Newer
Older
<?php
################################
########## CONNECTION #########
################################
function sql_init() {
include_once("db.php");
$db = mysql_connect($db_host, $db_user, $db_pass) or die("<font color=red>can't connect</font>");
mysql_select_db($db_name, $db) or die("<font color=red>can't find database</font>");
mysql_set_charset("utf8", $db);
}
################################
########## SQL NEWS ########
################################
function getOneNews($news_id) {
$news_id = mysql_real_escape_string($news_id);
$query = "select * from $DB.news_db WHERE news_id = '$news_id'";
return mysql_query($query);
}
function getLastNews($tendu) {
$tendu = mysql_real_escape_string($tendu);
$query = "SELECT * FROM $DB.news_db INNER JOIN $DB.users_db ON news_db.news_user_id = users_db.user_id WHERE news_tendu<='$tendu' ORDER BY news_date desc, news_time desc";
return mysql_query($query);
}
################################
########## SQL EDITO ########
################################
function getOneEdito($edito_id) {
$edito_id = mysql_real_escape_string($edito_id);
$query = "select * from $DB.editos_db WHERE edito_id = '$edito_id'";
return mysql_query($query);
}
function getLastEdito() {
$query = "select * from $DB.editos_db ORDER BY edito_date DESC";
return mysql_query($query);
}
function getAllEdito() {
$query = "select * from $DB.editos_db ORDER BY edito_date DESC";
return mysql_query($query);
}
################################
########## SQL VIDEOS ########
################################
function getOneVideo($vid_id){
$vid_id = mysql_real_escape_string($vid_id);
$query = "select * from $DB.videos_db WHERE video_id = '$vid_id'";
return mysql_query($query);
}
function getAllVideos() {
$query = "select * from $DB.videos_db ORDER BY video_date desc, video_time desc";
return mysql_query($query);
}
function getLastVideos() {
$query = "select * from $DB.videos_db ORDER BY video_id desc";
return mysql_query($query);
}
function getVideosByType($type) {
$type = mysql_real_escape_string($type);
$query = "select * from $DB.videos_db WHERE video_type='$type' ORDER BY video_date desc";
return mysql_query($query);
}
function getVideosByYearAndTypeAndTendu($year, $type, $tendu) {
$year = mysql_real_escape_string($year);
$type = mysql_real_escape_string($type);
$tendu = mysql_real_escape_string($tendu);
if ($year == 0)
$query = "select * from $DB.videos_db
WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)<='2000'
ORDER BY video_date desc";
else
$query = "select * from $DB.videos_db
WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)='$year'
ORDER BY video_date desc";
return mysql_query($query);
}
function getLastVideosByTendu($tendu) {
$tendu = mysql_real_escape_string($tendu);
$query = "select * from $DB.videos_db WHERE video_tendu<='$tendu' ORDER BY video_id desc";
return mysql_query($query);
}
##################################
########## SQL CONTACTS ########
##################################
function getAssoInfos() {
$query = "select * from $DB.asso_db";
return mysql_query($query);
function getOneLinkById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.links_db WHERE link_id='$id'";
return mysql_query($query);
}
function getAllLinks() {
$query = "select * from $DB.links_db";
return mysql_query($query);
###############################
########## SQL USERS ########
###############################
function getOneUserByLogin($login) {
$login = mysql_real_escape_string($login);
$query = "select * from $DB.users_db WHERE user_login='$login'";
return mysql_query($query);
}
function getOneUserByPseudo($pseudo) {
$pseudo = mysql_real_escape_string($pseudo);
$query = "select * from $DB.users_db WHERE user_pseudo='$pseudo'";
return mysql_query($query);
}
function getOneUserById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.users_db WHERE user_id='$id'";
return mysql_query($query);
}
function getAllUsers() {
$query = "select * from $DB.users_db WHERE user_right < 7 ORDER BY user_right desc";
return mysql_query($query);
}
function getUsersByStatut($statut) {
$statut = mysql_real_escape_string($statut);
$query = "SELECT * FROM $DB.users_db WHERE user_statut='$statut' ORDER BY user_right desc";
return mysql_query($query);
}
################################
########## SQL MEMBERS ########
################################
function getAllMembers() {
$query = "select * from $DB.users_db WHERE user_right >= 7";
return mysql_query($query);
}
function getAnExistingStatut($statut) {
$statut = mysql_real_escape_string($statut);
$query = "select * from $DB.users_db WHERE user_statut = '$statut'";
return mysql_query($query);
####################################
########## SQL Blacklist ########
####################################
function getOneBlacklistById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.blacklist_db WHERE blacklist_id='$id'";
return mysql_query($query);
}
function getOneBlacklistByLogin($login) {
$login = mysql_real_escape_string($login);
$query = "select * from $DB.blacklist_db WHERE blacklist_login='$login'";
return mysql_query($query);
}
function getAllBlacklist() {
$query = "select * from $DB.blacklist_db";
return mysql_query($query);
}
function getAllBlacksite() {
$query = "select * from $DB.blacksites_db";
return mysql_query($query);
function getOneBlacksiteById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.blacksites_db WHERE blacksite_id='$id'";
return mysql_query($query);
}
#######################################################
#################### VIDEOS ######################
#######################################################
function adminAddVideo(){
$name = $_POST['video_get_name'];
$path = $_POST['video_get_path'];
$path_daily = $_POST['video_path_daily'];
$size = get_filesize($path);
$date = $_POST['video_get_date'];
$time = get_time();
$type = $_POST['video_type'];
$comment = $_POST['video_comment'];
$tendu = $_POST['video_tendu'];
$id_user = $_SESSION["user_id"];
$query = " INSERT INTO `videos_db` ";
$query .= "( `video_id`, `video_name`, `video_path`, `video_path_daily`, `video_size`, `video_date`,
`video_time`, `video_type`, `video_comment`, `video_tendu`, `video_img_path`, `video_user_id`) ";
$query .= "VALUES ( '', '$name', '$path' , '$path_daily', '$size', '$date',
or die("Add Video Query failed");
$auto_news = $_POST['auto_www_news'];
if ($auto_news)
{
$title = 'Nouvelle Video: '.$name;
$query = " INSERT INTO `news_db` ";
$query .= "( `news_id`, `news_title`, `news_date`, `news_time`, `news_comment`, `news_user_id`, `news_tendu`)";
$query .= "VALUES ( '', '$title', '$date', '$time', '$comment', '$id_user', '$tendu') ";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminVideos"> '; // automatique redirection
}
function adminModifVideo(){
$name = $_POST['video_get_upname'];
$path = $_POST['video_get_path'];
$path_daily = $_POST['video_path_daily'];
$size = get_filesize($path);
$date = $_POST['video_get_date'];
$type = $_POST['video_get_type'];
$comment = $_POST['video_get_comment'];
$vid_id = $_GET['vid_id'];
$query = " UPDATE `videos_db` ";
$query .= " SET `video_name` = '$name', `video_path` = '$path', `video_path_daily` = '$path_daily', `video_date` = '$date', `video_size` = '$size',
`video_time` = 'get_time()', `video_type` = '$type', `video_comment` = '$comment', `video_tendu` = '$tendu' ";
$query .= " WHERE `video_id` = '$vid_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminVideos"> '; // automatique redirection
}
function adminDeleteVideo(){
$name = $_POST['video_get_upname'];
$path = $_POST['file_serveur'];
$date = $_POST['video_get_date'];
$up_date = get_time();
$vid_id = $_GET['vid_id'];
$query = " DELETE FROM `videos_db` ";
$query .= " WHERE `video_id` = '$vid_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminVideos"> '; // automatique redirection
#######################################################
#################### NEWS ######################
#######################################################
function adminAddNews(){
$title = $_POST['news_get_title'];
$date = $_POST['news_get_date'];
$time = get_time();
$comment = $_POST['news_get_comment'];
$id_user = $_SESSION["user_id"];
$tendu = $_POST['news_tendu'];
$query = " INSERT INTO `news_db` ";
$query .= "( `news_id`, `news_title`, `news_date`, `news_time`, `news_comment`, `news_user_id`, `news_tendu`)";
$query .= "VALUES ( '', '$title', '$date', '$time', '$comment', '$id_user', '$tendu') ";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminNews"> '; // automatique redirection
}
function adminModifNews(){
$title = $_POST['news_get_uptitle'];
$date = $_POST['news_get_date'];
$time = get_time();
$comment = $_POST['news_get_comment'];
$news_id = $_GET['news_id'];
$query = " UPDATE `news_db` ";
$query .= " SET `news_title` = '$title', `news_date` = '$date', `news_time` = 'get_time()', `news_comment` = '$comment' ";
$query .= " WHERE `news_id` = '$news_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminNews"> '; // automatique redirection
}
function adminDeleteNews(){
$news_id = $_GET['news_id'];
$query = " DELETE FROM `news_db` ";
$query .= " WHERE `news_id` = '$news_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminNews"> '; // automatique redirection
}
#######################################################
#################### EDITOS ######################
#######################################################
function adminAddEdito(){
$title = $_POST['edito_get_title'];
$date = $_POST['edito_get_date'];
$comment = $_POST['edito_get_comment'];
$id_user = $_SESSION["user_id"];
$query = " INSERT INTO `editos_db` ";
$query .= "( `edito_id`, `edito_title`, `edito_date`, `edito_comment`, `edito_id_user`)";
$query .= "VALUES ( '', '$title', '$date', '$comment', '$id_user') ";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminEdito"> '; // automatique redirection
}
function adminModifEdito(){
$title = $_POST['edito_get_uptitle'];
$date = $_POST['edito_get_update'];
$comment = $_POST['edito_get_upcomment'];
$edito_id = $_GET['edito_id'];
$query = " UPDATE `editos_db` ";
$query .= " SET `edito_title` = '$title', `edito_date` = '$date', `edito_comment` = '$comment' ";
$query .= " WHERE `edito_id` = '$edito_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminEdito"> '; // automatique redirection
}
function adminDelEdito(){
$edito_id = $_GET['edito_id'];
$query = " DELETE FROM `editos_db` ";
$query .= " WHERE `edito_id` = '$edito_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminEdito"> '; // automatique redirection
}
#######################################################
#################### LINKS ######################
#######################################################
function adminAddLink(){
$link = $_POST['input_get_link'];
$comment = $_POST['input_get_comment'];
$query = " INSERT INTO `links_db` ";
$query .= "( `link_id`, `link_link`, `link_comment`)";
$query .= "VALUES ( '', '$link', '$comment') ";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminLinks"> '; // automatique redirection
}
function adminModifLink(){
$link = $_POST['input_get_link'];
$comment = $_POST['input_get_comment'];
$element_id = $_GET['element_id'];
$query = " UPDATE `links_db` ";
$query .= " SET `link_link` = '$link', `link_comment` = '$comment' ";
$query .= " WHERE `link_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminLinks"> '; // automatique redirection
}
function adminDelLink(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `links_db` ";
$query .= " WHERE `link_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminLinks"> '; // automatique redirection
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
}
#######################################################
#################### MEMBERS ######################
#######################################################
function adminAddMember(){
$login = $_POST['member_get_login'];
$pseudo = $_POST['member_get_pseudo'];
$pass = $_POST['member_get_pass'];
$check_pass = $_POST['member_get_checkpass'];
$mail = $_POST['member_get_mail'];
$tel = $_POST['member_get_tel'];
$date = $_POST['member_get_date'];
$statut = $_POST['member_get_statut'];
$right = $_POST['member_get_right'];
$signature = $_POST['member_get_signature'];
$comment = $_POST['member_get_comment'];
$mailing = $_POST['auto_mailing_member'];
if (strcmp($pass,$check_pass) == 1 || $pass == "")
{
echo "Pass non valide mec... Soit c'évide, soit tu n'as pas mis deux fois le meme";
return;
}
else {
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
}
$query = " INSERT INTO `users_db` ";
$query .= "( `user_id`, `user_login`, `user_pseudo`, `user_pass`, `user_mail`,
`user_tel`, `user_date`, `user_statut`, `user_right`,`user_signature`, `user_comment`, `user_mailing`)";
$query .= "VALUES ( '', '$login', '$pseudo', '$pass', '$mail', '$tel', '$date' ,'$statut', '$right', '$signature', '$comment', '$mailing') ";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminMembers"> '; // automatique redirection
}
function adminModifMember(){
$element_id =$_GET['element_id'];
$result = getOneUserById($element_id);
if (mysql_num_rows($result)){
$login = $_POST['member_get_login'];
$pseudo = $_POST['member_get_pseudo'];
$pass = $_POST['member_get_pass'];
$check_pass = $_POST['member_get_verifpass'];
$mail = $_POST['member_get_mail'];
$tel = $_POST['member_get_tel'];
if ($_SESSION["user_right"] == $GLOBALS["ROOT"]) {
$date = $_POST['member_get_date'];
$statut = $_POST['member_get_statut'];
$right = $_POST['member_get_right'];
$comment = $_POST['member_get_comment'];
}
else {
$date = $user["user_date"];
$statut = $user["user_statut"];
$right = $user["user_right"];
$comment = $user["user_comment"];
}
$signature = $_POST['member_get_signature'];
if ($pass != $check_pass)
echo "Pass non valide mec... Soit c'est vide, soit tu n'as pas mis deux fois le meme";
return;
}
else {
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
}
$mailing = $_POST['auto_mailing_member'];
$element_id = $_GET['element_id'];
$query = " UPDATE `users_db` ";
if ($_POST['member_get_pass']){
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_pass` = '$pass', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut', `user_right` = '$right',
`user_signature` = '$signature', `user_comment` = '$comment', `user_mailing` = '$mailing' ";
}
else {
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut', `user_right` = '$right',
`user_signature` = '$signature', `user_comment` = '$comment', `user_mailing` = '$mailing' ";
}
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query fucked");
}
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminMembers"> '; // automatique redirection
}
function adminDelMember(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `users_db` ";
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminMembers"> '; // automatique redirection
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
}
#######################################################
#################### USERS ######################
#######################################################
function adminAddUser(){
$login = $_POST['user_get_login'];
$pseudo = $_POST['user_get_pseudo'];
$pass = $_POST['user_get_pass'];
$mail = $_POST['user_get_mail'];
$tel = $_POST['user_get_tel'];
$date = $_POST['user_get_date'];
$statut = 0;
$right = $_POST['user_get_right'];
$signature = $_POST['user_get_signature'];
$comment = $_POST['user_get_comment'];
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
$query = " INSERT INTO `users_db` ";
$query .= "( `user_id`, `user_login`, `user_pseudo`, `user_pass`, `user_mail`,
`user_tel`, `user_date`, `user_statut`, `user_right`,`user_signature`, `user_comment`, `user_mailing`)";
$query .= "VALUES ( '', '$login', '$pseudo', '$pass', '$mail', '$tel', '$date' ,'$statut', '$right', '$signature', '$comment', '') ";
mysql_query($query)
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminUsers"> '; // automatique redirection
}
function adminModifUser(){
$login = $_POST['user_get_login'];
$pseudo = $_POST['user_get_pseudo'];
$pass = $_POST['user_get_pass'];
$mail = $_POST['user_get_mail'];
$tel = $_POST['user_get_tel'];
$date = $_POST['user_get_date'];
$statut = 0;
$right = $_POST['user_get_right'];
$signature = $_POST['user_get_signature'];
$comment = $_POST['user_get_comment'];
$element_id = $_GET['element_id'];
echo "Pass non valide mec... Soit c'est vide, soit tu n'as pas mis deux fois le meme";
return;
}
else {
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
}
$query = " UPDATE `users_db` ";
if ($_POST['user_get_pass']){
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_pass` = '$pass', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut',
`user_right` = '$right', `user_signature` = '$signature', `user_comment` = '$comment' ";
}
else {
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut',
`user_right` = '$right', `user_signature` = '$signature', `user_comment` = '$comment' ";
}
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminUsers"> '; // automatique redirection
}
function adminDelUser(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `users_db` ";
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminUsers"> '; // automatique redirection
}
#######################################################
#################### BLACKLIST ######################
#######################################################
function adminAddBlacklist(){
$login = $_POST['blacklist_get_login'];
$pseudo = $_POST['blacklist_get_pseudo'];
$mail = $_POST['blacklist_get_mail'];
$date = $_POST['blacklist_get_date'];
$reason = $_POST['blacklist_get_reason'];
$query = " INSERT INTO `blacklist_db` ";
$query .= "( `blacklist_id`, `blacklist_login`, `blacklist_pseudo`, `blacklist_mail`,
`blacklist_date`, `blacklist_reason`, `blacklist_try`)";
$query .= "VALUES ( '', '$login', '$pseudo', '$mail', '$date', '$reason', '') ";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminBlacklist"> '; // automatique redirection
}
function adminModifBlacklist(){
$login = $_POST['blacklist_get_login'];
$pseudo = $_POST['blacklist_get_pseudo'];
$mail = $_POST['blacklist_get_mail'];
$date = $_POST['blacklist_get_date'];
$reason = $_POST['blacklist_get_reason'];
$element_id = $_GET['element_id'];
$query = " UPDATE `blacklist_db` ";
$query .= " SET `blacklist_login` = '$login', `blacklist_pseudo` = '$pseudo', `blacklist_mail` = '$mail',
`blacklist_date` = '$date', `blacklist_reason` = '$reason' ";
$query .= " WHERE `blacklist_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminBlacklist"> '; // automatique redirection
}
function adminDelBlacklist(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `blacklist_db` ";
$query .= " WHERE `blacklist_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminBlacklist"> '; // automatique redirection
}
function adminAddBlacksite(){
$adress = $_POST['blacksite_get_adress'];
$query = " INSERT INTO `blacksites_db` ";
$query .= "( `blacksite_id`, `blacksite_adress`)";
$query .= "VALUES ( '', '$adress') ";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminBlacklist"> '; // automatique redirection
}
function adminModifBlacksite(){
$adress = $_POST['blacksite_get_adress'];
$element_id = $_GET['element_id'];
$query = " UPDATE `blacksites_db` ";
$query .= " SET `blacksite_adress` = '$adress' ";
$query .= " WHERE `blacksite_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminBlacklist"> '; // automatique redirection
}
function adminDelBlacksite(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `blacksites_db` ";
$query .= " WHERE `blacksite_id` = '$element_id' LIMIT 1";
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?html=AdminHome§ion_admin=AdminBlacklist"> '; // automatique redirection