Файловый менеджер

Файловый менеджер - Редактировать - /home/umudio/public_html/OLD/forall.php

Назад
<?php function getst($theValue) { //unset($temp); $theValue = trim($theValue); $theValue = stripslashes($theValue); //if($theValue!=""){ //if(preg_match('/^[a-zA-Z0-9^$.+\[\]{,}]/u',$theValue)) $temp=$theValue; //if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} //} //$theValue=$temp; //$new_string=urlencode ($theValue); //$new_string=ereg_replace("%0D", "<br>", $new_string); //$new_string=ereg_replace("%22", """, $new_string); //$new_string=ereg_replace("%27", "&#39", $new_string); //$new_string=ereg_replace("%5C", "", $new_string); //$theValue=urldecode ($new_string); return $theValue; } function getva($theValue) { unset($temp); $theValue = trim($theValue); if($theValue!=""){ if(preg_match('/^[0-9]/u',$theValue)){ settype($theValue, 'int'); $temp=(int)$theValue; } if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} } $theValue=$temp; $new_string=urlencode ($theValue); $new_string=ereg_replace("%0D", "<br>", $new_string); $new_string=ereg_replace("%22", """, $new_string); $new_string=ereg_replace("%27", "&#39", $new_string); $theValue=urldecode ($new_string); return $theValue; } function generateCode($characters) { / list all possible characters, similar looking characters and vowels have been removed */ $possible = '23456789bcdfghjkmnpqrstvwxyzBCDFGHJKMNPQRSTVWXYZ'; $code = ''; $i = 0; while ($i < $characters) { $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1); $i++; } return $code; } if(isset($_POST['editcontent'])){ $reminders=getst($_POST['getlength']); $sql=sprintf("update dcontent set reminders='%s' where sn=1", mysql_real_escape_string($reminders)); if (mysql_query($sql)){ $bb="<p>Reminder Successfully Edited</p>"; } else { $bb="<p>Unable to edit your reminder: " . mysql_error() . "</p>"; } } if(isset($_POST['editthecontent'])){ $sn=getst($_POST['sn']); $contenter=getst($_POST['contenter']); $sql=sprintf("update thecontent set contenter='%s' where sn = %s", mysql_real_escape_string($contenter), mysql_real_escape_string($sn)); if (mysql_query($sql)){ $bb="<p>Content Successfully Edited</p>"; } else { $bb="<p>Unable to edit your content: " . mysql_error() . "</p>"; } } if(isset($_POST['addnews'])){ $titler=getst($_POST['titler']); $contenter=getst($_POST['contenter']); $dater=getst($_POST['dater']); $archived="No"; $sql=sprintf("insert into news (titler, contenter, dater, archived) VALUES ('%s', '%s', '$dater', '$archived')", mysql_real_escape_string($titler), mysql_real_escape_string($contenter)); if (mysql_query($sql)){ $bb="<p>News Successfully added</p>"; } else { $bb="<p>Unable to add your news: " . mysql_error() . "</p>"; } } if(isset($_POST['editnews'])){ $titler=getst($_POST['titler']); $contenter=getst($_POST['contenter']); $dater=getst($_POST['dater']); $id=getva($_POST['sn']); $sql=sprintf("update news set titler='%s', dater='%s', contenter='%s' where sn = %s", mysql_real_escape_string($titler), mysql_real_escape_string($dater), mysql_real_escape_string($contenter), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>News Successfully Edited</p>"; } else { $bb="<p>Unable to edit your news: " . mysql_error() . "</p>"; } } if(isset($_POST['addphotocategory'])){ $titler=getst($_POST['titler']); $archived="No"; $sql=sprintf("insert into photocategory (titler, archived) VALUES ('%s', '$archived')", mysql_real_escape_string($titler)); if (mysql_query($sql)){ $bb="<p>Photo Category Successfully added</p>"; } else { $bb="<p>Unable to add your photo category: " . mysql_error() . "</p>"; } } if(isset($_POST['editphotocategory'])){ $titler=getst($_POST['titler']); $id=getva($_POST['sn']); $sql=sprintf("update photocategory set titler='%s' where sn = %s", mysql_real_escape_string($titler), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Photo Category Successfully Edited</p>"; } else { $bb="<p>Unable to edit your photo category: " . mysql_error() . "</p>"; } } if(isset($_POST['addfaq'])){ $titler=getst($_POST['titler']); $contenter=getst($_POST['contenter']); $dater=date('Y-m-d'); $archived="No"; if($photo==""){ $sql=sprintf("insert into faq (titler, contenter, dater, archived) VALUES ('%s', '%s', '$dater', '$archived')", mysql_real_escape_string($titler), mysql_real_escape_string($contenter)); } else { $sql=sprintf("insert into faq (titler, contenter, dater, archived, photo) VALUES ('%s', '%s', '$dater', '$archived', '$photo')", mysql_real_escape_string($titler), mysql_real_escape_string($contenter)); } if (mysql_query($sql)){ $bb="<p>FAQ Successfully added</p>"; } else { $bb="<p>Unable to add your faq: " . mysql_error() . "</p>"; } } if(isset($_POST['editfaq'])){ $titler=getst($_POST['titler']); $contenter=getst($_POST['contenter']); $id=getva($_POST['sn']); if($photo==""){ $sql=sprintf("update faq set titler='%s', contenter='%s' where sn = %s", mysql_real_escape_string($titler), mysql_real_escape_string($contenter), mysql_real_escape_string($id)); } else { $sql=sprintf("update faq set titler='%s', contenter='%s', photo='$photo' where sn = %s", mysql_real_escape_string($titler), mysql_real_escape_string($contenter), mysql_real_escape_string($id)); } if (mysql_query($sql)){ $bb="<p>FAQ Successfully Edited</p>"; } else { $bb="<p>Unable to edit your faq: " . mysql_error() . "</p>"; } } if(isset($_POST['addcal'])){ $activity=getst($_POST['activity']); $fromdate=getst($_POST['fromdate']); $todate=getst($_POST['todate']); $details=getst($_POST['details']); $archived="No"; if($_POST['todate']!=''){ $sql=sprintf("insert into calend (activity, fromdate, todate, details, archived) VALUES ('%s', '%s', '%s', '%s', '$archived')", mysql_real_escape_string($activity), mysql_real_escape_string($fromdate), mysql_real_escape_string($todate), mysql_real_escape_string($details)); } else { $sql=sprintf("insert into calend (activity, fromdate, details, archived) VALUES ('%s', '%s', '%s', '$archived')", mysql_real_escape_string($activity), mysql_real_escape_string($fromdate), mysql_real_escape_string($details)); } if (mysql_query($sql)){ $bb="<p>Activity Successfully added</p>"; } else { $bb="<p>Unable to add your activity: " . mysql_error() . "</p>"; } } if(isset($_POST['editcal'])){ $activity=getst($_POST['activity']); $fromdate=getst($_POST['fromdate']); $todate=getst($_POST['todate']); $details=getst($_POST['details']); $id=getva($_POST['sn']); if($_POST['todate']!=''){ $sql=sprintf("update calend set activity='%s', fromdate='%s', todate='%s', details='%s' where sn = %s", mysql_real_escape_string($activity), mysql_real_escape_string($fromdate), mysql_real_escape_string($todate), mysql_real_escape_string($details), mysql_real_escape_string($id)); } else { $sql=sprintf("update calend set activity='%s', fromdate='%s', todate=NULL, details='%s' where sn = %s", mysql_real_escape_string($activity), mysql_real_escape_string($fromdate), mysql_real_escape_string($details), mysql_real_escape_string($id)); } if (mysql_query($sql)){ $bb="<p>Calendar Successfully Edited</p>"; } else { $bb="<p>Unable to edit your calendar: " . mysql_error() . "</p>"; } } if(isset($_POST['addarticle'])){ $titler=getst($_POST['titler']); $who=getst($_POST['who']); $contenter=getst($_POST['contenter']); $dater=date('Y-m-d'); $archived="No"; $sql=sprintf("insert into articles (titler, contenter, dater, archived, who) VALUES ('%s', '%s', '%s', '%s', '%s')", mysql_real_escape_string($titler), mysql_real_escape_string($contenter), mysql_real_escape_string($dater), mysql_real_escape_string($archived), mysql_real_escape_string($who)); if (mysql_query($sql)){ $bb="<p>Article Successfully added</p>"; } else { $bb="<p>Unable to add your article: " . mysql_error() . "</p>"; } } if(isset($_POST['editarticle'])){ $titler=getst($_POST['titler']); $who=getst($_POST['who']); $contenter=getst($_POST['contenter']); $id=getva($_POST['sn']); $sql=sprintf("update articles set titler='%s', contenter='%s', who='%s' where sn = %s", mysql_real_escape_string($titler), mysql_real_escape_string($contenter), mysql_real_escape_string($who), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Article Successfully Edited</p>"; } else { $bb="<p>Unable to edit your article: " . mysql_error() . "</p>"; } } if(isset($_POST['updatebishop'])){ unset($temp); if(isset($_POST['updatebishop'])){ $_POST['updatebishop']=trim($_POST['updatebishop']); if($_POST['updatebishop']=="Update Profile Now...") $temp=$_POST['updatebishop']; } if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} $nam=getst($_POST['nam']); $dob=getst($_POST['dob']); $dia=getst($_POST['dia']); $pri=getst($_POST['pri']); $epi=getst($_POST['epi']); $res=getst($_POST['res']); $ema=getst($_POST['ema']); $mot=getst($_POST['mot']); $pho=getst($_POST['pho']); $detail=getst($_POST['detail']); if($photo==""){ $sql=sprintf("update bishop set namer = '%s',dob = '%s',diaconate = '%s',priestly = '%s', episcopal = '%s', email = '%s', phone = '%s', residence = '%s', detail = '%s', motto = '%s' where sn = 1", mysql_real_escape_string($nam), mysql_real_escape_string($dob), mysql_real_escape_string($dia), mysql_real_escape_string($pri), mysql_real_escape_string($epi), mysql_real_escape_string($ema), mysql_real_escape_string($pho), mysql_real_escape_string($res), mysql_real_escape_string($detail), mysql_real_escape_string($mot)); } else { $sql=sprintf("update bishop set namer = '%s',dob = '%s',diaconate = '%s',priestly = '%s', episcopal = '%s', email = '%s', phone = '%s', residence = '%s', detail = '%s', motto = '%s', photo = '%s' where sn = 1", mysql_real_escape_string($nam), mysql_real_escape_string($dob), mysql_real_escape_string($dia), mysql_real_escape_string($pri), mysql_real_escape_string($epi), mysql_real_escape_string($ema), mysql_real_escape_string($pho), mysql_real_escape_string($res), mysql_real_escape_string($detail), mysql_real_escape_string($mot), mysql_real_escape_string($photo)); } if (mysql_query($sql)){ $bb=$bb . "<p>Bishop Profile Edited! Update affected " . mysql_affected_rows() . " row(s).</p>"; } else { $bb=$bb . "<p>Error performing update: " . mysql_error() . "</p>"; } } if(isset($_POST['updatecoat'])){ unset($temp); if(isset($_POST['updatecoat'])){ $_POST['updatecoat']=trim($_POST['updatecoat']); if($_POST['updatecoat']=="Update Profile Now...") $temp=$_POST['updatecoat']; } if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} $contenter=getst($_POST['contenter']); if($photo==""){ $sql=sprintf("update bishop set contenter = '%s' where sn = 2", mysql_real_escape_string($contenter)); } else { $sql=sprintf("update bishop set contenter = '%s',photo = '%s' where sn = 2", mysql_real_escape_string($contenter), mysql_real_escape_string($photo)); } if (mysql_query($sql)){ $bb=$bb . "<p>Coat of Arms Edited! Update affected " . mysql_affected_rows() . " row(s).</p>"; } else { $bb=$bb . "<p>Error performing update: " . mysql_error() . "</p>"; } } if(isset($_POST['addmsg'])){ $titler=getst($_POST['titler']); $contenter=getst($_POST['contenter']); $dater=date('Y-m-d'); $sql=sprintf("insert into msg (titler, contenter, dater) VALUES ('%s', '%s', '$dater')", mysql_real_escape_string($titler), mysql_real_escape_string($contenter)); if (mysql_query($sql)){ $bb="<p>Bishop's Message Successfully added</p>"; } else { $bb="<p>Unable to add Bishop's Message: " . mysql_error() . "</p>"; } } if(isset($_POST['editmsg'])){ $titler=getst($_POST['titler']); $contenter=getst($_POST['contenter']); $id=getva($_POST['sn']); $sql=sprintf("update msg set titler='%s', contenter='%s' where sn = %s", mysql_real_escape_string($titler), mysql_real_escape_string($contenter), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Bishop's Message Successfully Edited</p>"; } else { $bb="<p>Unable to edit bishop's message: " . mysql_error() . "</p>"; } } if(isset($_POST['adddeanary'])){ $titler=getst($_POST['titler']); $dean=getst($_POST['dean']); $contenter=getst($_POST['contenter']); $archived="No"; $sql=sprintf("insert into deanaries (titler, contenter, archived, dean) VALUES ('%s', '%s', '%s', '%s')", mysql_real_escape_string($titler), mysql_real_escape_string($contenter), mysql_real_escape_string($archived), mysql_real_escape_string($dean)); if (mysql_query($sql)){ $bb="<p>Deanary Successfully added</p>"; } else { $bb="<p>Unable to add deanary: " . mysql_error() . "</p>"; } } if(isset($_POST['editdeanary'])){ $titler=getst($_POST['titler']); $dean=getst($_POST['dean']); $contenter=getst($_POST['contenter']); $id=getva($_POST['sn']); $sql=sprintf("update deanaries set titler='%s', contenter='%s', dean='%s' where sn = %s", mysql_real_escape_string($titler), mysql_real_escape_string($contenter), mysql_real_escape_string($dean), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Deanary Successfully Edited</p>"; } else { $bb="<p>Unable to edit deanary: " . mysql_error() . "</p>"; } } if(isset($_POST['addparish'])){ for($k=1; $k<=10; $k++){ $dnamer='namer' . $k; $daddress='address' . $k; $dstatus='status' . $k; $ddetails='details' . $k; $ddeanary='deanary' . $k; $dtown='town' . $k; if($_POST[$dnamer]!=''){ $address=getst($_POST[$daddress]); $status=getst($_POST[$dstatus]); $details=getst($_POST[$ddetails]); $deanary=getst($_POST[$ddeanary]); $town=getst($_POST[$dtown]); $namer=getst($_POST[$dnamer]); $sql=sprintf("insert into parishes (namer, address, status, details, town, deanary) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($address), mysql_real_escape_string($status), mysql_real_escape_string($details), mysql_real_escape_string($town), mysql_real_escape_string($deanary)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editparish'])){ $address=getst($_POST['address']); $status=getst($_POST['status']); $details=getst($_POST['details']); $deanary=getst($_POST['deanary']); $namer=getst($_POST['namer']); $town=getst($_POST['town']); $id=getva($_POST['sn']); $sql=sprintf("update parishes set namer='%s', address='%s', status='%s', details='%s', deanary='%s', town='%s' where sn = %s", mysql_real_escape_string($namer), mysql_real_escape_string($address), mysql_real_escape_string($status), mysql_real_escape_string($details), mysql_real_escape_string($deanary), mysql_real_escape_string($town), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addpriest'])){ $archived="No"; $status=getst($_POST['status']); $community=getst($_POST['community']); for($k=1;$k<=10;$k++){ $dnamer='namer'.$k; $dordination='ordination'.$k; $ddob='dob'.$k; $demail='email'.$k; $dphone='phone'.$k; $dcategory='category'.$k; $dspecialassign='specialassign'.$k; $dstudyleave='studyleave'.$k; $ddiocese='diocese'.$k; $dtitler='titler'.$k; if($_POST[$dnamer]!=''){ $namer=getst($_POST[$dnamer]); $ordination=getst($_POST[$dordination]); $dob=getst($_POST[$ddob]); $email=getst($_POST[$demail]); $phone=getst($_POST[$dphone]); $specialassign=getst($_POST[$dspecialassign]); $studyleave=getst($_POST[$dstudyleave]); $diocese=getst($_POST[$ddiocese]); $titler=getst($_POST[$dtitler]); $category=getst($_POST[$dcategory]); $snamer=$_POST[$dnamer]; $username=str_replace(" ",".",$snamer); $username=str_replace("'","",$username); $passwrd=generateCode(6); $sql=sprintf("insert into priests (namer, ordination, dob, email, phone, archived, status, specialassign, category, studyleave, diocese, community, username, titler, passwrd) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($ordination), mysql_real_escape_string($dob), mysql_real_escape_string($email), mysql_real_escape_string($phone), mysql_real_escape_string($archived), mysql_real_escape_string($status), mysql_real_escape_string($specialassign), mysql_real_escape_string($category), mysql_real_escape_string($studyleave), mysql_real_escape_string($diocese), mysql_real_escape_string($community), mysql_real_escape_string($username), mysql_real_escape_string($titler), mysql_real_escape_string($passwrd)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editpriest'])){ $namer=getst($_POST['namer']); $ordination=getst($_POST['ordination']); $dob=getst($_POST['dob']); $email=getst($_POST['email']); $phone=getst($_POST['phone']); $category=getst($_POST['category']); $specialassign=getst($_POST['specialassign']); $studyleave=getst($_POST['studyleave']); $diocese=getst($_POST['diocese']); $community=getst($_POST['community']); $titler=getst($_POST['titler']); $added=''; //if($specialassign!=''){ $added=$added . ", specialassign='$specialassign'"; //} //if($studyleave!=''){ $added=$added . ", studyleave='$studyleave'"; //} //if($diocese!=''){ $added=$added . ", diocese='$diocese'"; //} //if($community!=''){ $added=$added . ", community='$community'"; //} //if($titler!=''){ $added=$added . ", titler='$titler'"; //} //if($category!=''){ $added=$added . ", category='$category'"; //} $id=getva($_POST['sn']); $sql=sprintf("update priests set namer='%s', ordination='%s', dob='%s', email='%s', phone='%s' $added where sn = %s", mysql_real_escape_string($namer), mysql_real_escape_string($ordination), mysql_real_escape_string($dob), mysql_real_escape_string($email), mysql_real_escape_string($phone), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addinstitution'])){ for($k=1;$k<=10;$k++){ $dnameadd='nameadd'.$k; $ddetails='details'.$k; $dstatus='status'.$k; if($_POST[$dnameadd]!=''){ $nameadd=getst($_POST[$dnameadd]); $details=getst($_POST[$ddetails]); $status=getst($_POST[$dstatus]); $sql=sprintf("insert into institutions (nameadd, details, status) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($nameadd), mysql_real_escape_string($details), mysql_real_escape_string($status)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editinstitution'])){ $nameadd=getst($_POST['nameadd']); $details=getst($_POST['details']); $status=getst($_POST['status']); $id=getva($_POST['sn']); $sql=sprintf("update institutions set nameadd='%s', details='%s', status='%s' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($details), mysql_real_escape_string($status), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addreligiouscon'])){ for($k=1;$k<=10;$k++){ $dnameadd='nameadd'.$k; $dmembers='members'.$k; $dstatus='status'.$k; if($_POST[$dnameadd]!=''){ $status=getst($_POST[$dstatus]); $nameadd=getst($_POST[$dnameadd]); $members=getst($_POST[$dmembers]); $sql=sprintf("insert into religiouscon (namer, suffix, status) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($status)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editreligiouscon'])){ $status=getst($_POST['status']); $nameadd=getst($_POST['nameadd']); $members=getst($_POST['members']); $id=getva($_POST['sn']); $sql=sprintf("update religiouscon set namer='%s', suffix='%s', status='%s' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($status), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addreligious'])){ for($k=1;$k<=10;$k++){ $dnameadd='nameadd'.$k; $dmembers='members'.$k; $dstatus='status'.$k; if($_POST[$dnameadd]!=''){ $status=getst($_POST[$dstatus]); $nameadd=getst($_POST[$dnameadd]); $members=getst($_POST[$dmembers]); $sql=sprintf("insert into religious (nameadd, members, status) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($status)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editreligious'])){ $nameadd=getst($_POST['nameadd']); $members=getst($_POST['members']); $id=getva($_POST['sn']); $sql=sprintf("update religious set nameadd='%s', members='%s' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addsociety'])){ if($_POST['namer1']!=''){ $namer=getst($_POST['namer1']); $details=getst($_POST['details1']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 1, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 1: " . mysql_error() . "</p>"; } } if($_POST['namer2']!=''){ $namer=getst($_POST['namer2']); $details=getst($_POST['details2']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 2, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 2: " . mysql_error() . "</p>"; } } if($_POST['namer3']!=''){ $namer=getst($_POST['namer3']); $details=getst($_POST['details3']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 3, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 3: " . mysql_error() . "</p>"; } } if($_POST['namer4']!=''){ $namer=getst($_POST['namer4']); $details=getst($_POST['details4']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 4, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 4: " . mysql_error() . "</p>"; } } if($_POST['namer5']!=''){ $namer=getst($_POST['namer5']); $details=getst($_POST['details5']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 5, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 5: " . mysql_error() . "</p>"; } } if($_POST['namer6']!=''){ $namer=getst($_POST['namer6']); $details=getst($_POST['details6']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 6, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 6: " . mysql_error() . "</p>"; } } if($_POST['namer7']!=''){ $namer=getst($_POST['namer7']); $details=getst($_POST['details7']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 7, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 7: " . mysql_error() . "</p>"; } } if($_POST['namer8']!=''){ $namer=getst($_POST['namer8']); $details=getst($_POST['details8']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 8, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 8: " . mysql_error() . "</p>"; } } if($_POST['namer9']!=''){ $namer=getst($_POST['namer9']); $details=getst($_POST['details9']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 9, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 9: " . mysql_error() . "</p>"; } } if($_POST['namer10']!=''){ $namer=getst($_POST['namer10']); $details=getst($_POST['details10']); $sql=sprintf("insert into societies (namer, details) VALUES ('%s', '%s')", mysql_real_escape_string($namer), mysql_real_escape_string($details)); if (mysql_query($sql)){ $bb=$bb . "<p>Record 10, Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record 10: " . mysql_error() . "</p>"; } } } if(isset($_POST['editsociety'])){ $namer=getst($_POST['namer']); $details=getst($_POST['details']); $id=getva($_POST['sn']); $sql=sprintf("update societies set namer='%s',details='%s' where sn = %s", mysql_real_escape_string($namer), mysql_real_escape_string($details), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addmember'])){ $username=getst($_POST['username']); $passwrd=getst($_POST['passwrd']); $namer=getst($_POST['namer']); $archived='No'; $sql=sprintf("insert into members (username, passwrd, namer, archived) VALUES ('%s', '%s', '%s', '$archived')", mysql_real_escape_string($username), mysql_real_escape_string($passwrd), mysql_real_escape_string($namer)); if (mysql_query($sql)){ $bb="<p>Preacher Successfully added</p>"; } else { $bb="<p>Unable to add preacher: " . mysql_error() . "</p>"; } } if(isset($_POST['editmember'])){ $namer=getst($_POST['namer']); $id=getva($_POST['sn']); $sql=sprintf("update members set namer='%s' where sn = %s", mysql_real_escape_string($namer), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Preacher Successfully Edited</p>"; } else { $bb="<p>Unable to edit preacher: " . mysql_error() . "</p>"; } } if(isset($_POST['addmember2'])){ $username=getst($_POST['username']); $passwrd=getst($_POST['passwrd']); $namer=getst($_POST['namer']); $category=getst($_POST['category']); $archived='No'; $sql=sprintf("insert into members2 (username, passwrd, namer, category, archived) VALUES ('%s', '%s', '%s', '%s', '$archived')", mysql_real_escape_string($username), mysql_real_escape_string($passwrd), mysql_real_escape_string($namer), mysql_real_escape_string($category)); if (mysql_query($sql)){ $bb="<p>Contributor Successfully added</p>"; } else { $bb="<p>Unable to add contributor: " . mysql_error() . "</p>"; } } if(isset($_POST['editmember2'])){ $namer=getst($_POST['namer']); $category=getst($_POST['category']); $id=getva($_POST['sn']); $sql=sprintf("update members2 set namer='%s', category='%s' where sn = %s", mysql_real_escape_string($namer), mysql_real_escape_string($category), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Contributor Successfully Edited</p>"; } else { $bb="<p>Unable to edit contributor: " . mysql_error() . "</p>"; } } if(isset($_POST['replyfeedback'])){ $response=getst($_POST['response']); $id=getva($_POST['sn']); $archived="Yes"; $headers = 'From: info@umuahiadiocese.org' . "\r\n" . 'Reply-To: info@umuahiadiocese.org' . "\r\nContent-type: text/html; charset=us-ascii" . 'X-Mailer: PHP/' . phpversion(); $subject='Response from the Catholic Diocese of Umuahia'; $message=$response; $email=$_POST['email']; if ( mail($email,$subject,$message,$headers) ) { $bb = $bb . "The email to " . $email . " has been sent!<br>"; $sql=sprintf("update feedbacks set response='%s', archived='%s' where sn = %s", mysql_real_escape_string($response), mysql_real_escape_string($archived), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="Feedback Successfully Replied<br>"; } else { $bb="Unable to reply the feedback: " . mysql_error() . "<br>"; } } else { $bb = $bb . "The email to " . $email . " failed, it was not sent!<br>Unable to reply the Feedback; You could try again.<br>"; } } if(isset($_POST['addstaff'])){ $contenter=getst($_POST['contenter']); $namer=getst($_POST['namer']); $position=getst($_POST['position']); $category=getst($_POST['category']); if($photo1==""){$photo1='pic/placeholder.png';} if($photo==""){ $sql="insert into staff (namer, position, contenter, photo, category,coat) values ('$namer', '$position', '$contenter', 'pic/f1.jpg', '$category', '$photo1')"; } else { $sql="insert into staff (namer, position, contenter, photo, category,coat) values ('$namer', '$position', '$contenter', '$photo', '$category', '$photo1')"; } if (mysql_query($sql)){ $bb="<p>Member Successfully Added</p>"; } else { $bb="<p>Unable to add your content: " . mysql_error() . "</p>"; } } if(isset($_POST['editstaff'])){ $sn=getva($_POST['sn']); $contenter=getst($_POST['contenter']); $namer=getst($_POST['namer']); $position=getst($_POST['position']); if($photo1==""){$photo1='pic/placeholder.png';} if($photo==""){ if($photo1==""){ $sql="update staff set contenter='$contenter', namer='$namer', position='$position' where sn='$sn'"; } else { $sql="update staff set contenter='$contenter', namer='$namer', position='$position', coat='$photo1' where sn='$sn'"; } } else { if($photo1==""){ $sql="update staff set contenter='$contenter', namer='$namer', position='$position', photo='$photo' where sn='$sn'"; } else { $sql="update staff set contenter='$contenter', namer='$namer', position='$position', photo='$photo', coat='$photo1' where sn='$sn'"; } } if (mysql_query($sql)){ $bb="<p>Member Successfully Edited</p>"; } else { $bb="<p>Unable to edit your content: " . mysql_error() . "</p>"; } } ?>

| ver. 1.4 | Github | . | PHP 5.6.40 | Генерация страницы: 0 | proxy | phpinfo | Настройка