Codice PHP:
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "2,1";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "../index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?
require("config.php");
require("./lang/lang.admin." . LANGUAGE_CODE . ".php");
require("functions.php");
switch ($HTTP_GET_VARS['flag']) {
case "add" :
submitEventData();
break;
case "edit":
$id = (int) $HTTP_GET_VARS['id'];
$cd = (int) $HTTP_GET_VARS['cd'];
if (!empty($id))
submitEventData($id);
else
$lang['accesswarning'];
break;
case "delete":
$month = (int) $HTTP_GET_VARS['month'];
$year = (int) $HTTP_GET_VARS['year'];
$id = (int) $HTTP_GET_VARS['id'];
if (!(empty($id) && empty($month) && empty($year)))
deleteEvent($id, $month, $year);
else
$lang['accesswarning'];
break;
default:
$lang['accesswarning'];
}
// recupera valori impostati nel form e aggiorna evento o creane uno nuovo se non esistente
function submitEventData ($id="")
{
global $lang, $HTTP_POST_VARS;
$uid = $HTTP_POST_VARS['uid'];
$title = addslashes($HTTP_POST_VARS['title']);
$textemail = addslashes($HTTP_POST_VARS['textemail']);
$res = addslashes($HTTP_POST_VARS['res']);
$text = addslashes($HTTP_POST_VARS['text']);
$month = $HTTP_POST_VARS['month'];
$day = $HTTP_POST_VARS['day'];
$year = $HTTP_POST_VARS['year'];
$shour = $HTTP_POST_VARS['start_hour'];
$sminute = $HTTP_POST_VARS['start_min'];
$s_ampm = $HTTP_POST_VARS['start_am_pm'];
$ehour = $HTTP_POST_VARS['end_hour'];
$eminute = $HTTP_POST_VARS['end_min'];
$e_ampm = $HTTP_POST_VARS['end_am_pm'];
$priv = $HTTP_POST_VARS['priv'];
$iscriz = $HTTP_POST_VARS['iscriz'];
if ($shour == 0 && $sminute == 0 && $s_ampm == 0) {
$starttime = "55:55:55";
} else {
if ($s_ampm == 1 && $shour != 12) $shour = $shour + 12;
if ($s_ampm == 0 && $shour == 12) $shour = 0;
$starttime = "$shour:$sminute";
}
if ($ehour == 0 && $eminute == 0 && $e_ampm == 0) {
$endtime = "55:55:55";
} else {
if ($e_ampm == 1 && $ehour != 12) $ehour = $ehour + 12;
if ($e_ampm == 0 && $ehour == 12) $ehour = 0;
$endtime = "$ehour:$eminute:00";
}
if ($id) {
$sql = "UPDATE " . DB_TABLE_PREFIX . "mssgs SET uid='$uid', m='$month', d='$day', y='$year', ";
$sql .= "start_time='$starttime', end_time='$endtime', title='$title', textemail='$textemail', res='$res', text='$text', priv='$priv', iscriz='$iscriz'";
$sql .= "WHERE id=$id";
$result = $lang['updated'];
} else {
$sql = "INSERT INTO " . DB_TABLE_PREFIX . "mssgs SET uid='$uid', m='$month', d='$day', y='$year', ";
$sql .= "start_time='$starttime', end_time='$endtime', title='$title', textemail='$textemail', res='$res', text='$text', priv='$priv', iscriz='$iscriz'";
$result = $lang['added'];
}
mysql_connect(DB_HOST, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME) or die(mysql_error());
mysql_query($sql) or die(mysql_error());
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/popwin.css">
<script language="JavaScript">
opener.location = "index.php?chiave=asdfjlkae&month=<?= $month ?>&year=<?= $year ?>";
window.setTimeout('window.close()', 1000);
</script>
</head>
<body>
<div align=\"center\" class=\"display_txt\"><?= stripslashes($title) ?> <?= $result ?></div>
</body>
</html>
<?php
// se cd maggiore di 1 allora mando email a tutti quanti con nuovo evento creato
if($_GET['cd'] && $_GET['cd'] > 0) {
require("../class.phpmailer.php");
// recupero ultimo evento creato
$server = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME) or die(mysql_error());
$query_maxeventi = "SELECT id FROM calendar_mssgs WHERE title = '$title' ORDER BY id DESC LIMIT 0,1";
$maxeventi = mysql_query($query_maxeventi, $server) or die(mysql_error());
$row_maxeventi = mysql_fetch_assoc($maxeventi);
$totalRows_maxeventi = mysql_num_rows($maxeventi);
mysql_select_db($database_server, $server);
//seleziono destinatari tra coloro che hanno deciso di ricevere le email
$query_presente = "SELECT uid, email FROM calendar_users WHERE invitoeventi = 1";
$presente = mysql_query($query_presente, $server) or die(mysql_error());
$totalRows_presente = mysql_num_rows($presente);
while ($row_presente = mysql_fetch_assoc($presente)) {
$destinatario = $row_presente['email'];
$mail = new PHPMailer();
$mail->SetLanguage("it","./");
$mail->IsSendmail(); // send via SMTP
$mail->Host = "mail.xxxxxxxxxx.it"; // SMTP servers
$mail->SMTPAuth = true; // turn on SMTP authentication
$mail->Username = "segreteria@xxxxxxxxxx.it"; // SMTP username
$mail->Password = "xxxxx"; // SMTP password
$mail->From = "segreteria@xxxxxxxxxx.it";
$mail->FromName = "Xxxxx Xxxxx CAI Xxxxx ";
$mail->AddReplyTo("xxxxxsv@googlegroups.com", "Mailing List Xxxxx Xxxxx CAI Xxxxx"); // indicates ReplyTo headers
$mail->AddAddress($destinatario);
$mail->WordWrap = 100; // set word wrap
$mail->IsHTML(false); // send as HTML
$mail->Subject = $title." per il giorno $day/$month/$year alle ore $starttime";
$colname_Recordset1 = "-1";
if (isset($destinatario)) {
$colname_Recordset1 = $destinatario;
}
$query_Recordset1 = sprintf("SELECT uid, username, fname, lname, hash FROM calendar_users WHERE username = %s", GetSQLValueString($colname_Recordset1, "text"));
$Recordset1 = mysql_query($query_Recordset1, $server) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
$mail->Body = "Sei stato invitato dal Xxxxx Xxxxx CAI Xxxxx a questo evento: ".$title." per il giorno "."$day/$month/$year"."<br><br>".
$mail->AltBody = "$textemail<br><br>"."COMUNICA AGLI ALTRI SOCI la tua presenza cliccando <a
href=\"http://www.xxxxxxxxxx.it/areasoci/presente.php?id=".$row_Recordset1['hash']."&evento=".$row_maxeventi['id']."&presenza=1\"> QUI </a>"."altrimenti clicca su <a href=\"http://www.xxxxxxxxxx.it/areasoci/presente.php?id=".$row_Recordset1['hash']."&evento=".$row_maxeventi['id']."&presenza=0\"> purtroppo/forse NON ci sarò </a>";
$mail->Send();
}
}
?>
<?
}
function deleteEvent($id, $m, $y)
{
mysql_connect(DB_HOST, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME) or die(mysql_error());
$sql = "DELETE FROM " . DB_TABLE_PREFIX . "mssgs WHERE id = $id";
$result = mysql_query($sql) or die(mysql_error());
header("Location: index.php?month=$m&year=$y&chiave=asdfjlkae");
}
?>
Rispondi quotando
Originariamente inviata da Alhazred
