can't connect");
mysql_select_db($db_name, $db) or die("can't find database");
mysql_set_charset("utf8", $db);
}
################################
########## SQL NEWS ########
################################
function getOneNews($news_id) {
$news_id = mysql_real_escape_string($news_id);
$query = "select * from $DB.news_db WHERE news_id = '$news_id'";
return mysql_query($query);
}
function getLastNews($tendu) {
$tendu = mysql_real_escape_string($tendu);
$query = "SELECT * FROM $DB.news_db INNER JOIN $DB.users_db ON news_db.news_user_id = users_db.user_id WHERE news_tendu<='$tendu' ORDER BY news_date desc, news_time desc";
return mysql_query($query);
}
################################
########## SQL EDITO ########
################################
function getOneEdito($edito_id) {
$edito_id = mysql_real_escape_string($edito_id);
$query = "select * from $DB.editos_db WHERE edito_id = '$edito_id'";
return mysql_query($query);
}
function getLastEdito() {
$query = "select * from $DB.editos_db ORDER BY edito_date DESC";
return mysql_query($query);
}
function getAllEdito() {
$query = "select * from $DB.editos_db ORDER BY edito_date DESC";
return mysql_query($query);
}
################################
########## SQL VIDEOS ########
################################
function getOneVideo($vid_id){
$vid_id = mysql_real_escape_string($vid_id);
$query = "select * from $DB.videos_db WHERE video_id = '$vid_id'";
return mysql_query($query);
}
function getAllVideos() {
$query = "select * from $DB.videos_db ORDER BY video_date desc, video_time desc";
return mysql_query($query);
}
function getLastVideos() {
$query = "select * from $DB.videos_db ORDER BY video_id desc";
return mysql_query($query);
}
function getVideosByType($type) {
$type = mysql_real_escape_string($type);
$query = "select * from $DB.videos_db WHERE video_type='$type' ORDER BY video_date desc";
return mysql_query($query);
}
function getVideosByYearAndTypeAndTendu($year, $type, $tendu) {
$year = mysql_real_escape_string($year);
$type = mysql_real_escape_string($type);
$tendu = mysql_real_escape_string($tendu);
if ($year == 0)
$query = "select * from $DB.videos_db
WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)<='2000'
ORDER BY video_date desc";
else
$query = "select * from $DB.videos_db
WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)='$year'
ORDER BY video_date desc";
return mysql_query($query);
}
function getLastVideosByTendu($tendu) {
$tendu = mysql_real_escape_string($tendu);
$query = "select * from $DB.videos_db WHERE video_tendu<='$tendu' ORDER BY video_id desc";
return mysql_query($query);
}
##################################
########## SQL CONTACTS ########
##################################
function getAssoInfos() {
$query = "select * from $DB.asso_db";
return mysql_query($query);
}
function getOneLinkById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.links_db WHERE link_id='$id'";
return mysql_query($query);
}
function getAllLinks() {
$query = "select * from $DB.links_db";
return mysql_query($query);
}
###############################
########## SQL USERS ########
###############################
function getOneUserByLogin($login) {
$login = mysql_real_escape_string($login);
$query = "select * from $DB.users_db WHERE user_login='$login'";
return mysql_query($query);
}
function getOneUserByPseudo($pseudo) {
$pseudo = mysql_real_escape_string($pseudo);
$query = "select * from $DB.users_db WHERE user_pseudo='$pseudo'";
return mysql_query($query);
}
function getOneUserById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.users_db WHERE user_id='$id'";
return mysql_query($query);
}
function getAllUsers() {
$query = "select * from $DB.users_db WHERE user_right < 7 ORDER BY user_right desc";
return mysql_query($query);
}
function getUsersByStatut($statut) {
$statut = mysql_real_escape_string($statut);
$query = "SELECT * FROM $DB.users_db WHERE user_statut='$statut' ORDER BY user_right desc";
return mysql_query($query);
}
################################
########## SQL MEMBERS ########
################################
function getAllMembers() {
$query = "select * from $DB.users_db WHERE user_right >= 7";
return mysql_query($query);
}
function getAnExistingStatut($statut) {
$statut = mysql_real_escape_string($statut);
$query = "select * from $DB.users_db WHERE user_statut = '$statut'";
return mysql_query($query);
}
####################################
########## SQL Blacklist ########
####################################
function getOneBlacklistById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.blacklist_db WHERE blacklist_id='$id'";
return mysql_query($query);
}
function getOneBlacklistByLogin($login) {
$login = mysql_real_escape_string($login);
$query = "select * from $DB.blacklist_db WHERE blacklist_login='$login'";
return mysql_query($query);
}
function getAllBlacklist() {
$query = "select * from $DB.blacklist_db";
return mysql_query($query);
}
function getAllBlacksite() {
$query = "select * from $DB.blacksites_db";
return mysql_query($query);
}
function getOneBlacksiteById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.blacksites_db WHERE blacksite_id='$id'";
return mysql_query($query);
}
/* FIXME: Check strip under here */
#######################################################
#################### VIDEOS ######################
#######################################################
function adminAddVideo(){
$name = $_POST['video_get_name'];
$path = $_POST['video_get_path'];
$path_daily = $_POST['video_path_daily'];
$size = get_filesize($path);
$date = $_POST['video_get_date'];
$time = get_time();
$type = $_POST['video_type'];
$comment = $_POST['video_comment'];
$tendu = $_POST['video_tendu'];
$id_user = $_SESSION["user_id"];
$query = " INSERT INTO `videos_db` ";
$query .= "( `video_id`, `video_name`, `video_path`, `video_path_daily`, `video_size`, `video_date`,
`video_time`, `video_type`, `video_comment`, `video_tendu`, `video_img_path`, `video_user_id`) ";
$query .= "VALUES ( '', '$name', '$path' , '$path_daily', '$size', '$date',
'$time', '$type', '$comment', '$tendu', NULL, '$id_user') ";
mysql_query($query)
or die("Add Video Query failed");
$auto_news = $_POST['auto_www_news'];
if ($auto_news)
{
$title = 'Nouvelle Video: '.$name;
$query = " INSERT INTO `news_db` ";
$query .= "( `news_id`, `news_title`, `news_date`, `news_time`, `news_comment`, `news_user_id`, `news_tendu`)";
$query .= "VALUES ( '', '$title', '$date', '$time', '$comment', '$id_user', '$tendu') ";
mysql_query($query)
or die("Query fucked");
}
echo ' '; // automatique redirection
}
function adminModifVideo(){
$name = $_POST['video_get_upname'];
$path = $_POST['video_get_path'];
$path_daily = $_POST['video_path_daily'];
$size = get_filesize($path);
$date = $_POST['video_get_date'];
$type = $_POST['video_get_type'];
$comment = $_POST['video_get_comment'];
$tendu = $_POST['video_get_tendu'];
$vid_id = $_GET['vid_id'];
$query = " UPDATE `videos_db` ";
$query .= " SET `video_name` = '$name', `video_path` = '$path', `video_path_daily` = '$path_daily', `video_date` = '$date', `video_size` = '$size',
`video_time` = 'get_time()', `video_type` = '$type', `video_comment` = '$comment', `video_tendu` = '$tendu' ";
$query .= " WHERE `video_id` = '$vid_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminDeleteVideo(){
$name = $_POST['video_get_upname'];
$path = $_POST['file_serveur'];
$date = $_POST['video_get_date'];
$up_date = get_time();
$vid_id = $_GET['vid_id'];
$query = " DELETE FROM `videos_db` ";
$query .= " WHERE `video_id` = '$vid_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
#######################################################
#################### NEWS ######################
#######################################################
function adminAddNews(){
$title = $_POST['news_get_title'];
$date = $_POST['news_get_date'];
$time = get_time();
$comment = $_POST['news_get_comment'];
$id_user = $_SESSION["user_id"];
$tendu = $_POST['news_tendu'];
$query = " INSERT INTO `news_db` ";
$query .= "( `news_id`, `news_title`, `news_date`, `news_time`, `news_comment`, `news_user_id`, `news_tendu`)";
$query .= "VALUES ( '', '$title', '$date', '$time', '$comment', '$id_user', '$tendu') ";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminModifNews(){
$title = $_POST['news_get_uptitle'];
$date = $_POST['news_get_date'];
$time = get_time();
$comment = $_POST['news_get_comment'];
$news_id = $_GET['news_id'];
$query = " UPDATE `news_db` ";
$query .= " SET `news_title` = '$title', `news_date` = '$date', `news_time` = 'get_time()', `news_comment` = '$comment' ";
$query .= " WHERE `news_id` = '$news_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminDeleteNews(){
$news_id = $_GET['news_id'];
$query = " DELETE FROM `news_db` ";
$query .= " WHERE `news_id` = '$news_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
#######################################################
#################### EDITOS ######################
#######################################################
function adminAddEdito(){
$title = $_POST['edito_get_title'];
$date = $_POST['edito_get_date'];
$comment = $_POST['edito_get_comment'];
$id_user = $_SESSION["user_id"];
$query = " INSERT INTO `editos_db` ";
$query .= "( `edito_id`, `edito_title`, `edito_date`, `edito_comment`, `edito_id_user`)";
$query .= "VALUES ( '', '$title', '$date', '$comment', '$id_user') ";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminModifEdito(){
$title = $_POST['edito_get_uptitle'];
$date = $_POST['edito_get_update'];
$comment = $_POST['edito_get_upcomment'];
$edito_id = $_GET['edito_id'];
$query = " UPDATE `editos_db` ";
$query .= " SET `edito_title` = '$title', `edito_date` = '$date', `edito_comment` = '$comment' ";
$query .= " WHERE `edito_id` = '$edito_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminDelEdito(){
$edito_id = $_GET['edito_id'];
$query = " DELETE FROM `editos_db` ";
$query .= " WHERE `edito_id` = '$edito_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
#######################################################
#################### LINKS ######################
#######################################################
function adminAddLink(){
$link = $_POST['input_get_link'];
$comment = $_POST['input_get_comment'];
$query = " INSERT INTO `links_db` ";
$query .= "( `link_id`, `link_link`, `link_comment`)";
$query .= "VALUES ( '', '$link', '$comment') ";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminModifLink(){
$link = $_POST['input_get_link'];
$comment = $_POST['input_get_comment'];
$element_id = $_GET['element_id'];
$query = " UPDATE `links_db` ";
$query .= " SET `link_link` = '$link', `link_comment` = '$comment' ";
$query .= " WHERE `link_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminDelLink(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `links_db` ";
$query .= " WHERE `link_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
#######################################################
#################### MEMBERS ######################
#######################################################
function adminAddMember(){
$login = $_POST['member_get_login'];
$pseudo = $_POST['member_get_pseudo'];
$pass = $_POST['member_get_pass'];
$check_pass = $_POST['member_get_checkpass'];
$mail = $_POST['member_get_mail'];
$tel = $_POST['member_get_tel'];
$date = $_POST['member_get_date'];
$statut = $_POST['member_get_statut'];
$right = $_POST['member_get_right'];
$signature = $_POST['member_get_signature'];
$comment = $_POST['member_get_comment'];
$mailing = $_POST['auto_mailing_member'];
if (strcmp($pass,$check_pass) == 1 || $pass == "")
{
echo "Pass non valide mec... Soit c'évide, soit tu n'as pas mis deux fois le meme";
return;
}
else {
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
}
$query = " INSERT INTO `users_db` ";
$query .= "( `user_id`, `user_login`, `user_pseudo`, `user_pass`, `user_mail`,
`user_tel`, `user_date`, `user_statut`, `user_right`,`user_signature`, `user_comment`, `user_mailing`)";
$query .= "VALUES ( '', '$login', '$pseudo', '$pass', '$mail', '$tel', '$date' ,'$statut', '$right', '$signature', '$comment', '$mailing') ";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminModifMember(){
$element_id =$_GET['element_id'];
$result = getOneUserById($element_id);
if (mysql_num_rows($result)){
$user = mysql_fetch_array($result);
$login = $_POST['member_get_login'];
$pseudo = $_POST['member_get_pseudo'];
$pass = $_POST['member_get_pass'];
$check_pass = $_POST['member_get_verifpass'];
$mail = $_POST['member_get_mail'];
$tel = $_POST['member_get_tel'];
if ($_SESSION["user_right"] == $GLOBALS["ROOT"]) {
$date = $_POST['member_get_date'];
$statut = $_POST['member_get_statut'];
$right = $_POST['member_get_right'];
$comment = $_POST['member_get_comment'];
}
else {
$date = $user["user_date"];
$statut = $user["user_statut"];
$right = $user["user_right"];
$comment = $user["user_comment"];
}
$signature = $_POST['member_get_signature'];
if ($pass != $check_pass)
{
echo "Pass non valide mec... Soit c'est vide, soit tu n'as pas mis deux fois le meme";
return;
}
else {
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
}
$mailing = $_POST['auto_mailing_member'];
$element_id = $_GET['element_id'];
$query = " UPDATE `users_db` ";
if ($_POST['member_get_pass']){
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_pass` = '$pass', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut', `user_right` = '$right',
`user_signature` = '$signature', `user_comment` = '$comment', `user_mailing` = '$mailing' ";
}
else {
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut', `user_right` = '$right',
`user_signature` = '$signature', `user_comment` = '$comment', `user_mailing` = '$mailing' ";
}
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query fucked");
}
echo ' '; // automatique redirection
}
function adminDelMember(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `users_db` ";
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
#######################################################
#################### USERS ######################
#######################################################
function adminAddUser(){
$login = $_POST['user_get_login'];
$pseudo = $_POST['user_get_pseudo'];
$pass = $_POST['user_get_pass'];
$mail = $_POST['user_get_mail'];
$tel = $_POST['user_get_tel'];
$date = $_POST['user_get_date'];
$statut = 0;
$right = $_POST['user_get_right'];
$signature = $_POST['user_get_signature'];
$comment = $_POST['user_get_comment'];
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
$query = " INSERT INTO `users_db` ";
$query .= "( `user_id`, `user_login`, `user_pseudo`, `user_pass`, `user_mail`,
`user_tel`, `user_date`, `user_statut`, `user_right`,`user_signature`, `user_comment`, `user_mailing`)";
$query .= "VALUES ( '', '$login', '$pseudo', '$pass', '$mail', '$tel', '$date' ,'$statut', '$right', '$signature', '$comment', '') ";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminModifUser(){
$login = $_POST['user_get_login'];
$pseudo = $_POST['user_get_pseudo'];
$pass = $_POST['user_get_pass'];
$mail = $_POST['user_get_mail'];
$tel = $_POST['user_get_tel'];
$date = $_POST['user_get_date'];
$statut = 0;
$right = $_POST['user_get_right'];
$signature = $_POST['user_get_signature'];
$comment = $_POST['user_get_comment'];
$element_id = $_GET['element_id'];
if ($pass != $check_pass) {
echo "Pass non valide mec... Soit c'est vide, soit tu n'as pas mis deux fois le meme";
return;
}
else {
$pass = md5($pass);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
}
$query = " UPDATE `users_db` ";
if ($_POST['user_get_pass']){
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_pass` = '$pass', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut',
`user_right` = '$right', `user_signature` = '$signature', `user_comment` = '$comment' ";
}
else {
$query .= " SET `user_login` = '$login', `user_pseudo` = '$pseudo', `user_mail` = '$mail',
`user_tel` = '$tel', `user_date` = '$date', `user_statut` = '$statut',
`user_right` = '$right', `user_signature` = '$signature', `user_comment` = '$comment' ";
}
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminDelUser(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `users_db` ";
$query .= " WHERE `user_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
#######################################################
#################### BLACKLIST ######################
#######################################################
function adminAddBlacklist(){
$login = $_POST['blacklist_get_login'];
$pseudo = $_POST['blacklist_get_pseudo'];
$mail = $_POST['blacklist_get_mail'];
$date = $_POST['blacklist_get_date'];
$reason = $_POST['blacklist_get_reason'];
$query = " INSERT INTO `blacklist_db` ";
$query .= "( `blacklist_id`, `blacklist_login`, `blacklist_pseudo`, `blacklist_mail`,
`blacklist_date`, `blacklist_reason`, `blacklist_try`)";
$query .= "VALUES ( '', '$login', '$pseudo', '$mail', '$date', '$reason', '') ";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminModifBlacklist(){
$login = $_POST['blacklist_get_login'];
$pseudo = $_POST['blacklist_get_pseudo'];
$mail = $_POST['blacklist_get_mail'];
$date = $_POST['blacklist_get_date'];
$reason = $_POST['blacklist_get_reason'];
$element_id = $_GET['element_id'];
$query = " UPDATE `blacklist_db` ";
$query .= " SET `blacklist_login` = '$login', `blacklist_pseudo` = '$pseudo', `blacklist_mail` = '$mail',
`blacklist_date` = '$date', `blacklist_reason` = '$reason' ";
$query .= " WHERE `blacklist_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminDelBlacklist(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `blacklist_db` ";
$query .= " WHERE `blacklist_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminAddBlacksite(){
$adress = $_POST['blacksite_get_adress'];
$query = " INSERT INTO `blacksites_db` ";
$query .= "( `blacksite_id`, `blacksite_adress`)";
$query .= "VALUES ( '', '$adress') ";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminModifBlacksite(){
$adress = $_POST['blacksite_get_adress'];
$element_id = $_GET['element_id'];
$query = " UPDATE `blacksites_db` ";
$query .= " SET `blacksite_adress` = '$adress' ";
$query .= " WHERE `blacksite_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
function adminDelBlacksite(){
$element_id = $_GET['element_id'];
$query = " DELETE FROM `blacksites_db` ";
$query .= " WHERE `blacksite_id` = '$element_id' LIMIT 1";
mysql_query($query)
or die("Query failed");
echo ' '; // automatique redirection
}
?>