本文整理汇总了PHP中misc::make_db_safe方法的典型用法代码示例。如果您正苦于以下问题:PHP misc::make_db_safe方法的具体用法?PHP misc::make_db_safe怎么用?PHP misc::make_db_safe使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类misc
的用法示例。
在下文中一共展示了misc::make_db_safe方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: misc
function add_page()
{
global $conn, $lang, $config;
$security = login::loginCheck('editpages', true);
$display = '';
if ($security === true) {
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// Do we need to save?
if (isset($_POST['edit'])) {
// Save page now
$save_full = $_POST['ta'];
$save_title = $misc->make_db_safe($_POST['title']);
$save_description = $misc->make_db_safe($_POST['description']);
$save_keywords = $misc->make_db_safe($_POST['keywords']);
// $save_full_xhtml = urldecode($save_full);
// $save_full_xhtml = $this->html2xhtml($save_full_xhtml);
$save_full_xhtml = $misc->make_db_safe(editor::htmlEncodeText($save_full), TRUE);
$sql = "INSERT INTO " . $config['table_prefix'] . "pagesmain (pagesmain_full,pagesmain_title,pagesmain_date,pagesmain_summary,pagesmain_no_visitors,pagesmain_complete,pagesmain_description,pagesmain_keywords) VALUES ({$save_full_xhtml},{$save_title}," . $conn->DBDate(time()) . ",'',0,1,{$save_description},{$save_keywords})";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$display .= "<center><b>{$lang['page_saved']}</b></center><br />";
$display .= $this->page_list();
$display .= '<form action="index.php?action=edit_page" method="post" id="edit" name="edit">';
$html = '';
$sql = "SELECT pagesmain_full, pagesmain_title, pagesmain_complete, pagesmain_id, pagesmain_description, pagesmain_keywords FROM " . $config['table_prefix'] . "pagesmain WHERE pagesmain_title = " . $save_title;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
// Save PageID to Session for Image Upload Plugin
$_SESSION['PageID'] = $recordSet->fields['pagesmain_id'];
// Pull the page from the database
$display .= "<input type=\"hidden\" name=\"edit\" value=\"yes\" />";
$display .= "<input type=\"hidden\" name=\"PageID\" value=\"" . $_SESSION['PageID'] . "\" />";
$html = $misc->make_db_unsafe($recordSet->fields['pagesmain_full']);
$title = $misc->make_db_unsafe($recordSet->fields['pagesmain_title']);
$description = $misc->make_db_unsafe($recordSet->fields['pagesmain_description']);
$keywords = $misc->make_db_unsafe($recordSet->fields['pagesmain_keywords']);
// $complete = $misc->make_db_unsafe($recordSet->fields['pagesmain_complete']);
$display .= $lang['title'] . ' <input type="text" name="title" value="' . $title . '" /><br /><br />';
$display .= $lang['page_meta_description'] . ' <input type="text" size="50" name="description" value="' . $description . '" /><br /><br />';
$display .= $lang['page_meta_keywords'] . ' <input type="text" size="50" name="keywords" value="' . $keywords . '" /><br /><br />';
$display .= '<textarea name="ta" id="ta" style="height: 350px; width: 100%;">' . $html . '</textarea>';
$display .= '<input type="submit" name="ok" value="' . $lang['submit'] . '" style="margin-top:3px;"/>';
$display .= '</form>';
if ($_SESSION['PageID'] != '') {
$display .= '<form action="index.php?action=edit_page" method="post" id="delete" style="margin-top:3px;">';
$display .= '<input type="hidden" name="delete" value="yes" />';
$display .= '<input type="hidden" name="PageID" value="' . $_SESSION['PageID'] . '" />';
$display .= '<input type="submit" name="ok" value="' . $lang['delete_page'] . '" />';
$display .= '</form>';
}
} else {
$display .= $this->page_list();
$display .= '<form action="index.php?action=add_page" method="post" id="edit" name="edit">';
$display .= "<input type=\"hidden\" name=\"edit\" value=\"yes\" />";
$display .= $lang['title'] . ' <input type="text" name="title" value="" /><br /><br />';
$display .= $lang['page_meta_description'] . ' <input type="text" size="50" name="description" value="" /><br /><br />';
$display .= $lang['page_meta_keywords'] . ' <input type="text" size="50" name="keywords" value="" /><br /><br />';
$display .= '<textarea name="ta" id="ta" style="height: 30em; width: 100%;"></textarea>';
$display .= '<input type="submit" name="ok" value="' . $lang['submit'] . '" style="margin-top:3px;" />';
$display .= '</form>';
}
} else {
$display .= '<div class="error_text">' . $lang['access_denied'] . '</div>';
}
return $display;
}
示例2: ContactAgentForm
/**
* Contact::ContactAgentForm()
*
* @param integer $listing_id This should hold the listing ID. Listing_id is used only if agent_id is not set
* @param integer $agent_id This should hold the agent id
* @return
*/
function ContactAgentForm($listing_id = 0, $agent_id = 0)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
$error = array();
$listing_id = intval($listing_id);
$agent_id = intval($agent_id);
if ($agent_id == 0) {
if ($listing_id != 0) {
$sql_listing_id = $misc->make_db_safe($listing_id);
$sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_id = ' . $sql_listing_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$agent_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']);
}
}
if (isset($_POST['message'])) {
// Make sure there is a message
if ($_SESSION['security_code'] != md5($_POST['security_code']) && $config["use_email_image_verification"] == 1) {
$error[] = 'email_verification_code_not_valid';
}
if (trim($_POST['name']) == '') {
$error[] = 'email_no_name';
}
if (trim($_POST['email']) == '') {
$error[] = 'email_no_email_address';
} elseif ($misc->validate_email($_POST['email']) !== true) {
$error[] = 'email_invalid_email_address';
}
if (trim($_POST['subject']) == '') {
$error[] = 'email_no_subject';
}
if (trim($_POST['message']) == '') {
$error[] = 'email_no_message';
}
}
if (count($error) == 0 && isset($_POST['message'])) {
// Grab Agents Email
$sql_agent_id = $misc->make_db_safe($agent_id);
$sql = 'SELECT userdb_emailaddress FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_agent_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($config["include_senders_ip"] == 1) {
$_POST['message'] .= "\r\n" . $lang['senders_ip_address'] . $_SERVER["REMOTE_ADDR"];
}
if ($recordSet->RecordCount() != 0) {
$emailaddress = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
// Send Mail
$sent = $misc->send_email($_POST['name'], $_POST['email'], $emailaddress, $_POST['message'], $_POST['subject']);
if ($sent === true) {
$display .= $lang['email_listing_agent_sent'];
} else {
$display .= $sent;
}
}
} else {
if (count($error) != 0) {
foreach ($error as $err) {
$display .= '<div class="error_text">' . $lang[$err] . '</div>';
}
}
$name = '';
$email = '';
$subject = '';
if ($listing_id !== 0) {
$subject = $lang['email_in_reference_to_listing'] . $listing_id;
}
$message = '';
if (isset($_POST['message'])) {
$email = stripslashes($_POST['email']);
$name = stripslashes($_POST['name']);
$message = stripslashes($_POST['message']);
$subject = stripslashes($_POST['subject']);
}
$display .= '<form name="contact_agent" method="post" action="index.php?action=contact_agent&popup=yes&listing_id=' . $listing_id . '&agent_id=' . $agent_id . '">
<table border="0" cellspacing="2" cellpadding="4">
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="name">' . $lang['email_your_name'] . ' </label>
<input id="name" name="name" value="' . htmlentities($name) . '" type="text" size="50">
</td>
</tr>
<tr>
<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="email">' . $lang['email_your_email'] . ' </label>
<input id="email" name="email" value="' . htmlentities($email) . '" type="text" size="50">
</td>
</tr>
<tr>
//.........这里部分代码省略.........
示例3: intval
function add_post()
{
global $conn, $lang, $config;
$security = login::loginCheck('can_access_blog_manager', true);
$display = '';
$blog_saved = FALSE;
$blog_deleted = FALSE;
$blog_user_type = intval($_SESSION['blog_user_type']);
if ($security === true) {
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
//Load the Core Template
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
//Load TEmplate File
$page->load_page($config['admin_template_path'] . '/blog_edit_post.html');
// Do we need to save?
if (isset($_POST['edit'])) {
// Save blog now
$save_full = $_POST['ta'];
$save_title = $misc->make_db_safe($_POST['title']);
$save_full_xhtml = $misc->make_db_safe(blog_editor::htmlEncodeText($save_full), TRUE);
$save_description = $misc->make_db_safe($_POST['description']);
$save_keywords = $misc->make_db_safe($_POST['keywords']);
$save_published = intval($_POST['published']);
if ($blog_user_type == 2 && $save_published == 1) {
//Throw Error
$display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />';
unset($_POST['edit']);
$display .= $this->add_post();
return $display;
}
$userdb_id = $misc->make_db_safe($_SESSION['userID']);
$sql = "INSERT INTO " . $config['table_prefix'] . "blogmain (userdb_id,blogmain_full,blogmain_title,blogmain_date,blogmain_published,blogmain_description,blogmain_keywords) VALUES ({$userdb_id},{$save_full_xhtml},{$save_title}," . $conn->DBDate(time()) . ",{$save_published},{$save_description},{$save_keywords})";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$display .= "<center><b>{$lang['blog_saved']}</b></center><br />";
unset($_POST['edit']);
$_POST['blogID'] = $conn->Insert_ID();
$display .= $this->blog_edit();
return $display;
}
// Pull the blog from the database
$page->replace_tag('', $blogID);
$page->replace_tag('blog_html', '');
$page->replace_tag('blog_edit_action', 'index.php?action=add_blog');
$title = $misc->make_db_unsafe($recordSet->fields['blogmain_title']);
$description = $misc->make_db_unsafe($recordSet->fields['blogmain_description']);
$published = intval($recordSet->fields['blogmain_published']);
$keywords = $misc->make_db_unsafe($recordSet->fields['blogmain_keywords']);
$page->replace_tag('blog_title', '');
$page->replace_tag('blog_description', '');
$page->replace_tag('blog_keywords', '');
//Handle Publish Status
$page->replace_tag('blog_published', 0);
switch ($published) {
case 0:
$page->replace_tag('blog_published_lang', $lang['blog_draft']);
break;
case 1:
$page->replace_tag('blog_published_lang', $lang['blog_published']);
break;
case 2:
$page->replace_tag('blog_published_lang', $lang['blog_review']);
break;
}
/*//Blog Permissions
* 1 - Subscriber - A subscriber can read posts, comment on posts.
* 2 - Contributor - A contributor can post and manage their own post but they cannot publish the posts. An administrator must first approve the post before it can be published.
* 3 - Author - The Author role allows someone to publish and manage posts. They can only manage their own posts, no one else’s.
* 4 - Editor - An editor can publish posts. They can also manage and edit other users posts. If you are looking for someone to edit your posts, you would assign the Editor role to that person.
*/
if ($blog_user_type == 2) {
$page->page = $page->remove_template_block('blog_published', $page->page);
}
//$blog_user_type
//blog_published_lang
if ($config['url_style'] == '1') {
$article_url = 'index.php?action=blog_view_article&ArticleID=' . $_POST['blogID'];
} else {
$url_title = str_replace("/", "", $title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$article_url = 'article-' . urlencode($url_title) . '-' . $_POST['blogID'] . '.html';
}
$page->replace_tag('blog_article_url', '');
//Show Link to Blog Manager
$page->replace_tag('blog_manager_url', 'index.php?action=edit_blog');
//Remove Delete Post option, as it does not yet exist
$page->page = $page->remove_template_block('blog_delete', $page->page);
if ($config["demo_mode"] == 1 && $_SESSION['admin_privs'] != 'yes' || $blog_user_type == 2 && $published == 1) {
$page->page = $page->remove_template_block('blog_save', $page->page);
} else {
$page->page = $page->cleanup_template_block('blog_save', $page->page);
}
$page->replace_permission_tags();
$page->auto_replace_tags('', true);
$display .= $page->return_page();
} else {
//.........这里部分代码省略.........
示例4: misc
function searchbox_render($browse_caption, $browse_field_name, $pclass, $searchbox_type)
{
// builds a searchbox for any given item you want
// to let users search by
global $conn, $config, $lang;
$display = '';
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$time = $misc->getmicrotime();
$class_sql = '';
if (!empty($_GET['pclass'])) {
$pclass = $_GET['pclass'];
}
if (!empty($pclass)) {
//$classes = array();
//$classes = explode('|', $_GET['pclass']);
foreach ($pclass as $class) {
// Ignore non numberic values
if (is_numeric($class)) {
if (!empty($class_sql)) {
$class_sql .= ' OR ';
}
$class_sql .= $config['table_prefix_no_lang'] . "classlistingsdb.class_id = {$class}";
}
}
if (!empty($class_sql)) {
$class_sql = ' AND (' . $class_sql . ')';
}
}
//Lookup Field Type
$sql_browse_field_name = $misc->make_db_safe($browse_field_name);
$sql = "SELECT listingsformelements_field_type FROM " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_field_name = {$sql_browse_field_name}";
$rsStepLookup = $conn->Execute($sql);
if (!$rsStepLookup) {
$misc->log_error($sql);
}
$field_type = $rsStepLookup->fields['listingsformelements_field_type'];
unset($rsStepLookup);
$sortby = '';
$dateFormat = FALSE;
if ($field_type == 'date') {
$dateFormat = TRUE;
}
switch ($field_type) {
case 'decimal':
$sortby = 'ORDER BY listingsdbelements_field_value+0 ASC';
break;
case 'number':
global $db_type;
if ($db_type == 'mysql') {
$sortby = 'ORDER BY CAST(listingsdbelements_field_value as signed) ASC';
} else {
$sortby = 'ORDER BY CAST(listingsdbelements_field_value as int4) ASC';
}
break;
default:
$sortby = 'ORDER BY listingsdbelements_field_value ASC';
break;
}
if (!empty($class_sql)) {
if ($config['configured_show_count'] == 1) {
$sql = "SELECT listingsdbelements_field_value, count(listingsdbelements_field_value) AS num_type FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsdb," . $config['table_prefix_no_lang'] . "classlistingsdb WHERE listingsdbelements_field_name = '{$browse_field_name}' AND listingsdb_active = 'yes' AND listingsdbelements_field_value <> '' AND " . $config['table_prefix'] . "listingsdbelements.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id AND " . $config['table_prefix'] . "listingsdb.listingsdb_id = " . $config['table_prefix_no_lang'] . "classlistingsdb.listingsdb_id {$class_sql}";
} else {
$sql = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsdb," . $config['table_prefix_no_lang'] . "classlistingsdb WHERE listingsdbelements_field_name = '{$browse_field_name}' AND listingsdb_active = 'yes' AND listingsdbelements_field_value <> '' AND " . $config['table_prefix'] . "listingsdbelements.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id AND " . $config['table_prefix'] . "listingsdb.listingsdb_id = " . $config['table_prefix_no_lang'] . "classlistingsdb.listingsdb_id {$class_sql}";
}
} else {
if ($config['configured_show_count'] == 1) {
$sql = "SELECT listingsdbelements_field_value, count(listingsdbelements_field_value) AS num_type FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsdb WHERE listingsdbelements_field_name = '{$browse_field_name}' AND listingsdb_active = 'yes' AND listingsdbelements_field_value <> '' AND " . $config['table_prefix'] . "listingsdbelements.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id ";
} else {
$sql = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsdb WHERE listingsdbelements_field_name = '{$browse_field_name}' AND listingsdb_active = 'yes' AND listingsdbelements_field_value <> '' AND " . $config['table_prefix'] . "listingsdbelements.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id ";
}
}
if ($config['use_expiration'] === "1") {
$sql .= " AND listingsdb_expiration > " . $conn->DBDate(time());
}
$sql .= "GROUP BY " . $config['table_prefix'] . "listingsdbelements.listingsdbelements_field_value {$sortby} ";
// echo $sql.'<br />';
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
//Get Date Format Settins
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
switch ($searchbox_type) {
case 'ptext':
$display .= '<tr><td class="searchpage_field_caption">' . $browse_caption . '</td>';
$display .= '<td align="left"><input name="' . $browse_field_name . '[]" type="text"';
if (isset($_GET[$browse_field_name]) && $_GET[$browse_field_name] != '') {
$f = htmlspecialchars($_GET[$browse_field_name], ENT_COMPAT, $config['charset']);
$display .= 'value="' . $f . '"';
}
$display .= ' />';
$display .= '</td></tr>';
break;
//.........这里部分代码省略.........
示例5: misc
function view_favorites()
{
global $config, $lang, $conn;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$security = login::loginCheck('Member');
if ($security === true) {
$display = '';
$display .= '<h3>' . $lang['favorite_listings'] . '</h3>';
$userID = $misc->make_db_safe($_SESSION['userID']);
$sql = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE userdb_id = {$userID}";
$recordSet = $conn->Execute($sql);
if ($recordSet == false) {
log_error($sql);
}
$num_columns = $recordSet->RecordCount();
if ($num_columns == 0) {
$display .= $lang['no_listing_in_favorites'] . '<br /><br />';
} else {
$recordNum = 0;
$listings = '';
while (!$recordSet->EOF) {
if ($recordNum == 0) {
$listings .= $recordSet->fields['listingsdb_id'];
} else {
$listings .= "," . $recordSet->fields['listingsdb_id'];
}
$recordNum++;
$recordSet->MoveNext();
}
$_GET['listing_id'] = $listings;
require_once $config['basepath'] . '/include/search.inc.php';
$search = new search_page();
$display .= $search->search_results();
}
// End else
return $display;
} else {
return $security;
}
}
示例6: display
function display()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// Make Sure we passed the PageID
$display = '';
if (!isset($_GET['PageID'])) {
$display .= "ERROR. PageID not sent";
}
$page_id = $misc->make_db_safe($_GET['PageID']);
$display .= '<div class="page_display">';
$sql = "SELECT pagesmain_full,pagesmain_id FROM " . $config['table_prefix'] . "pagesmain WHERE pagesmain_id=" . $page_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$full = html_entity_decode($misc->make_db_unsafe($recordSet->fields['pagesmain_full']), ENT_NOQUOTES, $config['charset']);
//$full = $misc->make_db_unsafe($recordSet->fields['pagesmain_full']);
$id = $recordSet->fields['pagesmain_id'];
if ($config["wysiwyg_execute_php"] == 1) {
ob_start();
$full = str_replace("<!--<?php", "<?php", $full);
$full = str_replace("?>-->", "?>", $full);
eval('?>' . "{$full}" . '<?php ');
$display .= ob_get_contents();
ob_end_clean();
} else {
$display .= $full;
}
// Allow Admin To Edit #
if (isset($_SESSION['editpages']) && $_SESSION['admin_privs'] == 'yes' && $config["wysiwyg_show_edit"] == 1) {
$display .= "<p> </p>";
$display .= "<a href=\"{$config['baseurl']}/admin/index.php?action=edit_page&id={$id}\">{$lang['edit_html_from_site']}</a>";
}
$display .= '</div>';
// parse page for template varibales
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$template = new page_user();
$template->page = $display;
$template->replace_tags(array('templated_search_form', 'featured_listings_horizontal', 'featured_listings_vertical', 'company_name', 'link_printer_friendly'));
$display = $template->return_page();
return $display;
}
示例7: misc
//.........这里部分代码省略.........
}
$sql = 'SELECT controlpanel_configured_langs from ' . $config['table_prefix_no_lang'] . 'controlpanel';
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$old_langs = explode(',', $recordSet->fields['controlpanel_configured_langs']);
// Setup New Language Tables
foreach ($new_langs as $newlang) {
if (!in_array($newlang, $old_langs)) {
multilingual::setup_additional_language($newlang);
}
}
// Remove Old Language Tables
foreach ($old_langs as $oldlang) {
if (!in_array($oldlang, $new_langs)) {
multilingual::remove_additional_language($oldlang);
}
}
}
// Update ControlPanel
$sql = 'UPDATE ' . $config['table_prefix_no_lang'] . 'controlpanel SET ';
$sql_part = '';
foreach ($_POST as $field => $value) {
if (is_array($value)) {
$value2 = '';
foreach ($value as $f) {
if ($value2 == '') {
$value2 = "{$f}";
} else {
$value2 .= ",{$f}";
}
}
$value2 = $misc->make_db_safe($value2);
if ($sql_part == '') {
$sql_part = "{$field} = {$value2}";
} else {
$sql_part .= " , {$field} = {$value2}";
}
} else {
$value = $misc->make_db_safe($value);
if ($sql_part == '') {
$sql_part = "{$field} = {$value}";
} else {
$sql_part .= " , {$field} = {$value}";
}
}
}
$sql .= $sql_part;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$display .= '<br /><b>' . $lang['configuration_saved'] . '</b><br />';
}
// START SITE CONFIGURATOR
$sql = 'SELECT * from ' . $config["table_prefix_no_lang"] . 'controlpanel';
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
// Include the Form Generation Class
include $config['basepath'] . '/include/class/form_generation.inc.php';
$formGen = new formGeneration();
$display .= '<h2>' . $lang['open_realty_configurator'] . '</h2>';
$display .= $formGen->startform('index.php?' . $guidestring);
示例8: misc
function modify_property_class()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
if (isset($_GET['id'])) {
$display .= '<span class="section_header">' . $lang['property_class_editor'] . '</span><br /><br />';
$display .= '<form action="index.php?action=modify_property_class" method="POST"><fieldset><legend>' . $lang['property_class_update'] . '</legend>';
$class_id = intval($_GET['id']);
$sql = 'SELECT class_name, class_rank FROM ' . $config['table_prefix'] . 'class WHERE class_id = ' . $class_id;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$class_name = $misc->make_db_unsafe($recordSet->fields['class_name']);
$class_rank = $misc->make_db_unsafe($recordSet->fields['class_rank']);
$display .= '' . $lang['property_class_name_update'] . '<input type="text" value="' . $class_name . '" name="class_name" />';
$display .= '' . $lang['property_class_rank_update'] . '<input type="text" value="' . $class_rank . '" name="class_rank" /><input type="hidden" name="class_id" value="' . intval($_GET['id']) . '" />';
$recordSet->MoveNext();
}
$display .= ' <input type="submit" value="' . $lang['submit'] . '" /></fieldset></form>';
} elseif ($_POST['class_id']) {
$class_id = $misc->make_db_safe($_POST['class_id']);
$class_name = $misc->make_db_safe($_POST['class_name']);
$class_rank = $misc->make_db_safe($_POST['class_rank']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'class SET class_name = ' . $class_name . ',class_rank = ' . $class_rank . ' WHERE class_id = ' . $class_id;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$display .= '' . $lang['property_class_updated'] . '<br />';
$display .= propertyclass::show_classes();
}
return $display;
}
示例9: misc
function edit_user_files()
{
global $lang, $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
if (isset($_GET['edit']) && $_GET['edit'] != '') {
$_POST['edit'] = $_GET['edit'];
}
$edit = $_POST['edit'];
$sql_edit = $misc->make_db_safe($_POST['edit']);
$uploadpath = $config[users_file_upload_path] . '/' . $edit;
if (!isset($_POST['action'])) {
$_POST['action'] = '';
}
if ($_POST['action'] == "update_file") {
$count = 0;
$num_fields = count($_POST['file']);
$sql_edit = $misc->make_db_safe($_POST['edit']);
while ($count < $num_fields) {
$sql_caption = $misc->make_db_safe($_POST['caption'][$count]);
$sql_description = $misc->make_db_safe($_POST['description'][$count]);
$sql_rank = $misc->make_db_safe($_POST['rank'][$count]);
$sql_file = $misc->make_db_safe($_POST['file'][$count]);
if ($_SESSION['edit_all_users'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "UPDATE " . $config['table_prefix'] . "usersfiles SET usersfiles_caption = {$sql_caption}, usersfiles_description = {$sql_description}, usersfiles_rank = {$sql_rank} WHERE ((userdb_id = {$sql_edit}) AND (usersfiles_file_name = {$sql_file}))";
} else {
$sql = "UPDATE " . $config['table_prefix'] . "usersfiles SET usersfiles_caption = {$sql_caption}, usersfiles_description = {$sql_description}, usersfiles_rank = {$sql_rank} WHERE ((usersfiles_file_name = {$sql_file}) AND (userdb_id = {$_SESSION['userID']}))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$count++;
}
$display .= '<p>' . $lang['files_update'] . '</p>';
$misc->log_action($lang['log_updated_listing_file'] . $_POST['edit']);
}
if (isset($_GET['delete'])) {
// get the data for the file being deleted
$sql_file_id = $misc->make_db_safe($_GET['delete']);
$sql_edit = $misc->make_db_safe($_GET['edit']);
if ($_SESSION['edit_all_users'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "SELECT usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE ((userdb_id = {$sql_edit}) AND (usersfiles_id = {$sql_file_id}))";
} else {
$sql = "SELECT usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE ((usersfiles_id = {$sql_file_id}) AND (userdb_id = {$_SESSION['userID']}))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$file_name = $misc->make_db_unsafe($recordSet->fields['usersfiles_file_name']);
$recordSet->MoveNext();
}
// end while
// Delete from the DB
if ($_SESSION['edit_all_users'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "DELETE FROM " . $config['table_prefix'] . "usersfiles WHERE ((userdb_id = {$sql_edit}) AND (usersfiles_file_name = '{$file_name}'))";
} else {
$sql = "DELETE FROM " . $config['table_prefix'] . "usersfiles WHERE ((usersfiles_file_name = '{$file_name}') AND (userdb_id = '{$_SESSION['userID']}'))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete the files themselves
if (!unlink("{$uploadpath}/{$file_name}")) {
die("{$lang['alert_site_admin']}");
}
$empty = count(glob("{$uploadpath}/*")) === 0 ? 'true' : 'false';
if ($empty == 'true') {
rmdir($uploadpath);
}
$misc->log_action("{$lang['log_deleted_listing_file']} {$file_name}");
$display .= "<p>{$lang['image']} '{$file_name}' {$lang['has_been_deleted']}</p>";
}
if ($_POST['action'] == "upload") {
if ($_SESSION['edit_all_users'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$display .= $this->uploadfile("users", '', $_POST['edit']);
} else {
$display .= $this->uploadfile("users", '', $_SESSION['userID']);
}
}
// end if $action == "upload"
if ($_SESSION['edit_all_users'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "SELECT usersfiles_id, usersfiles_caption, usersfiles_file_name, usersfiles_description, usersfiles_rank FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = {$sql_edit}) ORDER BY usersfiles_rank";
} else {
$sql = "SELECT usersfiles_id, usersfiles_caption, usersfiles_file_name, usersfiles_description, usersfiles_rank FROM " . $config['table_prefix'] . "usersfiles WHERE ((userdb_id = '{$_SESSION['userID']}')) ORDER BY usersfiles_rank";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$display .= '<table class="file_upload">';
$ext = '';
$num_files = $recordSet->RecordCount();
$file_name = $misc->make_db_unsafe($recordSet->fields['usersfiles_file_name']);
$ext = substr(strrchr($file_name, '.'), 1);
$avaliable_files = $config["max_users_file_uploads"] - $num_files;
//.........这里部分代码省略.........
示例10: misc
function get_blog_keywords($blog_id)
{
global $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
if (isset($_GET['PageID'])) {
$blog_id = $misc->make_db_safe($blog_id);
$sql = "SELECT blogmain_keywords FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_id=" . $blog_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$keywords = $misc->make_db_unsafe($recordSet->fields['blogmain_keywords']);
return $keywords;
} else {
return '';
}
}
示例11: misc
/**
* maps::create_map_link()
* This is the function to call to show a map link. It should be called from the listing detail page, or any page where $_GET['listingID'] is set.
* This function then calls the appropriate make_mapname function as specified in the configuration.
*
* @see maps::make_mapquest()
* @see maps::make_yahoo_us()
* @return string Return the URL for the map as long as the required fields are filled out, if not it returns a empty string.
*/
function create_map_link($url_only = 'no')
{
global $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// Map Type
// Get Address, City, State, Zip
// Create Blank Variables
$display = '';
$address = '';
$city = '';
$state = '';
$zip = '';
// Get Listing ID
$sql_listingID = $misc->make_db_safe($_GET['listingID']);
$listing_title = urlencode(listing_pages::get_title($_GET['listingID']));
// get address
$sql_address_field = $misc->make_db_safe($config['map_address']);
$sql = "SELECT listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((" . $config['table_prefix'] . "listingsdbelements.listingsdb_id = {$sql_listingID}) AND (listingsformelements_field_name = listingsdbelements_field_name) AND (listingsdbelements_field_name = {$sql_address_field}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$address = urlencode($misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']));
$recordSet->MoveNext();
}
// end while
// Add address fields 2 & 3
$sql_address_field = $misc->make_db_safe($config['map_address2']);
$sql = "SELECT listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((" . $config['table_prefix'] . "listingsdbelements.listingsdb_id = {$sql_listingID}) AND (listingsformelements_field_name = listingsdbelements_field_name) AND (listingsdbelements_field_name = {$sql_address_field}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$address .= ' ' . urlencode($misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']));
$recordSet->MoveNext();
}
// end while
$sql_address_field = $misc->make_db_safe($config['map_address3']);
$sql = "SELECT listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((" . $config['table_prefix'] . "listingsdbelements.listingsdb_id = {$sql_listingID}) AND (listingsformelements_field_name = listingsdbelements_field_name) AND (listingsdbelements_field_name = {$sql_address_field}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$address .= ' ' . urlencode($misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']));
$recordSet->MoveNext();
}
// end while
$sql_address_field = $misc->make_db_safe($config['map_address4']);
$sql = "SELECT listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((" . $config['table_prefix'] . "listingsdbelements.listingsdb_id = {$sql_listingID}) AND (listingsformelements_field_name = listingsdbelements_field_name) AND (listingsdbelements_field_name = {$sql_address_field}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$address .= ' ' . urlencode($misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']));
$recordSet->MoveNext();
}
// end while
// get city
$sql_city_field = $misc->make_db_safe($config['map_city']);
$sql = "SELECT listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((" . $config['table_prefix'] . "listingsdbelements.listingsdb_id = {$sql_listingID}) AND (listingsformelements_field_name = listingsdbelements_field_name) AND (listingsdbelements_field_name = {$sql_city_field}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$city = urlencode($misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']));
$recordSet->MoveNext();
}
// end while
// get state
$sql_state_field = $misc->make_db_safe($config['map_state']);
$sql = "SELECT listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((" . $config['table_prefix'] . "listingsdbelements.listingsdb_id = {$sql_listingID}) AND (listingsformelements_field_name = listingsdbelements_field_name) AND (listingsdbelements_field_name = {$sql_state_field}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$state = urlencode($misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']));
$recordSet->MoveNext();
}
// end while
// get zip
$sql_zip_field = $misc->make_db_safe($config['map_zip']);
$sql = "SELECT listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((" . $config['table_prefix'] . "listingsdbelements.listingsdb_id = {$sql_listingID}) AND (listingsformelements_field_name = listingsdbelements_field_name) AND (listingsdbelements_field_name = {$sql_zip_field}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
//.........这里部分代码省略.........
示例12: updateUserData
function updateUserData($user_id)
{
// UPDATES THE USER INFORMATION
global $conn, $lang, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$sql_user_id = $misc->make_db_extra_safe($user_id);
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userdbelements WHERE userdb_id = ' . $sql_user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$sql3 = 'SELECT userdb_is_agent FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_user_id;
$recordSet3 = $conn->Execute($sql3);
if ($recordSet3 === false) {
$misc->log_error($sql3);
}
if ($recordSet3->fields['userdb_is_agent'] == 'yes') {
$db_to_use = 'agent';
} else {
$db_to_use = 'member';
}
foreach ($_POST as $ElementIndexValue => $ElementContents) {
$sql2 = "SELECT " . $db_to_use . "formelements_field_type FROM " . $config['table_prefix'] . $db_to_use . "formelements WHERE " . $db_to_use . "formelements_field_name='" . $ElementIndexValue . "'";
$recordSet2 = $conn->Execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$field_type = $recordSet2->fields[$db_to_use . 'formelements_field_type'];
// first, ignore all the stuff that's been taken care of above
if ($ElementIndexValue == 'user_user_name' || $ElementIndexValue == 'edit_user_pass' || $ElementIndexValue == 'edit_user_pass2' || $ElementIndexValue == 'user_email' || $ElementIndexValue == 'PHPSESSID' || $ElementIndexValue == 'edit' || $ElementIndexValue == 'edit_isAdmin' || $ElementIndexValue == 'edit_active' || $ElementIndexValue == 'edit_isAgent' || $ElementIndexValue == 'edit_limitListings' || $ElementIndexValue == 'edit_canEditSiteConfig' || $ElementIndexValue == 'edit_canMemberTemplate' || $ElementIndexValue == 'edit_canAgentTemplate' || $ElementIndexValue == 'edit_canListingTemplate' || $ElementIndexValue == 'edit_canViewLogs' || $ElementIndexValue == 'edit_canModerate' || $ElementIndexValue == 'edit_canFeatureListings' || $ElementIndexValue == 'edit_canPages' || $ElementIndexValue == 'edit_canVtour' || $ElementIndexValue == 'edit_canFiles' || $ElementIndexValue == 'edit_canUserFiles') {
// do nothing
} elseif (is_array($ElementContents)) {
// deal with checkboxes & multiple selects elements
$feature_insert = '';
foreach ($ElementContents as $feature_item) {
$feature_insert = $feature_insert . '||' . $feature_item;
}
// end foreach
// now remove the first two characters
$feature_insert_length = strlen($feature_insert);
$feature_insert_length = $feature_insert_length - 2;
$feature_insert = substr($feature_insert, 2, $feature_insert_length);
$sql_ElementIndexValue = $misc->make_db_safe($ElementIndexValue);
$sql_feature_insert = $misc->make_db_safe($feature_insert);
$sql = 'INSERT INTO ' . $config['table_prefix'] . 'userdbelements (userdbelements_field_name, userdbelements_field_value, userdb_id) VALUES (' . $sql_ElementIndexValue . ', ' . $sql_feature_insert . ', ' . $sql_user_id . ')';
// }
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
} else {
// it's time to actually insert the form data into the db
$sql_ElementIndexValue = $misc->make_db_safe($ElementIndexValue);
$sql_ElementContents = $misc->make_db_safe($ElementContents);
// if ($_SESSION['admin_privs'] == 'yes' && $_GET['edit'] != "")
// {
// $sql_edit = $misc->make_db_safe($_GET['edit']);
// $sql = 'INSERT INTO ' . $config['table_prefix'] . 'userdbelements (userdbelements_field_name, userdbelements_field_value, userdb_id) VALUES ('.$sql_ElementIndexValue.', '.$sql_ElementContents.', '.$sql_edit.')';
// }
// else
// {
// $sql_user_id = $misc->make_db_safe($_SESSION['userID']);
if ($field_type == 'date' && $ElementContents != '') {
if ($config['date_format'] == 1) {
$format = "%m/%d/%Y";
} elseif ($config['date_format'] == 2) {
$format = "%Y/%d/%m";
} elseif ($config['date_format'] == 3) {
$format = "%d/%m/%Y";
}
$returnValue = $misc->parseDate($ElementContents, $format);
$sql_ElementContents = $misc->make_db_safe($returnValue);
}
$sql = 'INSERT INTO ' . $config['table_prefix'] . 'userdbelements (userdbelements_field_name, userdbelements_field_value, userdb_id) VALUES (' . $sql_ElementIndexValue . ', ' . $sql_ElementContents . ', ' . $sql_user_id . ')';
// }
$recordSet = $conn->Execute($sql);
}
// end else
}
// end while
return 'success';
}
示例13: insert_listing_field
/**
* insert_listing_field()
* This was taken almost verbatim from include/template_editor.inc.php.
* The only reason the code is duplicated here is because the code in
* template_editor.inc.php is designed around the form, and requires
* $_POST[] to be properly set in order to work. The only time this
* addon uses this method is during the initial install, and then only
* if the database does not already have fields named "latitude" and
* "longitude".
*/
function insert_listing_field($field_type, $field_name, $field_caption, $default_text, $field_elements, $rank, $search_rank, $search_result_rank, $required, $location, $display_on_browse, $search_step, $display_priv, $searchable, $search_label, $search_type, $property_class)
{
// include global variables
global $conn, $lang, $config;
// Include the misc Class
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$field_type = $misc->make_db_safe($field_type);
$field_name = $misc->make_db_safe($field_name);
$field_caption = $misc->make_db_safe($field_caption);
$default_text = $misc->make_db_safe($default_text);
$field_elements = $misc->make_db_safe($field_elements);
$rank = $misc->make_db_safe($rank);
$search_rank = $misc->make_db_safe($search_rank);
$search_result_rank = $misc->make_db_safe($search_result_rank);
$required = $misc->make_db_safe($required);
$location = $misc->make_db_safe($location);
$display_on_browse = $misc->make_db_safe($display_on_browse);
$search_step = $misc->make_db_safe($search_step);
$display_priv = $misc->make_db_safe($display_priv);
$searchable = $misc->make_db_safe($searchable);
$search_label = $misc->make_db_safe($search_label);
$search_type = $misc->make_db_safe($search_type);
$id_rand = rand(0, 999999);
$sql = "INSERT INTO " . $config['table_prefix'] . "listingsformelements (listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_rank, listingsformelements_search_rank, listingsformelements_search_result_rank, listingsformelements_required, listingsformelements_location, listingsformelements_display_on_browse, listingsformelements_search_step, listingsformelements_searchable, listingsformelements_search_label, listingsformelements_search_type,listingsformelements_display_priv) VALUES ({$field_type},{$id_rand},{$field_caption},{$default_text},{$field_elements},{$rank},{$search_rank},{$search_result_rank},{$required},{$location},{$display_on_browse},{$search_step},{$searchable},{$search_label},{$search_type},{$display_priv})";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// Now we need to get the field ID
$sql = 'SELECT listingsformelements_id FROM ' . $config['table_prefix'] . 'listingsformelements WHERE listingsformelements_field_name = ' . $id_rand;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listingsformelements_id = $recordSet->fields['listingsformelements_id'];
// Set Real Name
$sql = 'UPDATE ' . $config['table_prefix'] . 'listingsformelements SET listingsformelements_field_name = ' . $field_name . ' WHERE listingsformelements_field_name = ' . $id_rand;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// We should now add a blank field for each listing that already exist.
$sql = 'SELECT listingsdb_id, userdb_id FROM ' . $config['table_prefix'] . 'listingsdb';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$id = array();
$user = array();
while (!$recordSet->EOF) {
$id[] = $recordSet->fields['listingsdb_id'];
$user[] = $recordSet->fields['userdb_id'];
$recordSet->MoveNext();
}
// while
$count = count($id);
$x = 0;
while ($x < $count) {
$sql = "INSERT INTO " . $config['table_prefix'] . "listingsdbelements (listingsdbelements_field_name, listingsdb_id,userdb_id,listingsdbelements_field_value) VALUES ({$field_name},'{$id[$x]}','{$user[$x]}','')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$x++;
}
// Add Listing Field to property class
foreach ($property_class as $class_id) {
$sql = 'INSERT INTO ' . $config['table_prefix_no_lang'] . 'classformelements (class_id,listingsformelements_id) VALUES (' . $class_id . ',' . $listingsformelements_id . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
}
示例14: renderSingleListingItem
function renderSingleListingItem($userID, $name, $display_type = 'both')
{
// Display_type - Sets what should be returned.
// both - Displays both the caption and the formated value
// value - Displays just the formated value
// rawvalue - Displays just the raw value
// caption - Displays only the captions
global $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
$formDB = user::determine_user_formtype($userID);
$userID = $misc->make_db_safe($userID);
$name = $misc->make_db_safe($name);
$sql = "SELECT userdbelements_field_value, " . $formDB . "_id, " . $formDB . "_field_type,\n\t\t\t" . $formDB . "_field_caption FROM " . $config['table_prefix'] . "userdbelements, " . $config['table_prefix'] . $formDB . " WHERE ((userdb_id = {$userID}) AND\n\t\t\t(" . $formDB . "_field_name = userdbelements_field_name) AND (userdbelements_field_name = {$name}))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$field_value = $misc->make_db_unsafe($recordSet->fields['userdbelements_field_value']);
$field_type = $misc->make_db_unsafe($recordSet->fields[$formDB . '_field_type']);
$form_elements_id = $misc->make_db_unsafe($recordSet->fields[$formDB . '_id']);
if (!isset($_SESSION["users_lang"])) {
// Hold empty string for translation fields, as we are workgin with teh default lang
$field_caption = $misc->make_db_unsafe($recordSet->fields[$formDB . '_field_caption']);
} else {
$lang_sql = "SELECT " . $formDB . "_field_caption FROM " . $config['lang_table_prefix'] . $formDB . " WHERE " . $formDB . "_id = {$form_elements_id}";
$lang_recordSet = $conn->Execute($lang_sql);
if ($lang_recordSet === false) {
$misc->log_error($lang_sql);
}
$field_caption = $misc->make_db_unsafe($lang_recordSet->fields[$formDB . '_field_caption']);
}
if ($field_value != "") {
if ($display_type === 'both' || $display_type === 'caption') {
$display .= '<span class="field_caption">' . $field_caption . '</span>';
}
if ($display_type == 'both') {
$display .= ': ';
}
if ($display_type === 'both' || $display_type === 'value') {
if ($field_type == "select-multiple" or $field_type == "option" or $field_type == "checkbox") {
// handle field types with multiple options
// $display .= "<br /><b>$field_caption</b>";
$feature_index_list = explode("||", $field_value);
sort($feature_index_list);
foreach ($feature_index_list as $feature_list_item) {
$display .= "<br />{$feature_list_item}";
}
// end while
} elseif ($field_type == "price") {
$money_amount = $misc->international_num_format($field_value, $config['number_decimals_price_fields']);
$display .= $misc->money_formats($money_amount);
} elseif ($field_type == "number") {
$display .= $misc->international_num_format($field_value, $config['number_decimals_number_fields']);
} elseif ($field_type == "url") {
$display .= "<a href=\"{$field_value}\" onclick=\"window.open(this.href,'_blank','location=1,resizable=1,status=1,scrollbars=1,toolbar=1,menubar=1');return false\">{$field_value}</a>";
} elseif ($field_type == "email") {
$display .= "<a href=\"mailto:{$field_value}\">{$field_value}</a>";
} elseif ($field_type == "text" or $field_type == "textarea") {
if ($config['add_linefeeds'] === "1") {
$field_value = nl2br($field_value);
//replace returns with <br />
}
// end if
$display .= $field_value;
} elseif ($field_type == "date") {
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
$field_value = date($format, "{$field_value}");
$display .= $field_value;
} else {
$display .= $field_value;
}
// end else
}
if ($display_type === 'rawvalue') {
$display .= $field_value;
}
}
// end if ($field_value != "")
$recordSet->MoveNext();
}
// end while
return $display;
}
示例15: misc
function edit_vtour_images()
{
global $lang, $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
if (isset($_GET['edit']) && $_GET['edit'] != '') {
$_POST['edit'] = $_GET['edit'];
}
$edit = intval($_POST['edit']);
$sql_edit = intval($_POST['edit']);
if (!isset($_POST['action'])) {
$_POST['action'] = '';
}
// does this person have access to these listings?
if ($_SESSION['edit_all_listings'] != "yes" && $_SESSION['admin_privs'] != "yes") {
$sql = "SELECT userdb_id FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$sql_edit})";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$owner = $recordSet->fields['userdb_id'];
$recordSet->MoveNext();
}
if ($_SESSION['userID'] != $owner) {
die($lang['priv_failure']);
}
}
// end priv check
if ($_POST['action'] == "update_pic") {
$count = 0;
$num_fields = count($_POST['pic']);
$sql_edit = $misc->make_db_safe($_POST['edit']);
while ($count < $num_fields) {
$sql_caption = $misc->make_db_safe($_POST['caption'][$count]);
$sql_description = $misc->make_db_safe($_POST['description'][$count]);
$sql_rank = $misc->make_db_safe($_POST['rank'][$count]);
$sql_pic = $misc->make_db_safe($_POST['pic'][$count]);
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "UPDATE " . $config['table_prefix'] . "vtourimages SET vtourimages_caption = {$sql_caption}, vtourimages_description = {$sql_description}, vtourimages_rank = {$sql_rank} WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = {$sql_pic}))";
} else {
$sql = "UPDATE " . $config['table_prefix'] . "vtourimages SET vtourimages_caption = {$sql_caption}, vtourimages_description = {$sql_description}, vtourimages_rank = {$sql_rank} WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = {$sql_pic}) AND (userdb_id = {$_SESSION['userID']}))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$count++;
}
$display .= '<p>' . $lang['images_update'] . '</p>';
$misc->log_action($lang['log_updated_listing_image'] . $edit);
}
if (isset($_GET['delete'])) {
// get the data for the pic being deleted
$sql_pic_id = $misc->make_db_safe($_GET['delete']);
$sql_edit = $misc->make_db_safe($_GET['edit']);
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_id = {$sql_pic_id}))";
} else {
$sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_id = {$sql_pic_id}) AND (userdb_id = {$_SESSION['userID']}))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
$recordSet->MoveNext();
}
// end while
// delete from the db
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "DELETE FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = '{$file_name}'))";
} else {
$sql = "DELETE FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = '{$file_name}') AND (userdb_id = '{$_SESSION['userID']}'))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete the files themselves
// on widows, required php 4.11 or better (I think)
if (!unlink("{$config['vtour_upload_path']}/{$file_name}")) {
die("{$lang['alert_site_admin']}");
}
if ($file_name != $thumb_file_name) {
if (!unlink("{$config['vtour_upload_path']}/{$thumb_file_name}")) {
die("{$lang['alert_site_admin']}");
}
}
$misc->log_action("{$lang['log_deleted_listing_image']} {$file_name}");
$display .= "<p>{$lang['image']} '{$file_name}' {$lang['has_been_deleted']}</p>";
}
if ($_POST['action'] == "upload") {
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
// get the owner of the listing
$sql = "SELECT userdb_id FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$sql_edit})";
$recordSet = $conn->Execute($sql);
//.........这里部分代码省略.........