source: quests/client_save.php@ 301

Last change on this file since 301 was 301, checked in by maron, 17 years ago

Ochrana proti neoprávněném přístupu
File size: 3.0 KB
Line 
1<?php
2
3 include('includes/global.php');
4
5 // SQL injection hack protection
6 foreach($_POST as $Index => $Item) $_POST[$Index] = addslashes($Item);
7 foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($Item);
8
9 //ochrana proti neoprávnìnému pøístupu
10 if (Licence(0) == false) { die('Nemáte pøístup do této sekce! Pøihlašte se...'); }
11
12 if (array_key_exists('entry', $_POST)) {
13
14 $entry = mysql_escape_string($_POST['entry']);
15
16 for ($i=0; $i<count($client_text); ++$i) {
17 $client_text_save[$i] = @$_POST[$client_text[$i]];
18 }
19
20 $UserID = mysql_escape_string($_SESSION['UserID']);
21 $id_text = mysql_escape_string($_POST['id_text']);
22 $client_ID = mysql_escape_string($_POST['ID']);
23 $Language = mysql_escape_string($_POST['Language']);
24 if (array_key_exists('End', $_POST))
25 $complete = 1;
26 else
27 $complete = 0;
28
29 if (array_key_exists('Repair', $_POST) and Licence(1)) {
30 $Line = mysql_fetch_array($Database->SQLCommand("SELECT user FROM client_text Where ID = '$client_ID'"));
31 $UserID = $Line['user'];
32 $complete = 1;
33 WriteLog('client_text: '.$entry.' Opraven moderátorem! <a href="client_form.php?ID='.$client_ID.'">'.$client_ID.'</a>', 4);
34 }
35
36 $Line = mysql_fetch_array($Database->SQLCommand("SELECT * FROM client_text WHERE user='$UserID' AND entry = '$entry'"));
37 if (!$Line) {
38
39 $sql = "INSERT INTO `client_text` (";
40 for ($i=0; $i<count($client_text); ++$i) {
41 $sql .= " `".$client_text[$i]."` , ";
42 }
43 $sql .= " `Complete` , `Take` , `User` , `Vote` , `CountVote` , `Language` , `entry` , `id_text`) VALUES(";
44 for ($i=0; $i<count($client_text); ++$i) {
45 $sql .= "'".$client_text_save[$i]."',";
46 }
47 $sql .= " '$complete' , '$client_ID' , '$UserID' , '3' , '1' , '$Language' , '$entry' , '$id_text')";
48
49 echo 'client_text: '.$entry.' ulo¾en!<br />';
50 WriteLog('client_text: '.$entry.' ulo¾en! Pøevzat z: <a href="client_form.php?ID='.$client_ID.'">Aj client_text'.$client_ID.'</a>', 8);
51 } else {
52 $sql = "UPDATE client_text SET ";
53 for ($i=0; $i<count($client_text); ++$i) {
54 $sql .= " ".$client_text[$i]." = '".$client_text_save[$i]."' , ";
55 }
56 $sql .= " Language = '$Language' , Complete = '$complete' , Take = '$client_ID' , User = '$UserID' ,
57 Vote = '3' , CountVote = '1' , entry = '$entry' WHERE ID = ".$client_ID." AND Language <> 0 ";
58
59 echo 'Zmìny v client_textu: '.$entry.' ulo¾eny!<br />';
60 WriteLog('Zmìny v client_textu: '.$entry.' ulo¾eny!
61 <a href="client_form.php?ID='.$client_ID.'">'.$client_ID.'</a>', 8);
62 $Database->SQLCommand("DELETE FROM `client_vote` WHERE `client_vote`.`IDclient` = ".$client_ID);
63 }
64 //echo $sql;
65 $Database->SQLCommand($sql);
66
67 echo 'Pøekládat: <a href="client_list.php?notran">Nepøelo¾ené</a> ';
68
69 }
70
71 ShowFooter();
72?>
Note: See TracBrowser for help on using the repository browser.