One Hat Cyber Team

Your IP : 216.73.216.24

Server IP : 194.44.31.54

Server : Linux zen.imath.kiev.ua 4.18.0-553.77.1.el8_10.x86_64 #1 SMP Fri Oct 3 14:30:23 UTC 2025 x86_64

Server Software : Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k

PHP Version : 5.6.40

Buat File | Buat Folder

Dir : ~/home/nosc/public_html/admin/

Edit File: update_authors.php~

<?
$page_title="Manage authors table: action performed";
$related_page="manage_authors.php";

require("../login/include/session.php");
//require_once("header.php");
require_once("../auth/auth.php");
require_once("functions_admin.php");

/*if(!$db_handle)
  $db_handle = mysql_connect($_db_host, $_db_user, $_db_password);*/

$todo_selected = take_variable("todo_selected");
$id_selected = take_variable("id_selected");
$all_latin = take_variable("all_latin");
$lang = $_POST['lang'];

$_updcols = fields_to_update("person");

mysql_query("SET NAMES $_charset");
//tell("charset=".$_charset);

switch ($todo_selected)
  { 
  case "insert":

$command="";   
 $i=0; 
 
 foreach ($_updcols as $val)
   { 
     //${$val}=htmlspecialchars(take_variable($val,"POST"),ENT_QUOTES); 
     ${$val}=addslashes(take_variable($val,"POST"));
     //${$val}=mysql_real_escape_string(${$val});
       
     /*if (isset(${$val}))
       { 
	 if ($command) 
	   {
	     $command=$command.",";
	   }
	   
	 $command=$command."$val='${$val}'"; 
	 }*/ 
   }
    
    fill_var_enruua("last_name","trim",$lang);
    fill_var_enruua("first_name","trim",$lang);
    fill_var_enruua("middle_name","trim",$lang);
    fill_var_enruua("short_name","trim",$lang);
    
    $email=trim($email); $fax=trim($fax); $phone=trim($phone);
    $note=trim($note);

$soundex=soundex(koi2transl(${"last_name_".$lang}));
    
    if (0)
      //(empty($last_name) | empty($city) | empty($country))
      { 
	echo "<div class=dark><p align=center>The form is incomplete. Not
 inserting anything.</p></div>";
      }
    else
      {
	$res = mysql_query("insert into Authors
(last_name_en,last_name_ru,last_name_ua,
first_name_en,first_name_ru,first_name_ua,
middle_name_en,middle_name_ru,middle_name_ua,
short_name_en,short_name_ru,short_name_ua,
title,
sex,email,fax,phone,editor,preferred_language,soundex,created,created_by)
values ('$last_name_en','$last_name_ru','$last_name_ua',
'$first_name_en','$first_name_ru','$first_name_ua',
'$middle_name_en','$middle_name_ru','$middle_name_ua',
'$short_name_en','$short_name_ru','$short_name_ua',
'$title','$sex','$email','$fax','$phone','$editor',
'$preferred_language','$soundex',now(),'".$session->author_id."')");
	
	$id=mysql_insert_id();
	
	if ($res) 
	  {
	    tell(enruua("By your request, a new card with number",
			"По Вашему запросу в таблице персоналий создана новая карточка с номером",
			"За Вашим бажанням в таблиці персоналій створену нову картку з номером")." " .$id
		 ."".enruua(" have been created in the persons table","","").". "
		 .enruua("You will now be redirected to that card's modification page",
			 "Сейчас будет открыта страница редактирования этой карточки",
			 "Зараз буде відкрито сторінку редагування цієї картки"));
	    go(author_edit_page($id));
	  } 
	else 
	  {
	    tell(enruua("Errors have happened when inserting a new record",
			"При создании новой карточки в таблице статей возникли ошибки",
			"При створенні нової картки в таблиці статей виникли помилки")."!"); 
	    go(manage_authors());  
	  }
      }
    break;
    
  case "update":

//mysql_query("SET NAMES $_charset");

$command="";   
 $i=0; 
 
 foreach ($_updcols as $val)
   { 
     //${$val}=htmlspecialchars(take_variable($val,"POST"),ENT_QUOTES); 
     ${$val}=addslashes(take_variable($val,"POST"));
     //${$val}=mysql_real_escape_string(${$val});
       
     if (isset(${$val}))
       { 
	 if ($command) 
	   {
	     $command=$command.",";
	   }
	   
	 $command=$command."$val='${$val}'"; 
       } 
   }
 
   $person = person($id_selected);
   //   tell("all_lat=".$all_latin);
   
   if ($all_latin)//($person['all_latin'])
     {
       fill_var_enruua("last_name","trim","en");
       fill_var_enruua("first_name","trim","en");
       fill_var_enruua("middle_name","trim","en");
       fill_var_enruua("short_name","trim","en");
       /*fill_var_enruua("last_name","trim");
	fill_var_enruua("first_name","trim");
	fill_var_enruua("middle_name","trim");
	fill_var_enruua("short_name","trim");*/
      }
    else
      {
	fill_var_enruua("last_name","trim");
	fill_var_enruua("first_name","trim");
	fill_var_enruua("middle_name","trim");
	fill_var_enruua("short_name","trim");
      }
        
    $email=trim($email); $fax=trim($fax); $phone=trim($phone);
    $homepage=trim($homepage);  
    
    /* if ((!$last_name_en) && ($last_name_ru))
     $last_name_en = koi2transl($last_name_ru);
     elseif ((!$last_name_en) && ($last_name_ua))
     $last_name_en = koi2transl($last_name_ua);
     
     if ((!$first_name_en) && ($first_name_ru))
     $first_name_en = koi2transl($first_name_ru);
     elseif ((!$first_name_en) && ($first_name_ua))
     $first_name_en = koi2transl($first_name_ua); */
    
    $soundex=soundex(${"last_name_".$lang});
    
    //overriding the command!!!
    //$command = _set_by_name("author","",$session->author_id). " where id='".$id_selected."'"; 
    
    //    $res = mysql_db_query($_db, "UPDATE Authors SET ".$command." WHERE id='".$id_selected."'");

$res = mysql_db_query($_db, "update Authors set "
			 . _set_by_name("author","",$session->author_id) 
			 . " WHERE id='".$_POST['id_selected']."'");
    
    $something_inserted = mysql_affected_rows();

//first remove the related data from AI
    $res_purge = mysql_query( "DELETE FROM AI WHERE author_id='$id_selected'");

/* now look what needs to be inserted (if any)...
     this code seems to be unnecessary (unless somebody else tries to
     modify the database right at the moment */
    $res = mysql_query("SELECT id, institution_id,author_id,institution_ambition FROM AI_temp WHERE author_id='$id_selected'");
    
    while ($ai_temp = mysql_fetch_array($res) )
      {
	$res_prev_from_ai = mysql_query("SELECT id, institution_id, author_id,
institution_ambition FROM AI WHERE author_id='$id_selected'");
	
	$should_insert_something = 1;
	
	//check whether there is something on article no. $id_selected in AA 
	while ($prev_from_ai = mysql_fetch_array($res_prev_from_ai))  
	  { //while
	    if (!$should_insert_something) break;
	    if ( ($prev_from_ai[institution_id]==$ai_temp[institution_id]) &&
		 ($prev_from_ai[author_id]==$ai_temp[author_id])  ) 
	      {
		mysql_query("UPDATE AI set
   institution_ambition='$aa_temp[institution_ambition]' WHERE id='$prev_from_ai[id]' "); 
		$should_insert_something=0;}
	    // do nothing if no similar entries found  
	  } //while
	//
	if ($should_insert_something)
	  {
	    $res_ai = mysql_query( "REPLACE INTO AI (institution_id,
author_id, institution_ambition) VALUES ('$ai_temp[institution_id]',
'$ai_temp[author_id]', '$ai_temp[institution_ambition]') ");
	    mysql_query( "update Authors set 
updated=now(),updated_by='".$session->author_id."' where id='$id_selected' "); 
	  }
      } // from AA_temp
    //now flush from AA_temp what concerns Art. $id_selected:
    $q=mysql_query("DELETE FROM AI_temp WHERE author_id='$id_selected' ");
    //>>>>>>>>>>>>>>>>>.
    
    $p = person($id_selected);
    $res_em = mysql_query("SELECT id FROM Emails WHERE person_id='".$id_selected."'");
    $num = mysql_num_rows($res_em);
    if ($num)
      { 
	$skip = FALSE;
	while ($e = mysql_fetch_array($res_em))
	  {
	    mysql_query("update  Emails set email_field='".$_POST['email'][$e['id']]."'
 where id='".$e['id']."'");
	    
	    if ( ($_POST['primary_email']) && (!$skip) )
	      {
		mysql_query("update Authors set primary_email='".$_POST['primary_email']."' where id='".$id_selected."'");
		
		$skip=TRUE;
	      }
	    elseif (($num==1) && ($p['id']) && (!$p['primary_email']))
	      mysql_query("update Authors set primary_email='".$e['id']."' 
where id='".$_POST['id_selected']."'");
	  }
      }
    
    if ($something_inserted) 
      { 
	$res = mysql_query( "update Authors set updated=now(),
updated_by='".$session->author_id."' where id='$id_selected' ");

if ($res)
	  {
	    $msg = enruua("Card","Запись","Картку")." ".$id_selected." ".enruua("have been updated","обновлена","оновлено").".";
	  } 
	else 
	  { 
	  $msg = enruua("The card with number","Запись с номером",
		      "Картку з номером")." ".$id_selected." ".enruua("is unchanged",
								      "не была изменена","не было змінено")."."; 
	  tell($msg);
	}
      }
    
    go(author_edit_page($id_selected));
    
    break;
    
  case "erase":
    
    mysql_query("SET NAMES $_charset");
    
    $resa = mysql_query( "delete from AA where author_id='$id_selected'");
    $resb = mysql_query( "delete from AA_temp where author_id='$id_selected'");
    $resc = mysql_query( "delete from Authors where id='$id_selected'");
    mysql_query( "delete from Emails where person_id='$id_selected'");
    
    if (// ($resa) && ($resb) &&
	($resc)) 
      { 
	tell(enruua("The record corresponding to person","Карточка персоналии","Картка персоналії").""
	     ." ".$id_selected." ".enruua("have been successfully deleted","успешно удалена","успішно видалено")."."); 
	
	go(manage_authors());
      }
    else 
      { 
	tell(enruua("Errors have happened when deleting the record for person",
		    "При удалении карточки персоналии","При видаленні картки персоналії").""
	     ." ".$id_selected." ".enruua("","возникли ошибки","виникли помилки")."!");
	go(manage_authors());
      }
    
    break;
    
    
  case "cancel":
    
    go(manage_authors());
  }

require("footer.php");

?>