) {
case 'hash':
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE f_aktiv=1 AND ";
$sql .= "f_trash=0 AND f_public=1 AND ";
$sql .= "f_hash=" . _dbEscape($value);
if (!FEUSER_LOGIN_STATUS) {
$sql .= ' AND f_granted=0';
}
if ($limit) {
$sql .= " LIMIT " . $limit;
}
break;
}
return _dbQuery($sql);
}示例4: phpwcms_revision_r532
function phpwcms_revision_r532()
{
$status = true;
// do former revision check – fallback to r529
if (phpwcms_revision_check_temp('529') !== true) {
$status = phpwcms_revision_check('529');
}
$result = _dbQuery('SHOW TABLES LIKE ' . _dbEscape(DB_PREPEND . 'phpwcms_redirect'));
if (!isset($result[0])) {
$sql = "CREATE TABLE IF NOT EXISTS `" . DB_PREPEND . "phpwcms_redirect` (\n\t\t\t\t\t`rid` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t`changed` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\t\t\t\t\t`id` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`aid` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`alias` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`link` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`views` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`active` int(1) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`shortcut` int(1) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`type` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`code` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`target` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\tPRIMARY KEY (`rid`),\n\t\t\t\t\tKEY `id` (`id`,`aid`,`alias`),\n\t\t\t\t\tKEY `active` (`active`),\n\t\t\t\t\tKEY `link` (`link`)\n\t\t\t\t) ENGINE=MyISAM";
if (!empty($GLOBALS['phpwcms']['db_charset'])) {
$sql .= ' DEFAULT CHARSET=' . $GLOBALS['phpwcms']['db_charset'];
}
if (!empty($GLOBALS['phpwcms']['db_collation'])) {
$sql .= ' COLLATE=' . $GLOBALS['phpwcms']['db_collation'];
}
$result = _dbQuery($sql, 'CREATE');
if (!$result) {
$status = false;
}
}
return $status;
}示例5: array
if (!isset($_SESSION["pklapp"]) || isset($_GET["all"]) && $_GET["all"] == "close") {
$_SESSION["pklapp"] = array();
}
if (isset($_GET["pklapp"])) {
list($pklapp_id, $pklapp_value) = explode("|", $_GET["pklapp"]);
if (intval($pklapp_value)) {
$_SESSION["pklapp"][$pklapp_id] = 1;
} else {
unset($_SESSION["pklapp"][$pklapp_id]);
}
foreach ($_SESSION["pklapp"] as $pklapp_id => $pklapp_value) {
if (!$pklapp_value) {
unset($_SESSION["pklapp"][$pklapp_id]);
}
}
mysql_query("UPDATE " . DB_PREPEND . "phpwcms_user SET usr_var_publicfile=" . _dbEscape(serialize($_SESSION["pklapp"])) . " WHERE usr_id=" . $_SESSION["wcs_user_id"], $db);
}
$_SESSION["list_zaehler"] = 0;
//Zähler für die Public-Listenfunktion setzen
//Feststellen, ob überhaupt Dateien/Ordner des Users vorhanden sind
$sql = "SELECT COUNT(f_id) FROM " . DB_PREPEND . "phpwcms_file WHERE f_public=1 AND f_aktiv=1 AND f_trash=0 LIMIT 1;";
if ($result = mysql_query($sql, $db) or die("error while counting user files")) {
if ($row = mysql_fetch_row($result)) {
$count_user_files = $row[0];
}
mysql_free_result($result);
}
if (isset($count_user_files) && $count_user_files) {
//Wenn überhaupt Public-Dateien vorhanden, dann Listing
//Beginn Tabelle für Public Dateilisting
echo "<table width=\"538\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";示例6: die
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <og@phpwcms.org>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type E-Card
$SQL .= "acontent_form=" . _dbEscape(serialize($content['reference'])) . " ";示例7: die
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <og@phpwcms.org>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type FAQ
$SQL .= "acontent_text=" . _dbEscape($content["faq_question"]) . ", ";
$SQL .= "acontent_html=" . _dbEscape($content["faq_answer"]) . ", ";
$SQL .= "acontent_form=" . _dbEscape(serialize($content["faq"])) . ", ";
$SQL .= "acontent_image=" . _dbEscape($content["image_info"]) . " ";示例8: convertStringToArray
// Only allowed file extensions
if (empty($file_error["file"])) {
if (is_string($phpwcms['allowed_upload_ext'])) {
$phpwcms['allowed_upload_ext'] = convertStringToArray(strtolower($phpwcms['allowed_upload_ext']));
}
if ($fileExt === '') {
$file_error["file"] = sprintf($BL['be_fprivup_err9'], implode(', ', $phpwcms['allowed_upload_ext']));
} elseif (is_array($phpwcms['allowed_upload_ext']) && count($phpwcms['allowed_upload_ext']) && !in_array(strtolower($fileExt), $phpwcms['allowed_upload_ext'])) {
$file_error["file"] = sprintf($BL['be_fprivup_err8'], strtoupper($fileName), implode(', ', $phpwcms['allowed_upload_ext']));
}
}
}
if (empty($file_error)) {
if (isset($file_vars)) {
$fileVarsField = ',f_vars';
$fileVarsValue = ',' . _dbEscape(serialize($file_vars));
} else {
$fileVarsField = '';
$fileVarsValue = '';
}
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_file (" . "f_pid, f_uid, f_kid, f_aktiv, f_public, f_name, f_created, f_size, f_type, f_ext, " . "f_shortinfo, f_longinfo, f_keywords, f_hash, f_copyright, f_tags, f_granted, f_gallerystatus, f_sort" . $fileVarsField . ") VALUES (" . $file_pid . ", " . intval($_SESSION["wcs_user_id"]) . ", 1, " . $file_aktiv . ", " . $file_public . ", '" . $fileName . "', '" . time() . "', '" . $fileSize . "', '" . aporeplace($fileType) . "', '" . $fileExt . "', '" . aporeplace($file_shortinfo) . "', '" . aporeplace($file_longinfo) . "', '" . aporeplace($file_keys) . "', '" . aporeplace($fileHash) . "', '" . aporeplace($file_copyright) . "', '" . aporeplace($file_tags) . "', " . $file_granted . ", " . $file_gallerydownload . ", " . $file_sort . $fileVarsValue . ")";
if ($result = mysql_query($sql, $db) or die("error while insert file information")) {
$new_fileId = mysql_insert_id($db);
//Festlegen der aktuellen File-ID
$wcs_newfilename = $fileExt ? $fileHash . '.' . $fileExt : $fileHash;
// changed for using hashed file names
$useruploadpath = PHPWCMS_ROOT . $phpwcms["file_path"];
$usernewfile = $useruploadpath . $wcs_newfilename;
if ($dir = @opendir($useruploadpath)) {
if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
$file_error["upload"] = $BL['be_fprivup_err3'] . ' (1)';示例9: empty
$mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
if (!is_mimetype_format($mime)) {
$mime = get_mimetype_by_extension(which_ext($file));
}
header('Content-Type: ' . $mime);
if (BROWSER_OS == 'iOS') {
require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
rangeDownload($file);
} else {
header('Content-Transfer-Encoding: binary');
if (!isset($_GET['ios'])) {
header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
}
header('Content-Length: ' . filesize($file));
readfile($file);
}
$success = true;
}
}
if ($success) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET f_dlfinal=f_dlfinal+1 ";
$sql .= "WHERE f_hash=" . _dbEscape($download["f_hash"]) . " LIMIT 1";
_dbQuery($sql, 'UPDATE');
if ($countonly) {
headerRedirect(PHPWCMS_URL . PHPWCMS_FILES . $fileinfo['filename']);
}
} else {
headerRedirect('', 404);
echo '<h1>404 File Not Found</h1>';
}
exit;示例10: die
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <og@phpwcms.org>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Form Email
$SQL .= "acontent_form=" . _dbEscape($content["form"]) . " ";示例11: die
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <og@phpwcms.org>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Images
$SQL .= "acontent_text=" . _dbEscape($content["text"]) . ", ";
$SQL .= "acontent_template=" . _dbEscape($content["image_template"]) . ", ";
$SQL .= "acontent_form=" . _dbEscape(serialize($content['image_list'])) . " ";示例12: IN
$where = "cat_status=1 AND cat_type NOT IN('module_shop') AND ";
$where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'";
$result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
if (isset($result[0])) {
if ($jquery) {
$data = $result;
} else {
foreach ($result as $value) {
$data[] = utf8_encode($value['cat_name']);
}
}
}
break;
case 'newstags':
$where = "cat_status=1 AND cat_type='news' AND ";
$where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'";
$result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
if (isset($result[0])) {
if ($jquery) {
$data = $result;
} else {
foreach ($result as $value) {
$data[] = utf8_encode($value['cat_name']);
}
}
}
break;
case 'lang':
$data = is_array($phpwcms['allowed_lang']) && count($phpwcms['allowed_lang']) ? $phpwcms['allowed_lang'] : array($phpwcms['default_lang']);
sort($data);
break;示例13: _dbGet
<input type="hidden" name="cblock" value="CPSET" />
<input type="hidden" name="csorting" value="0" />
<input type="hidden" name="cbefore" value="" />
<input type="hidden" name="ctab_title" value="" />
<input type="hidden" name="ctab_number" value="" />
<input type="hidden" name="ctitle" value="" />
<input type="hidden" name="csubtitle" value="" />
<input type="hidden" name="cpaginate_title" value="" />
<input type="hidden" name="cpaginate_page" value="" />
<?php
// normal contentpart edit mode
} else {
// Detect Template
if (!empty($content['article']['acat_template'])) {
$content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0 AND template_id=' . _dbEscape($content['article']['acat_template']), '', '', 1);
}
if (!isset($content['current_template'][0])) {
$content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0 AND template_default=1', '', '', 1);
}
if (!isset($content['current_template'][0])) {
$content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0', '', 'template_default DESC', 1);
}
$content['blocks'] = array();
if (isset($content['current_template'][0]['template_var'])) {
$content['template_name'] = html($content['current_template'][0]['template_name']);
if ($content['current_template'][0]['template_default']) {
$content['template_name'] .= ' (' . $BL['be_admin_tmpl_default'] . ')';
}
$content['current_template'] = unserialize($content['current_template'][0]['template_var']);
if (!empty($content['current_template']['customblock'])) {示例14: checkLogin
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if ($_SESSION["wcs_user_admin"] == 1) {
//Wenn Benutzer Admin-Rechte hat
//Löschen eines Benutzers
if (isset($_GET["del"])) {
$ui = explode(":", clean_slweg($_GET["del"]));
$user_id = intval($ui[0]);
$user_email = '';
if (isset($ui[1])) {
$user_email = $ui[1];
}
if ($user_id != $_SESSION["wcs_user_id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET " . "usr_login='" . generic_string(10) . "', " . "usr_pass='" . md5(generic_string(10)) . "', " . "usr_email='', " . "usr_admin=0, " . "usr_aktiv=9 " . "WHERE usr_id=" . $user_id . " AND " . "usr_email=" . _dbEscape($user_email);
if ($result = mysql_query($sql, $db)) {
if (is_valid_email($user_email)) {
@mail($user_email, "your account", "YOUR PHPWCMS ACCOUNT WAS DELETED\n \ncontact the admin if you have any question.\n\nSee you at " . $phpwcms["site"], "From: " . $phpwcms["admin_email"] . "\nReply-To: " . $phpwcms["admin_email"] . "\n");
}
}
}
}
if (isset($_GET["aktiv"])) {
$ui = explode(":", clean_slweg($_GET["aktiv"]));
$user_id = intval($ui[0]);
$user_aktiv = !empty($ui[1]) ? 1 : 0;
if ($user_id != $_SESSION["wcs_user_id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET usr_aktiv=" . $user_aktiv . " WHERE usr_id=" . $user_id . ";";
mysql_query($sql, $db) or die("error");
}示例15: search
function search()
{
$this->now = now();
if (empty($this->search_words)) {
return NULL;
}
$cnt_ts_livedate = 'IF(UNIX_TIMESTAMP(pc.cnt_livedate) > 0, UNIX_TIMESTAMP(pc.cnt_livedate), pc.cnt_created)';
$cnt_ts_killdate = 'IF(UNIX_TIMESTAMP(pc.cnt_killdate) > 0, UNIX_TIMESTAMP(pc.cnt_killdate), pc.cnt_created + 31536000)';
$sql = 'SELECT pc.*, ';
$sql .= $cnt_ts_livedate . ' AS cnt_ts_livedate, ';
$sql .= $cnt_ts_killdate . ' AS cnt_ts_killdate ';
$sql .= 'FROM ' . DB_PREPEND . 'phpwcms_content pc ';
$sql_where = 'WHERE ';
$sql_where .= 'pc.cnt_status=1 AND ';
$sql_where .= "pc.cnt_module='news' AND ";
$sql_where .= $cnt_ts_livedate . ' < ' . $this->now . ' AND ';
$sql_where .= '(' . $cnt_ts_killdate . ' > ' . $this->now . ' OR cnt_archive_status = 1) ';
$sql_group = '';
// choose by category
if (count($this->search_category)) {
$cat_sql = array();
// and/or/not mode
switch ($this->search_andor) {
case 'AND':
$news_andor = ' AND ';
$news_compare = '=';
break;
case 'NOT':
$news_andor = ' AND ';
$news_compare = '!=';
break;
default:
//OR
$news_andor = ' OR ';
$news_compare = '=';
}
foreach ($this->search_category as $value) {
$cat_sql[] = 'pcat.cat_name' . $news_compare . _dbEscape($value);
}
$sql .= "LEFT JOIN " . DB_PREPEND . "phpwcms_categories pcat ON (pcat.cat_type='news' AND pcat.cat_pid=pc.cnt_id) ";
$sql_where .= 'AND (' . implode($news_andor, $cat_sql) . ') ';
$sql_group = 'GROUP BY pc.cnt_id ';
}
// language selection
if (count($this->search_language)) {
$sql_where .= "AND pc.cnt_lang IN ('" . str_replace('#', "','", _dbEscape(implode('#', $this->search_language), false)) . "') ";
}
$sql .= $sql_where;
$sql .= $sql_group;
$sql = trim($sql);
$data = _dbQuery($sql);
$search_target_url_test = strtolower(substr($this->search_target_url, 0, 4));
if ($search_target_url_test !== 'http' && $search_target_url_test !== '{sit') {
// expected alias here or aid=123 or id=123
if ($this->search_highlight) {
$this->search_target_url = rel_url(array('newsdetail' => '___NEWSDETAIL__', 'highlight' => '___HIGHLIGHT__'), array('searchstart', 'searchwords'), $this->search_target_url);
} else {
$this->search_target_url = rel_url(array('newsdetail' => '___NEWSDETAIL__'), array('highlight', 'searchstart', 'searchwords'), $this->search_target_url);
}
$search_replace_newsdetail = true;
} else {
$search_replace_newsdetail = strpos($this->search_target_url, '___NEWSDETAIL__') !== false ? true : false;
$this->search_target_url = html_specialchars($this->search_target_url);
}
if ($this->search_highlight_words && is_array($this->search_highlight_words)) {
$s_highlight_words = rawurlencode(implode(' ', $this->search_highlight_words));
} else {
$s_highlight_words = '';
}
foreach ($data as $value) {
$s_result = array();
$s_text = $value['cnt_text'] . ', ' . $value['cnt_teasertext'] . ', ' . $value['cnt_place'] . ', ';
$s_text .= $value['cnt_subtitle'] . ', ' . $value['cnt_title'];
if ($this->search_username) {
$s_text .= ', ' . $value['cnt_editor'];
}
$value['cnt_object'] = @unserialize($value['cnt_object']);
if (!empty($value['cnt_object']['cnt_searchoff'])) {
continue;
}
if (isset($value['cnt_object']['cnt_category'])) {
if ($this->search_keyword) {
$s_text .= ' ' . $value['cnt_object']['cnt_category'];
}
if ($this->search_caption) {
$s_text .= ' ' . $value['cnt_object']['cnt_image']['caption'];
$s_text .= ' ' . $value['cnt_object']['cnt_files']['caption'];
}
}
$s_text = preg_replace('/<script[^>]*>.*?<\\/script>/is', '', $s_text);
// strip all <script> Tags
$s_text = str_replace(array('~', '|', ':', 'http', '//', '_blank', ' '), ' ', $s_text);
$s_text = clean_search_text($s_text);
preg_match_all('/' . $this->search_words . '/is', $s_text, $s_result);
$s_count = count($s_result[0]);
//set search_result to 0
if ($s_count && SEARCH_TYPE_AND) {
$s_and_or = array();
foreach ($s_result[0] as $svalue) {
$s_and_or[strtolower($svalue)] = 1;
//.........这里部分代码省略.........