lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-26 21:37:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix array

Browse Source
This commit is contained in:
xiaomlove
2021-01-06 01:31:21 +08:00
parent a968b5855c
commit 9bce2ac1a4
17 changed files with 101 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admanage.php
+2 -2
View File
@@ -190,7 +190,7 @@ tr($lang_admanage['row_flash_height']."<font color=\"red\">*</font>", "<input ty
$action = $_GET['action']; $action = $_GET['action'];
if ($action == 'del') if ($action == 'del')
{ {
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if (!$id) if (!$id)
{ {
stderr($lang_admanage['std_error'], $lang_admanage['std_invalid_id']); stderr($lang_admanage['std_error'], $lang_admanage['std_invalid_id']);
@@ -204,7 +204,7 @@ if ($action == 'del')
} }
elseif ($action == 'edit') elseif ($action == 'edit')
{ {
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if (!$id) if (!$id)
{ {
stderr($lang_admanage['std_error'], $lang_admanage['std_invalid_id']); stderr($lang_admanage['std_error'], $lang_admanage['std_invalid_id']);
announce.php
+3 -3
View File
@@ -15,7 +15,7 @@ foreach (array("passkey","info_hash","peer_id","event") as $x)
// get integer type port, downloaded, uploaded, left from client // get integer type port, downloaded, uploaded, left from client
foreach (array("port","downloaded","uploaded","left","compact","no_peer_id") as $x) foreach (array("port","downloaded","uploaded","left","compact","no_peer_id") as $x)
{ {
$GLOBALS[$x] = $_GET[$x] ?? 0; $GLOBALS[$x] = intval($_GET[$x] ?? 0);
} }
//check info_hash, peer_id and passkey //check info_hash, peer_id and passkey
foreach (array("passkey","info_hash","peer_id","port","downloaded","uploaded","left") as $x) foreach (array("passkey","info_hash","peer_id","port","downloaded","uploaded","left") as $x)
@@ -42,7 +42,7 @@ foreach(array("numwant", "num want", "num_want") as $k)
{ {
if (isset($_GET[$k])) if (isset($_GET[$k]))
{ {
$rsize = $_GET[$k] ?? 0; $rsize = intval($_GET[$k] ?? 0);
break; break;
} }
} }
@@ -57,7 +57,7 @@ if (!$az = $Cache->get_value('user_passkey_'.$passkey.'_content')){
$Cache->cache_value('user_passkey_'.$passkey.'_content', $az, 950); $Cache->cache_value('user_passkey_'.$passkey.'_content', $az, 950);
} }
if (!$az) err("Invalid passkey! Re-download the .torrent from $BASEURL"); if (!$az) err("Invalid passkey! Re-download the .torrent from $BASEURL");
$userid = $az['id'] ?? 0; $userid = intval($az['id'] ?? 0);
//3. CHECK IF CLIENT IS ALLOWED //3. CHECK IF CLIENT IS ALLOWED
$clicheck_res = check_client($peer_id,$agent,$client_familyid); $clicheck_res = check_client($peer_id,$agent,$client_familyid);
catmanage.php
+2 -2
View File
@@ -575,7 +575,7 @@ print($pagerbottom);
} }
elseif($action == 'del') elseif($action == 'del')
{ {
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if (!$id) if (!$id)
{ {
stderr($lang_catmanage['std_error'], $lang_catmanage['std_invalid_id']); stderr($lang_catmanage['std_error'], $lang_catmanage['std_invalid_id']);
@@ -602,7 +602,7 @@ elseif($action == 'del')
} }
elseif($action == 'edit') elseif($action == 'edit')
{ {
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if (!$id) if (!$id)
{ {
stderr($lang_catmanage['std_error'], $lang_catmanage['std_invalid_id']); stderr($lang_catmanage['std_error'], $lang_catmanage['std_invalid_id']);
edit.php
+1 -1
View File
@@ -4,7 +4,7 @@ dbconn();
require_once(get_langfile_path()); require_once(get_langfile_path());
loggedinorreturn(); loggedinorreturn();
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if (!$id) if (!$id)
die(); die();
email-gateway.php
+1 -1
View File
@@ -1,7 +1,7 @@
<?php <?php
require "include/bittorrent.php"; require "include/bittorrent.php";
dbconn(); dbconn();
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
int_check($id,true); int_check($id,true);
$res = sql_query("SELECT username, class, email FROM users WHERE id=".mysql_real_escape_string($id)); $res = sql_query("SELECT username, class, email FROM users WHERE id=".mysql_real_escape_string($id));
faqactions.php
+43 -43
View File
@@ -31,53 +31,53 @@ if (get_user_class() < UC_ADMINISTRATOR) {
//stdhead("FAQ Management"); //stdhead("FAQ Management");
// ACTION: reorder - reorder sections and items // ACTION: reorder - reorder sections and items
if ($_GET[action] == "reorder") { if (isset($_GET['action']) && $_GET['action'] == "reorder") {
foreach($_POST[order] as $id => $position) sql_query("UPDATE `faq` SET `order`=".sqlesc($position)." WHERE id=".sqlesc($id)) or sqlerr(); foreach($_POST[order] as $id => $position) sql_query("UPDATE `faq` SET `order`=".sqlesc($position)." WHERE id=".sqlesc($id)) or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die; die;
} }
// ACTION: edit - edit a section or item // ACTION: edit - edit a section or item
elseif ($_GET[action] == "edit" && isset($_GET[id])) { elseif (isset($_GET['action']) && $_GET['action'] == "edit" && isset($_GET['id'])) {
stdhead("FAQ Management"); stdhead("FAQ Management");
begin_main_frame(); begin_main_frame();
print("<h1 align=\"center\">Edit Section or Item</h1>"); print("<h1 align=\"center\">Edit Section or Item</h1>");
$res = sql_query("SELECT * FROM faq WHERE id=".sqlesc($_GET[id])." LIMIT 1"); $res = sql_query("SELECT * FROM faq WHERE id=".sqlesc($_GET['id'])." LIMIT 1");
while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) { while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {
$arr[question] = htmlspecialchars($arr[question]); $arr['question'] = htmlspecialchars($arr['question']);
$arr[answer] = htmlspecialchars($arr[answer]); $arr['answer'] = htmlspecialchars($arr['answer']);
if ($arr[type] == "item") { if ($arr['type'] == "item") {
$lang_id = $arr['lang_id']; $lang_id = $arr['lang_id'];
print("<form method=\"post\" action=\"faqactions.php?action=edititem\">"); print("<form method=\"post\" action=\"faqactions.php?action=edititem\">");
print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"10\" align=\"center\">\n"); print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"10\" align=\"center\">\n");
print("<tr><td>ID:</td><td>$arr[id] <input type=\"hidden\" name=\"id\" value=\"$arr[id]\" /></td></tr>\n"); print("<tr><td>ID:</td><td>{$arr['id']} <input type=\"hidden\" name=\"id\" value=\"{$arr['id']}\" /></td></tr>\n");
print("<tr><td>Question:</td><td><input style=\"width: 600px;\" type=\"text\" name=\"question\" value=\"$arr[question]\" /></td></tr>\n"); print("<tr><td>Question:</td><td><input style=\"width: 600px;\" type=\"text\" name=\"question\" value=\"{$arr['question']}\" /></td></tr>\n");
print("<tr><td style=\"vertical-align: top;\">Answer:</td><td><textarea rows=20 style=\"width: 600px; height=600px;\" name=\"answer\">$arr[answer]</textarea></td></tr>\n"); print("<tr><td style=\"vertical-align: top;\">Answer:</td><td><textarea rows=20 style=\"width: 600px; height=600px;\" name=\"answer\">{$arr['answer']}</textarea></td></tr>\n");
if ($arr[flag] == "0") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\" selected=\"selected\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\">New</option></select></td></tr>"); if ($arr['flag'] == "0") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\" selected=\"selected\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\">New</option></select></td></tr>");
elseif ($arr[flag] == "2") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\" selected=\"selected\">Updated</option><option value=\"3\" style=\"color: #008000;\">New</option></select></td></tr>"); elseif ($arr['flag'] == "2") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\" selected=\"selected\">Updated</option><option value=\"3\" style=\"color: #008000;\">New</option></select></td></tr>");
elseif ($arr[flag] == "3") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\" selected=\"selected\">New</option></select></td></tr>"); elseif ($arr['flag'] == "3") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\" selected=\"selected\">New</option></select></td></tr>");
else print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\" selected=\"selected\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\">New</option></select></td></tr>"); else print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\" selected=\"selected\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\">New</option></select></td></tr>");
print("<tr><td>Category:</td><td><select style=\"width: 400px;\" name=\"categ\" />"); print("<tr><td>Category:</td><td><select style=\"width: 400px;\" name=\"categ\" />");
$res2 = sql_query("SELECT `id`, `question`, `link_id` FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($lang_id)." ORDER BY `order` ASC"); $res2 = sql_query("SELECT `id`, `question`, `link_id` FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($lang_id)." ORDER BY `order` ASC");
while ($arr2 = mysql_fetch_array($res2, MYSQL_BOTH)) { while ($arr2 = mysql_fetch_array($res2, MYSQLI_BOTH)) {
$selected = ($arr2[link_id] == $arr[categ]) ? " selected=\"selected\"" : ""; $selected = ($arr2['link_id'] == $arr[categ]) ? " selected=\"selected\"" : "";
print("<option value=\"$arr2[link_id]\"". $selected .">$arr2[question]</option>"); print("<option value=\"{$arr2['link_id']}\"". $selected .">{$arr2['question']}</option>");
} }
print("</td></tr>\n"); print("</td></tr>\n");
print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"edit\" value=\"Edit\" style=\"width: 60px;\"></td></tr>\n"); print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"edit\" value=\"Edit\" style=\"width: 60px;\"></td></tr>\n");
print("</table>"); print("</table>");
} }
elseif ($arr[type] == "categ") { elseif ($arr['type'] == "categ") {
$lang_res = sql_query("SELECT lang_name FROM language WHERE id=".sqlesc($arr[lang_id])." LIMIT 1"); $lang_res = sql_query("SELECT lang_name FROM language WHERE id=".sqlesc($arr['lang_id'])." LIMIT 1");
if ($lang_arr = mysql_fetch_array($lang_res)) if ($lang_arr = mysql_fetch_array($lang_res))
$lang_name = $lang_arr['lang_name']; $lang_name = $lang_arr['lang_name'];
print("<form method=\"post\" action=\"faqactions.php?action=editsect\">"); print("<form method=\"post\" action=\"faqactions.php?action=editsect\">");
print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"10\" align=\"center\">\n"); print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"10\" align=\"center\">\n");
print("<tr><td>ID:</td><td>$arr[id] <input type=\"hidden\" name=\"id\" value=\"$arr[id]\" /></td></tr>\n"); print("<tr><td>ID:</td><td>{$arr['id']} <input type=\"hidden\" name=\"id\" value=\"{$arr['id']}\" /></td></tr>\n");
print("<tr><td>Language:</td><td>$lang_name</td></tr>\n"); print("<tr><td>Language:</td><td>$lang_name</td></tr>\n");
print("<tr><td>Title:</td><td><input style=\"width: 300px;\" type=\"text\" name=\"title\" value=\"$arr[question]\" /></td></tr>\n"); print("<tr><td>Title:</td><td><input style=\"width: 300px;\" type=\"text\" name=\"title\" value=\"{$arr['question']}\" /></td></tr>\n");
if ($arr[flag] == "0") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\" selected=\"selected\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option></select></td></tr>"); if ($arr['flag'] == "0") print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\" selected=\"selected\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option></select></td></tr>");
else print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\" selected=\"selected\">Normal</option></select></td></tr>"); else print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\" selected=\"selected\">Normal</option></select></td></tr>");
print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"edit\" value=\"Edit\" style=\"width: 60px;\"></td></tr>\n"); print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"edit\" value=\"Edit\" style=\"width: 60px;\"></td></tr>\n");
print("</table>"); print("</table>");
@@ -89,26 +89,26 @@ elseif ($_GET[action] == "edit" && isset($_GET[id])) {
} }
// subACTION: edititem - edit an item // subACTION: edititem - edit an item
elseif ($_GET[action] == "edititem" && $_POST[id] != NULL && $_POST[question] != NULL && $_POST[answer] != NULL && $_POST[flag] != NULL && $_POST[categ] != NULL) { elseif (isset($_GET['action']) && $_GET['action'] == "edititem" && $_POST['id'] != NULL && $_POST['question'] != NULL && $_POST['answer'] != NULL && $_POST['flag'] != NULL && $_POST[categ] != NULL) {
$question = $_POST[question]; $question = $_POST['question'];
$answer = $_POST[answer]; $answer = $_POST['answer'];
sql_query("UPDATE `faq` SET `question`=".sqlesc($question).", `answer`=".sqlesc($answer).", `flag`=".sqlesc($_POST[flag]).", `categ`=".sqlesc($_POST[categ])." WHERE id=".sqlesc($_POST[id])) or sqlerr(); sql_query("UPDATE `faq` SET `question`=".sqlesc($question).", `answer`=".sqlesc($answer).", `flag`=".sqlesc($_POST['flag']).", `categ`=".sqlesc($_POST[categ])." WHERE id=".sqlesc($_POST['id'])) or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die; die;
} }
// subACTION: editsect - edit a section // subACTION: editsect - edit a section
elseif ($_GET[action] == "editsect" && $_POST[id] != NULL && $_POST[title] != NULL && $_POST[flag] != NULL) { elseif (isset($_GET['action']) && $_GET['action'] == "editsect" && $_POST['id'] != NULL && $_POST['title'] != NULL && $_POST['flag'] != NULL) {
$title = $_POST[title]; $title = $_POST['title'];
sql_query("UPDATE `faq` SET `question`=".sqlesc($title).", `answer`='', `flag`=".sqlesc($_POST[flag]).", `categ`='0' WHERE id=".sqlesc($_POST[id])) or sqlerr(); sql_query("UPDATE `faq` SET `question`=".sqlesc($title).", `answer`='', `flag`=".sqlesc($_POST['flag']).", `categ`='0' WHERE id=".sqlesc($_POST['id'])) or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die; die;
} }
// ACTION: delete - delete a section or item // ACTION: delete - delete a section or item
elseif ($_GET[action] == "delete" && isset($_GET[id])) { elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) {
if ($_GET[confirm] == "yes") { if ($_GET[confirm] == "yes") {
sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc($_GET[id] ?? 0)." LIMIT 1") or sqlerr(); sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc($_GET['id'] ?? 0)." LIMIT 1") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die; die;
} }
@@ -116,14 +116,14 @@ elseif ($_GET[action] == "delete" && isset($_GET[id])) {
stdhead("FAQ Management"); stdhead("FAQ Management");
begin_main_frame(); begin_main_frame();
print("<h1 align=\"center\">Confirmation required</h1>"); print("<h1 align=\"center\">Confirmation required</h1>");
print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\" align=\"center\" width=\"95%\">\n<tr><td align=\"center\">Please click <a href=\"faqactions.php?action=delete&id=$_GET[id]&confirm=yes\">here</a> to confirm.</td></tr>\n</table>\n"); print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\" align=\"center\" width=\"95%\">\n<tr><td align=\"center\">Please click <a href=\"faqactions.php?action=delete&id={$_GET['id']}&confirm=yes\">here</a> to confirm.</td></tr>\n</table>\n");
end_main_frame(); end_main_frame();
stdfoot(); stdfoot();
} }
} }
// ACTION: additem - add a new item // ACTION: additem - add a new item
elseif ($_GET[action] == "additem" && $_GET[inid] && $_GET[langid]) { elseif (isset($_GET['action']) && $_GET['action'] == "additem" && $_GET['inid'] && $_GET['langid']) {
stdhead("FAQ Management"); stdhead("FAQ Management");
begin_main_frame(); begin_main_frame();
print("<h1 align=\"center\">Add Item</h1>"); print("<h1 align=\"center\">Add Item</h1>");
@@ -132,8 +132,8 @@ elseif ($_GET[action] == "additem" && $_GET[inid] && $_GET[langid]) {
print("<tr><td>Question:</td><td><input style=\"width: 600px;\" type=\"text\" name=\"question\" value=\"\" /></td></tr>\n"); print("<tr><td>Question:</td><td><input style=\"width: 600px;\" type=\"text\" name=\"question\" value=\"\" /></td></tr>\n");
print("<tr><td style=\"vertical-align: top;\">Answer:</td><td><textarea rows=20 style=\"width: 600px; height=600px;\" name=\"answer\"></textarea></td></tr>\n"); print("<tr><td style=\"vertical-align: top;\">Answer:</td><td><textarea rows=20 style=\"width: 600px; height=600px;\" name=\"answer\"></textarea></td></tr>\n");
print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\" selected=\"selected\">New</option></select></td></tr>"); print("<tr><td>Status:</td><td><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #FF0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option><option value=\"2\" style=\"color: #0000FF;\">Updated</option><option value=\"3\" style=\"color: #008000;\" selected=\"selected\">New</option></select></td></tr>");
print("<input type=hidden name=categ value=\"".($_GET[inid] ?? 0)."\">"); print("<input type=hidden name=categ value=\"".($_GET['inid'] ?? 0)."\">");
print("<input type=hidden name=langid value=\"".($_GET[langid] ?? 0)."\">"); print("<input type=hidden name=langid value=\"".($_GET['langid'] ?? 0)."\">");
print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"Add\" style=\"width: 60px;\"></td></tr>\n"); print("<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"Add\" style=\"width: 60px;\"></td></tr>\n");
print("</table></form>"); print("</table></form>");
end_main_frame(); end_main_frame();
@@ -141,7 +141,7 @@ elseif ($_GET[action] == "additem" && $_GET[inid] && $_GET[langid]) {
} }
// ACTION: addsection - add a new section // ACTION: addsection - add a new section
elseif ($_GET[action] == "addsection") { elseif (isset($_GET['action']) && $_GET['action'] == "addsection") {
stdhead("FAQ Management"); stdhead("FAQ Management");
begin_main_frame(); begin_main_frame();
print("<h1 align=\"center\">Add Section</h1>"); print("<h1 align=\"center\">Add Section</h1>");
@@ -165,13 +165,13 @@ elseif ($_GET[action] == "addsection") {
} }
// subACTION: addnewitem - add a new item to the db // subACTION: addnewitem - add a new item to the db
elseif ($_GET[action] == "addnewitem" && $_POST[question] != NULL && $_POST[answer] != NULL) { elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['question'] != NULL && $_POST['answer'] != NULL) {
$question = $_POST[question]; $question = $_POST['question'];
$answer = $_POST[answer]; $answer = $_POST['answer'];
$categ = $_POST[categ] ?? 0; $categ = $_POST[categ] ?? 0;
$langid = $_POST[langid] ?? 0; $langid = $_POST['langid'] ?? 0;
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid)); $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid));
while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) while ($arr = mysql_fetch_array($res, MYSQLI_BOTH))
{ {
$order = $arr['maxorder'] + 1; $order = $arr['maxorder'] + 1;
$link_id = $arr['maxlinkid']+1; $link_id = $arr['maxlinkid']+1;
@@ -182,12 +182,12 @@ elseif ($_GET[action] == "addnewitem" && $_POST[question] != NULL && $_POST[answ
} }
// subACTION: addnewsect - add a new section to the db // subACTION: addnewsect - add a new section to the db
elseif ($_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) { elseif (isset($_GET['action']) && $_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) {
$title = $_POST['title']; $title = $_POST['title'];
$language = $_POST['language'] ?? 0; $language = $_POST['language'] ?? 0;
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language)); $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language));
while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;} while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;}
sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST[flag]).", '0', ".sqlesc($order).")") or sqlerr(); sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST['flag']).", '0', ".sqlesc($order).")") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die; die;
} else { } else {
faqmanage.php
+27 -27
View File
@@ -14,19 +14,19 @@ print("<h1 align=\"center\">FAQ Management</h1>");
// make the array that has all the faq in a nice structured // make the array that has all the faq in a nice structured
$res = sql_query("SELECT faq.id, faq.link_id, faq.lang_id, lang_name, faq.question, faq.flag, faq.order FROM faq LEFT JOIN language on faq.lang_id = language.id WHERE type='categ' ORDER BY lang_name, `order` ASC"); $res = sql_query("SELECT faq.id, faq.link_id, faq.lang_id, lang_name, faq.question, faq.flag, faq.order FROM faq LEFT JOIN language on faq.lang_id = language.id WHERE type='categ' ORDER BY lang_name, `order` ASC");
while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) { while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {
$faq_categ[$arr[lang_id]][$arr[link_id]][title] = $arr[question]; $faq_categ[$arr['lang_id']][$arr['link_id']]['title'] = $arr['question'];
$faq_categ[$arr[lang_id]][$arr[link_id]][flag] = $arr[flag]; $faq_categ[$arr['lang_id']][$arr['link_id']]['flag'] = $arr['flag'];
$faq_categ[$arr[lang_id]][$arr[link_id]][order] = $arr[order]; $faq_categ[$arr['lang_id']][$arr['link_id']]['order'] = $arr['order'];
$faq_categ[$arr[lang_id]][$arr[link_id]][id] = $arr[id]; $faq_categ[$arr['lang_id']][$arr['link_id']]['id'] = $arr['id'];
$faq_categ[$arr[lang_id]][$arr[link_id]][lang_name] = $arr[lang_name]; $faq_categ[$arr['lang_id']][$arr['link_id']]['lang_name'] = $arr['lang_name'];
} }
$res = sql_query("SELECT faq.id, faq.question, faq.lang_id, faq.flag, faq.categ, faq.order FROM faq WHERE type='item' ORDER BY `order` ASC"); $res = sql_query("SELECT faq.id, faq.question, faq.lang_id, faq.flag, faq.categ, faq.order FROM faq WHERE type='item' ORDER BY `order` ASC");
while ($arr = mysql_fetch_array($res)) { while ($arr = mysql_fetch_array($res)) {
$faq_categ[$arr[lang_id]][$arr[categ]][items][$arr[id]][question] = $arr[question]; $faq_categ[$arr['lang_id']][$arr['categ']]['items'][$arr['id']]['question'] = $arr['question'];
$faq_categ[$arr[lang_id]][$arr[categ]][items][$arr[id]][flag] = $arr[flag]; $faq_categ[$arr['lang_id']][$arr['categ']]['items'][$arr['id']]['flag'] = $arr['flag'];
$faq_categ[$arr[lang_id]][$arr[categ]][items][$arr[id]][order] = $arr[order]; $faq_categ[$arr['lang_id']][$arr['categ']]['items'][$arr['id']]['order'] = $arr['order'];
} }
if (isset($faq_categ)) if (isset($faq_categ))
@@ -37,10 +37,10 @@ if (isset($faq_categ))
{ {
if (!array_key_exists("title", $temp2[$id])) if (!array_key_exists("title", $temp2[$id]))
{ {
foreach ($temp2[$id][items] as $id2 => $temp) foreach ($temp2[$id]['items'] as $id2 => $temp)
{ {
$faq_orphaned[$lang][$id2][question] = $temp2[$id][items][$id2][question]; $faq_orphaned[$lang][$id2]['question'] = $temp2[$id]['items'][$id2]['question'];
$faq_orphaned[$lang][$id2][flag] = $temp2[$id][items][$id2][flag]; $faq_orphaned[$lang][$id2]['flag'] = $temp2[$id]['items'][$id2]['flag'];
unset($temp2[$id]); unset($temp2[$id]);
} }
} }
@@ -59,27 +59,27 @@ if (isset($faq_categ))
print("<tr><td align=\"center\" width=\"40px\"><select name=\"order[". $id ."]\">"); print("<tr><td align=\"center\" width=\"40px\"><select name=\"order[". $id ."]\">");
for ($n=1; $n <= count($temp2); $n++) for ($n=1; $n <= count($temp2); $n++)
{ {
$sel = ($n == $temp2[$id][order]) ? " selected=\"selected\"" : ""; $sel = ($n == $temp2[$id]['order']) ? " selected=\"selected\"" : "";
print("<option value=\"$n\"". $sel .">". $n ."</option>"); print("<option value=\"$n\"". $sel .">". $n ."</option>");
} }
$status = ($temp2[$id][flag] == "0") ? "<font color=\"red\">Hidden</font>" : "Normal"; $status = ($temp2[$id]['flag'] == "0") ? "<font color=\"red\">Hidden</font>" : "Normal";
print("</select></td><td align=\"center\" width=\"40px\">&nbsp;</td><td><b>". $temp2[$id][title] ."</b></td><td align=\"center\" width=\"60px\">". $temp2[$id][lang_name] ."</td><td align=\"center\" width=\"60px\">". $status ."</td><td align=\"center\" width=\"60px\"><a href=\"faqactions.php?action=edit&id=". $temp2[$id][id] ."\">Edit</a> <a href=\"faqactions.php?action=delete&id=". $temp2[$id][id] ."\">Delete</a></td></tr>\n"); print("</select></td><td align=\"center\" width=\"40px\">&nbsp;</td><td><b>". $temp2[$id]['title'] ."</b></td><td align=\"center\" width=\"60px\">". $temp2[$id]['lang_name'] ."</td><td align=\"center\" width=\"60px\">". $status ."</td><td align=\"center\" width=\"60px\"><a href=\"faqactions.php?action=edit&id=". $temp2[$id]['id'] ."\">Edit</a> <a href=\"faqactions.php?action=delete&id=". $temp2[$id]['id'] ."\">Delete</a></td></tr>\n");
if (array_key_exists("items", $temp2[$id])) if (array_key_exists("items", $temp2[$id]))
{ {
foreach ($temp2[$id][items] as $id2 => $temp) foreach ($temp2[$id]['items'] as $id2 => $temp)
{ {
print("<tr><td align=\"center\" width=\"40px\">&nbsp;</td><td align=\"center\" width=\"40px\"><select name=\"order[". $id2 ."]\">"); print("<tr><td align=\"center\" width=\"40px\">&nbsp;</td><td align=\"center\" width=\"40px\"><select name=\"order[". $id2 ."]\">");
for ($n=1; $n <= count($temp2[$id][items]); $n++) for ($n=1; $n <= count($temp2[$id]['items']); $n++)
{ {
$sel = ($n == $temp2[$id][items][$id2][order]) ? " selected=\"selected\"" : ""; $sel = ($n == $temp2[$id]['items'][$id2]['order']) ? " selected=\"selected\"" : "";
print("<option value=\"$n\"". $sel .">". $n ."</option>"); print("<option value=\"$n\"". $sel .">". $n ."</option>");
} }
if ($temp2[$id][items][$id2][flag] == "0") $status = "<font color=\"#FF0000\">Hidden</font>"; if ($temp2[$id]['items'][$id2]['flag'] == "0") $status = "<font color=\"#FF0000\">Hidden</font>";
elseif ($temp2[$id][items][$id2][flag] == "2") $status = "<font color=\"#0000FF\"><img src=\"pic/updated.png\" alt=\"Updated\" width=\"46\" height=\"11\" align=\"absbottom\"></font>"; elseif ($temp2[$id]['items'][$id2]['flag'] == "2") $status = "<font color=\"#0000FF\"><img src=\"pic/updated.png\" alt=\"Updated\" width=\"46\" height=\"11\" align=\"absbottom\"></font>";
elseif ($temp2[$id][items][$id2][flag] == "3") $status = "<font color=\"#008000\"><img src=\"pic/new.png\" alt=\"New\" width=\"27\" height=\"11\" align=\"absbottom\"></font>"; elseif ($temp2[$id]['items'][$id2]['flag'] == "3") $status = "<font color=\"#008000\"><img src=\"pic/new.png\" alt=\"New\" width=\"27\" height=\"11\" align=\"absbottom\"></font>";
else $status = "Normal"; else $status = "Normal";
print("</select></td><td>". $temp2[$id][items][$id2][question] ."</td><td align=\"center\"></td><td align=\"center\" width=\"60px\">". $status ."</td><td align=\"center\" width=\"60px\"><a href=\"faqactions.php?action=edit&id=". $id2 ."\">Edit</a> <a href=\"faqactions.php?action=delete&id=". $id2 ."\">Delete</a></td></tr>\n"); print("</select></td><td>". $temp2[$id]['items'][$id2]['question'] ."</td><td align=\"center\"></td><td align=\"center\" width=\"60px\">". $status ."</td><td align=\"center\" width=\"60px\"><a href=\"faqactions.php?action=edit&id=". $id2 ."\">Edit</a> <a href=\"faqactions.php?action=delete&id=". $id2 ."\">Delete</a></td></tr>\n");
} }
} }
@@ -97,11 +97,11 @@ if (isset($faq_orphaned)) {
foreach ($faq_orphaned as $lang => $temp2){ foreach ($faq_orphaned as $lang => $temp2){
foreach ($temp2 as $id => $temp) foreach ($temp2 as $id => $temp)
{ {
if ($temp2[$id][flag] == "0") $status = "<font color=\"#FF0000\">Hidden</font>"; if ($temp2[$id]['flag'] == "0") $status = "<font color=\"#FF0000\">Hidden</font>";
elseif ($temp2[$id][flag] == "2") $status = "<font color=\"#0000FF\">Updated</font>"; elseif ($temp2[$id]['flag'] == "2") $status = "<font color=\"#0000FF\">Updated</font>";
elseif ($temp2[$id][flag] == "3") $status = "<font color=\"#008000\">New</font>"; elseif ($temp2[$id]['flag'] == "3") $status = "<font color=\"#008000\">New</font>";
else $status = "Normal"; else $status = "Normal";
print("<tr><td>". $temp2[$id][question] ."</td><td align=\"center\" width=\"60px\">". $status ."</td><td align=\"center\" width=\"60px\"><a href=\"faqactions.php?action=edit&id=". $id ."\">edit</a> <a href=\"faqactions.php?action=delete&id=". $id ."\">delete</a></td></tr>\n"); print("<tr><td>". $temp2[$id]['question'] ."</td><td align=\"center\" width=\"60px\">". $status ."</td><td align=\"center\" width=\"60px\"><a href=\"faqactions.php?action=edit&id=". $id ."\">edit</a> <a href=\"faqactions.php?action=delete&id=". $id ."\">delete</a></td></tr>\n");
} }
} }
print("</table>\n"); print("</table>\n");
@@ -111,7 +111,7 @@ print("<br />\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\" align=\"c
print("<p align=\"center\"><input type=\"submit\" name=\"reorder\" value=\"Reorder\"></p>\n"); print("<p align=\"center\"><input type=\"submit\" name=\"reorder\" value=\"Reorder\"></p>\n");
print("</form>\n"); print("</form>\n");
print("<p>When the position numbers don't reflect the position in the table, it means the order id is bigger than the total number of sections/items and you should check all the order id's in the table and click \"reorder\"</p>"); print("<p>When the position numbers don't reflect the position in the table, it means the order id is bigger than the total number of sections/items and you should check all the order id's in the table and click \"reorder\"</p>");
echo $pagerbottom; echo $pagerbottom ?? '';
end_main_frame(); end_main_frame();
stdfoot(); stdfoot();
forummanage.php
+2 -2
View File
@@ -13,7 +13,7 @@ if (get_user_class() < $forummanage_class)
// DELETE FORUM ACTION // DELETE FORUM ACTION
if (isset($_GET['action']) && $_GET['action'] == "del") { if (isset($_GET['action']) && $_GET['action'] == "del") {
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if (!$id) { if (!$id) {
header("Location: forummanage.php"); header("Location: forummanage.php");
die(); die();
@@ -80,7 +80,7 @@ stdhead($lang_forummanage['head_forum_management']);
begin_main_frame(); begin_main_frame();
if (isset($_GET['action']) && $_GET['action'] == "editforum") { if (isset($_GET['action']) && $_GET['action'] == "editforum") {
//EDIT PAGE FOR THE FORUMS //EDIT PAGE FOR THE FORUMS
$id = ($_GET["id"] ?? 0); $id = intval($_GET["id"] ?? 0);
$result = sql_query ("SELECT * FROM forums where id = ".sqlesc($id)); $result = sql_query ("SELECT * FROM forums where id = ".sqlesc($id));
if ($row = mysql_fetch_array($result)) { if ($row = mysql_fetch_array($result)) {
do { do {
invite.php
+1 -1
View File
@@ -4,7 +4,7 @@ dbconn();
require_once(get_langfile_path()); require_once(get_langfile_path());
loggedinorreturn(); loggedinorreturn();
parked(); parked();
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
$type = unesc($_GET["type"] ?? ''); $type = unesc($_GET["type"] ?? '');
registration_check('invitesystem',true,false); registration_check('invitesystem',true,false);
linksmanage.php
+1 -1
View File
@@ -81,7 +81,7 @@ elseif (get_user_class() < $linkmanage_class)
permissiondenied(); permissiondenied();
else{ else{
if ($_GET['action'] == "del") { if ($_GET['action'] == "del") {
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if (!$id) { header("Location: linksmanage.php"); die();} if (!$id) { header("Location: linksmanage.php"); die();}
$result = sql_query ("SELECT * FROM links where id = '".$id."'"); $result = sql_query ("SELECT * FROM links where id = '".$id."'");
if ($row = mysql_fetch_array($result)) if ($row = mysql_fetch_array($result))
location.php
+1 -1
View File
@@ -32,7 +32,7 @@ if($delid > 0) {
$edited = $_GET['edited']; $edited = $_GET['edited'];
if($edited == 1) { if($edited == 1) {
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
$name = $_GET['name']; $name = $_GET['name'];
$flagpic = $_GET['flagpic']; $flagpic = $_GET['flagpic'];
$location_main = $_GET['location_main']; $location_main = $_GET['location_main'];
moforums.php
+1 -1
View File
@@ -8,7 +8,7 @@ if (get_user_class() < $forummanage_class)
//Presets //Presets
$act = $_GET['action'] ?? ''; $act = $_GET['action'] ?? '';
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
$PHP_SELF = $_SERVER['PHP_SELF']; $PHP_SELF = $_SERVER['PHP_SELF'];
$user = $CURUSER; $user = $CURUSER;
$prefix = ''; $prefix = '';
retriver.php
+3 -3
View File
@@ -6,9 +6,9 @@ loggedinorreturn();
if (get_user_class() < $updateextinfo_class) { if (get_user_class() < $updateextinfo_class) {
permissiondenied(); permissiondenied();
} }
$id = $_GET["id"] ?? 0; $id = intval($_GET["id"] ?? 0);
$type = $_GET["type"] ?? 0; $type = intval($_GET["type"] ?? 0);
$siteid = $_GET["siteid"] ?? 0; // 1 for IMDb $siteid = intval($_GET["siteid"] ?? 0); // 1 for IMDb
if (!isset($id) || !$id || !is_numeric($id) || !isset($type) || !$type || !is_numeric($type) || !isset($siteid) || !$siteid || !is_numeric($siteid)) if (!isset($id) || !$id || !is_numeric($id) || !isset($type) || !$type || !is_numeric($type) || !isset($siteid) || !$siteid || !is_numeric($siteid))
die(); die();
takeedit.php
+9 -9
View File
@@ -14,7 +14,7 @@ if (!mkglobal("id:name:descr:type")){
bark($lang_takeedit['std_missing_form_data']); bark($lang_takeedit['std_missing_form_data']);
} }
$id = $id ?? 0; $id = intval($id ?? 0);
if (!$id) if (!$id)
die(); die();
@@ -57,7 +57,7 @@ elseif ($nfoaction == "remove"){
} }
} }
$catid = ($type ?? 0); $catid = intval($type ?? 0);
if (!is_valid_id($catid)) if (!is_valid_id($catid))
bark($lang_takeedit['std_missing_form_data']); bark($lang_takeedit['std_missing_form_data']);
if (!$name || !$descr) if (!$name || !$descr)
@@ -75,13 +75,13 @@ $updateset[] = "url = " . sqlesc($url);
$updateset[] = "small_descr = " . sqlesc($_POST["small_descr"]); $updateset[] = "small_descr = " . sqlesc($_POST["small_descr"]);
//$updateset[] = "ori_descr = " . sqlesc($descr); //$updateset[] = "ori_descr = " . sqlesc($descr);
$updateset[] = "category = " . sqlesc($catid); $updateset[] = "category = " . sqlesc($catid);
$updateset[] = "source = " . sqlesc($_POST["source_sel"] ?? 0); $updateset[] = "source = " . sqlesc(intval($_POST["source_sel"] ?? 0));
$updateset[] = "medium = " . sqlesc($_POST["medium_sel"] ?? 0); $updateset[] = "medium = " . sqlesc(intval($_POST["medium_sel"] ?? 0));
$updateset[] = "codec = " . sqlesc($_POST["codec_sel"] ?? 0); $updateset[] = "codec = " . sqlesc(intval($_POST["codec_sel"] ?? 0));
$updateset[] = "standard = " . sqlesc($_POST["standard_sel"] ?? 0); $updateset[] = "standard = " . sqlesc(intval($_POST["standard_sel"] ?? 0));
$updateset[] = "processing = " . sqlesc($_POST["processing_sel"] ?? 0); $updateset[] = "processing = " . sqlesc(intval($_POST["processing_sel"] ?? 0));
$updateset[] = "team = " . sqlesc($_POST["team_sel"] ?? 0); $updateset[] = "team = " . sqlesc(intval($_POST["team_sel"] ?? 0));
$updateset[] = "audiocodec = " . sqlesc($_POST["audiocodec_sel"] ?? 0); $updateset[] = "audiocodec = " . sqlesc(intval($_POST["audiocodec_sel"] ?? 0));
if (get_user_class() >= $torrentmanage_class) { if (get_user_class() >= $torrentmanage_class) {
if (!empty($_POST["banned"])) { if (!empty($_POST["banned"])) {
uploaders.php
+2 -2
View File
@@ -7,10 +7,10 @@ loggedinorreturn();
if (get_user_class() < UC_UPLOADER) if (get_user_class() < UC_UPLOADER)
permissiondenied(); permissiondenied();
$year=$_GET['year'] ?? 0; $year=intval($_GET['year'] ?? 0);
if (!$year || $year < 2000) if (!$year || $year < 2000)
$year=date('Y'); $year=date('Y');
$month=$_GET['month'] ?? 0; $month=intval($_GET['month'] ?? 0);
if (!$month || $month<=0 || $month>12) if (!$month || $month<=0 || $month>12)
$month=date('m'); $month=date('m');
$order=$_GET['order']; $order=$_GET['order'];
viewfilelist.php
+1 -1
View File
@@ -10,7 +10,7 @@ header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" ); header("Pragma: no-cache" );
header("Content-Type: text/xml; charset=utf-8"); header("Content-Type: text/xml; charset=utf-8");
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if(isset($CURUSER)) if(isset($CURUSER))
{ {
$s = "<table class=\"main\" border=\"1\" cellspacing=0 cellpadding=\"5\">\n"; $s = "<table class=\"main\" border=\"1\" cellspacing=0 cellpadding=\"5\">\n";
viewpeerlist.php
+1 -1
View File
@@ -9,7 +9,7 @@ header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" ); header("Pragma: no-cache" );
header("Content-Type: text/xml; charset=utf-8"); header("Content-Type: text/xml; charset=utf-8");
$id = $_GET['id'] ?? 0; $id = intval($_GET['id'] ?? 0);
if(isset($CURUSER)) if(isset($CURUSER))
{ {
function dltable($name, $arr, $torrent) function dltable($name, $arr, $torrent)